My Hive is also Enabled LDAP Authentication, my user 'hue_hive' doesn't exist in Linux but only in LDAP and Hue as well.. I have tried to run query in Hue and beeline with 'hue_hive', it also works. From this point I think my user 'hue_hive' is exist in HS2. How about the other users in LDAP such as 'administrator'? How does HS2 actually impersonate the user to other services? such as MapReduce and HDFS..?   ... View more

The user 'administrator' is LDAP user that I add/sync in Hue, which having HDFS user directory, /user/administrator and having full access.. does it means the user also exist in HS2 node? Should I check it in Linux OS-level? Thanks for your help.     ... View more

Thanks, mbigelow. hive.server2.enable.impersonation, hive.server2.enable.doAs is active for "HiveServer2 Default Group", I faced the same problem in Hue and Beeline as well..   And from the Hue server log file I found something. The password is None for hive.server2.proxy.user, I don't really know is it the underlying reason.   [10/Jan/2017 22:05:47 -0800] api WARNING Autocomplete data fetching error: Bad status for request TOpenSessionReq(username=u'administrator', password=None, client_protocol=6, configuration={'hive.server2.proxy.user': u'administrator'}): TOpenSessionResp(status=TStatus(errorCode=0, errorMessage='Failed to validate proxy privilege of hue_hive for administrator', sqlState='08S01', infoMessages=['*org.apache.hive.service.cli.HiveSQLException:Failed to validate proxy privilege of hue_hive for administrator:14:13', 'org.apache.hive.service.auth.HiveAuthFactory:verifyProxyAccess:HiveAuthFactory.java:402', 'org.apache.hive.service.cli.thrift.ThriftCLIService:getProxyUser:ThriftCLIService.java:748', 'org.apache.hive.service.cli.thrift.ThriftCLIService:getUserName:ThriftCLIService.java:384', 'org.apache.hive.service.cli.thrift.ThriftCLIService:getSessionHandle:ThriftCLIService.java:411', 'org.apache.hive.service.cli.thrift.ThriftCLIService:OpenSession:ThriftCLIService.java:316', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession:getResult:TCLIService.java:1253', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession:getResult:TCLIService.java:1238', 'org.apache.thrift.ProcessFunction:process:ProcessFunction.java:39', 'org.apache.thrift.TBaseProcessor:process:TBaseProcessor.java:39', 'org.apache.hive.service.auth.TSetIpAddressProcessor:process:TSetIpAddressProcessor.java:56', 'org.apache.thrift.server.TThreadPoolServer$WorkerProcess:run:TThreadPoolServer.java:286', 'java.util.concurrent.ThreadPoolExecutor:runWorker:ThreadPoolExecutor.java:1145', 'java.util.concurrent.ThreadPoolExecutor$Worker:run:ThreadPoolExecutor.java:615', 'java.lang.Thread:run:Thread.java:745', '*org.apache.hadoop.security.authorize.AuthorizationException:User: hue_hive is not allowed to impersonate administrator:0:-1'], statusCode=3), sessionHandle=None, configuration=None, serverProtocolVersion=6) ... View more