I'm not finding much information about this. Which driver version is this occurring with? ... View more

Hi binghamc,   Can you enable debug logging (page 22 of this doc, select level 5) for more insight into the error?  ... View more

Glad to help, @parnigot! ... View more

Hi Ashish,   Is the Java client in the VM or just on the same host? If the same krb5.conf file as that in the VM exists and connection the the KDC server resolves properly, you should be able to kinit from another host. ... View more

Hi stumilus,   Not sure if this is answering the question but just some observations: That export looks to be using the API to retrieve the information. The information displayed for each application should match what is shown in the Resource Manager Web UI. ... View more

Hi Kranach,   Impala has a configuration for limiting what queries a non-admin user is able to see. Impala > Configuration > Non-Admin Users Query List Visibility Settings.   Similarly, YARN configurations contain Non-Admin Users Applications List Visibility Settings.   Does this help? ... View more

Hi mtrepanier,   Keystores can be created with keytool. I believe you only need to have the server certificate in the keystore specified in the connection string. The CA file should already be in the truststore. ... View more

Hi dwill,   A keytab file can usually be generated with ktutil. ... View more

Interesting - what information do we receive when logging is enabled?   What is set in HDFS > Hadoop User Group Mapping? ... View more

I don't believe we've done much testing with CDH and Composite Group Mappings but from what I understand, you'd specify the configurations for each LDAP (AD) provider individually - in the example provided in the previous link, we can see how each LDAP URL is provided; if other LDAP configurations differ such as bind user, bind password, filters, etc. those can be entered as additional properties.   All of this would go in the cluster wide core-site.xml safety valve (in HDFS configurations).   Again, haven't tested it but there are some who use it. A more robust approach would be to use tools like Centrify, VAS, SSSD, etc. to handle the AD/Linux integration. ... View more

Absolutely! You could also mark the solution for anyone else that comes across this issue in the future.   Cheers ... View more

I see. Have you already tried #1 without specifying the UID field? ... View more

Sure, glad to help.     Does hive-contrib.jar exist at /opt/cloudera/parcels/CDH/lib/hive/lib/hive-contrib.jar? You can navigate to this directory to verify.   Was the ADD JAR command run with Beeline?   What's the full error output?     ... View more

Hi Alex,   I don't believe CompositeGroupsMapping is not an exposed configuration in Cloudera Manager. Are you referring to this? ... View more

Hi Sunil,   Was the same connection string in #1 also used prior to upgrading CDH? Let's enable logging level 5 for more detailed information. See page 22 of this doc.  ... View more

Hi clouderaMgr,   There seems to be a trust issue with the certificate. Which error log are those messages coming from?  How was TLS enabled? Was this document used?     ... View more

Hi jbatspv,   Which code/script is running? Does hive-contrib.jar exist under /lib/hive/lib? ... View more

Hi jbatspv,     Have all instances of HiveServer2 been restarted already? ... View more

Hi Tom,   Once you've completed the collection of diagnostic data, there should be an option to Download Result Data at the top of the Command window. You can then select where you want to save the ZIP file.   The button will look something like this:      Cheers ... View more

@saranvisa Are you having the same issue? Or are you working with the OP? Just trying to understand..   Using the hive user should work properly. If you want to use a different user (eg. hdpsysuser), core-site.xml will need entries like the following: <property> <name>hadoop. hdpsysuser .server.hosts</name> <value>*</value> </property> <property> <name>hadoop. hdpsysuser .server.groups</name> <value>*</value> </property>   Was there a particular reason impersonation is needed? Typically, Sentry is recommended for enforcing access policies.   ... View more

Hi fcausa,   I assume that <paht> is just a placeholder and not the literal text in the line setting java.security.auth.login.config. The credential cache will be checked first (jaas.conf has useTicketCache=true) so we'll need to make sure a valid ticket is available first. That is probably why running kinit first works. Also, is the REALM specified for the principal in jaas.conf the same as the default realm specified in krb5.conf (assuming your example of kinit working was with just the base username)?   However, for more details on the error, you can also enable debugging messages by adding LogLevel=3;LogPath=<file_path> to the connection string. ... View more

Hi TalendBigData, What are the settings for Cloudera Manager > HDFS > Configuration > Hive Proxy User Hosts and Hive Proxy User Groups? ... View more

Hi MSharma, How are you connecting to HS2? Is SSL also enabled? ... View more

Hey all,   There is actually a new certification being rolled out. It is completely task based: https://www.cloudera.com/more/training/certification/cca-admin.html   If you've been an administrator for some time, you should be fine. ... View more

Hi Kishore, Do these logs show any exceptions? - /var/log/cloudera-scm-server/db.log - /var/lib/cloudera-scm-server-db/data/pg_log/ Does the following file have proper settings for PostgreSQL? /etc/cloudera-scm-server/db.properties Best ... View more

There's no practice exam, as far as I know. The page I linked to does detail the specific topics to study though. ... View more

Hi Sidharth,   This page has information on topics covered (also mentioned in many of the anwered posts in the right sidebar). It’s tough to comment on difficulty - that’s dependent on each person. What I do know is that it is a multiple choice exam. Good luck! ... View more