@Florin Miron This error might arise if you do not start namenode as hdfs user. Actually, you are trying to run it as root user but the file /hadoop/hdfs/namenode/in_use.lock is owned by hdfs user. Do not use sudo to start hadoop processess. Try to start it without sudo. Try this: su -l hdfs -c "/usr/hdp/current/hadoop-hdfs-namenode/../hadoop/sbin/hadoop-daemon.sh start namenode" Can you try that and revert ... View more

@suraj l Can you upload this log /data/log/nifi/nifi-user.log, meanwhile let me spin up a single node Nifi cluster and to try to reproduce your settings. Do you have some specific document or steps you followed? Please revert ... View more

@suraj l I see the below error in the logs INFO [NiFi Web Server-22] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi.. Returning Conflict response. Your setup looks kerberized did you configuring a Login Identity Provider that integrates with a Kerberos Key? <provider> <identifier>kerberos-provider</identifier> <class>org.apache.nifi.kerberos.KerberosProvider</class> <property name="Default Realm">NIFI.APACHE.ORG</property> <property name="Kerberos Config File">/etc/krb5.conf</property> <property name="Authentication Expiration">12 hours</property> </provider> With the above configuration, username/password authentication can be enabled by referencing this provider in nifi.properties. nifi.security.user.login.identity.provider=kerberos-provider In the Ranger UI your parameter Nifi Resource Identifier, I see you have put * which is open permissions the controlled valid options are /flow -----Allows users to view the user interface /controller /tenants /site-to-site /system /proxy /counters The guide linked correctly states that your NiFi must be configured to run securely (HTTPS) and have an authentication mechanism (user certificates. ldap, or kerberos) in place. Without a secure setup, all users who access the NiFi UI get in with anonymous access which gives all of them full access so all aspects of the NiFi UI. Remove the http configuration to prevent uncontrolled anonymous access in nifi.properties ... View more

@suraj l have you succeeded in giving your Nifi users UI access through ranger? If so well and good , I don't quite understand the next part of your question. "How to remove the anonymous user by getting default login. I have not given anonymous user in ranger policy." Can you elaborate ... View more

@Florin Miron Yeah that's quite disappointing the files you have attached are not exhaustive, can you upload the below files. /var/log/hadoop/hdfs/hadoop-hdfs-datanode-node.bigdata.com.log /var/log/ambari-server/ambari-server.log This could help in the diagnostics ... View more

@Fawze AbuJaber Don't give up as yet, just imagine it was a production cluster 🙂 Do you have a documentation you followed, I could compare it to my MIT kerberos HDP / AD integration setups and maybe find the discrepancy. Please revert. ... View more

@Fawze AbuJaber Can you try without rebooting the AD ? ... View more

@Fawze AbuJaber Can you comment out the following in the krb5.conf by putting a pound (#) sign like below #default_tgs_enctypes = rc4-hmac #default_tkt_enctypes = rc4-hmac #permitted_enctypes = rc4-hmac Then restart the kdc server an retest. Can you also upload the krb5kdc and kadmind logs ... View more

@suraj l Have a look at this HCC document ... View more