gvishal
Explorer

Re: Authentication error in file view access via A...

by Explorer in Support Questions
‎11-06-2017 05:32 AM
‎11-06-2017 05:32 AM
Thanks Jay. Everything is working now. Yes, the Regular Ambari has kerberos enabled. The links in the last message has been helpful. All the settings were correct except Authentication Method was set wrongly as SIMPLE. After changing the setting to Kerberos and adding the principle it started working. Also the keytabs on the standalone host was missing. Added the kebtab and kinit of prinicipal everything is fine. Thank you for prompt help. ... View more

Authentication error in file view access via Ambar...

by Explorer in Support Questions
‎11-06-2017 03:50 AM
‎11-06-2017 03:50 AM
I have LDAP & SSL working fine on HDP2.6.0.3 cluster where we have setup a standalone instance of Ambari Views on a edge node for security reasons. Now getting an Authentication error while trying to access the 'file views' using admin user. Log don't show any specific information. Failed to transition to undefined Authentication required Failed to transition to undefined Server status: 500 Server Message: Authentication required Error trace: org.apache.hadoop.security.AccessControlException: Authentication required at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.validateResponse(WebHdfsFileSystem.java:460) at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.access$200(WebHdfsFileSystem.java:114) at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:750) at org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.access$100(WebHdfsFileSystem.java:592) at org.apache.hadoop.hdfs.web.W... ... View more
Labels:

Re: how to change default Atlas UI admin password

by Explorer in Support Questions
‎10-31-2017 11:54 AM
‎10-31-2017 11:54 AM
Hello Nixon, I am not adding new user. I am trying to change the password for the existing admin user. I change the user-credentials.properties file but no success. Thanks for offering the help. ... View more

how to change default Atlas UI admin password

by Explorer in Support Questions
‎10-30-2017 12:12 PM
‎10-30-2017 12:12 PM
Hello, I try to change the default Atlas admin UI password using following steps but it does not work. Step 1: Generate the sha256 password string # echo -n "Password" | sha256sum e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a Step 2: Modify the users-credentials.properties file # /etc/atlas//0/users-credentials.properties #username=group::sha256-password admin=ADMIN::e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a <---- replace this string rangertagsync=RANGER_TAG_SYNC ::e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d Note: Replace sha256 string which was generated in step one. Step 3: Navigate to Ambari and restart the Atlas service. Step 4: Login with the new password. But it does not work. Any instructions or missing step in the above procedure. Thank you. ... View more
Labels:

Re: knox responsed 404 not found when use file vie...

by Explorer in Support Questions
‎10-23-2017 04:36 AM
‎10-23-2017 04:36 AM
Hello Sen, my webhdfs is working with {{webhdfs_service_urls}} and change the default to adminui but still getting 404 ... View more

Re: Knox UI Mapping Problem - ResourceManager Web ...

by Explorer in Support Questions
‎10-23-2017 03:43 AM
‎10-23-2017 03:43 AM
Hello Andreas, Looks like I am in a similar situation as yours. Oozie & hive are working but yarn, Ambari & Ranger UI are failing with 404. Did you manage to solve the issue. Can you please guide on the steps. Thank you. ... View more

Re: knox responsed 404 not found when use file vie...

by Explorer in Support Questions
‎10-23-2017 03:34 AM
‎10-23-2017 03:34 AM
The cluster is kerberozied and ldap configured with Active directory. AD KDC is getting used, not local KDC ... View more

Re: knox responsed 404 not found when use file vie...

by Explorer in Support Questions
‎10-23-2017 03:32 AM
‎10-23-2017 03:32 AM
Hello Jay, I have tried creating ui.xml and adminui.xml (both names) but I am still getting 404 for ambari UI via knox. curl -vik -u <username> 'https://<ip knox_node>:8442/gateway/default/ui/ambari ( we used port 8442 for HTTPS/ssl) the webhdfs, oozie and hive is working. curl -vik -u <username> 'https://<ip knox node>:8442/gateway/default/oozie' curl -vik -u <username> 'https://<ip knox node>:8442/gateway/default/hive' Any thoughts , what else is required. Thanks ... View more

Re: Kerberos Setup on HDP 2.6

by Explorer in Support Questions
‎08-10-2017 12:51 PM
‎08-10-2017 12:51 PM
Hello Geoffrey, I agree. The challenge we face last time is that cluster unkerberization via Ambari get stuck and then doing it manually using the link https://stackoverflow.com/questions/29744821/how-to-disable-hadoop-kerberos help a bit but not completely. We now have to re-initialize the whole cluster and this time, using Ambari it gets setup successfully. Looks like it is important to have a pre-kerberozation check list to make sure that the cluster is in proper state before start of this exercise. Thanks for your time and sharing the knowhow. Appreciate it. Best Regards, ... View more

Re: Kerberos Setup on HDP 2.6

by Explorer in Support Questions
‎08-10-2017 02:15 AM
‎08-10-2017 02:15 AM
Hello Geoffrey, Just wondering if you have similar instructions unkerberoize the cluster in case we fail to successfully setup the keberos. Thanks for the instructions and help. ... View more

Re: Kerberos Setup on HDP 2.6

by Explorer in Support Questions
‎08-09-2017 02:15 PM
‎08-09-2017 02:15 PM
Hello Team, Just wondering if we have an updated documentation for kerberos setup on HDP 2.6. I am mainly interested in the checks we should be doing before starting kerberos setup using Ambari. The challenge using Ambari for kerberos setup is that if it gets stuck then getting cluster back is a nightmare. Even the 'skip' button on Ambari becomes unavailable many times. The cluster all services green on Ambari may not be complete confirmation that cluster is in the good state to start the kerberos installation. with Manual installation, atleast we know the steps followed and rollback may be a bit easier. Thanks ... View more

Re: using Kadmin for connectiong to AD KDC

by Explorer in Support Questions
‎06-27-2017 11:39 PM
‎06-27-2017 11:39 PM
Thanks Robert and bhatt. This is helpful ... View more

using Kadmin for connectiong to AD KDC

by Explorer in Support Questions
‎06-27-2017 12:20 PM
1 Kudo
‎06-27-2017 12:20 PM
1 Kudo
Have anyone tried kadmin (connecting to AD KDC) after kerberising the hadoop cluster using Ambari? I am using the same credentials and it is saying “Required KADM5 principal missing while initializing kadmin interface”. What is the recommended best way to AD KDC connection? Thanks for help ... View more
Labels:

Re: Does Kerberos needs to be redone after a Hadoo...

by Explorer in Support Questions
‎06-01-2017 01:41 PM
‎06-01-2017 01:41 PM
Thanks Graham and Robert. This is helpful. ... View more

Does Kerberos needs to be redone after a Hadoop Up...

by Explorer in Support Questions
‎06-01-2017 12:10 AM
‎06-01-2017 12:10 AM
Hello Team, Do we need to re-do the Kerberos and SSL set up again after the upgrade to HDP 2.5 from HDP 2.3 or HDP 2.4. Thanks ... View more

How to stop Ranger from creating users

by Explorer in Support Questions
‎04-20-2017 01:26 AM
‎04-20-2017 01:26 AM
In a kerberozed cluster. How to block local user authentication for Ranger and only Accept Active Directory users. Can Ranger locally create users as well? ... View more
Labels:

Block Local user Authentication for AD integration

by Explorer in Support Questions
‎04-15-2017 07:18 AM
‎04-15-2017 07:18 AM
We have a Kerberozed Hadoop cluster with Ranger. How to configure the Ranger to block local user authentication and only allowed to accept Active Directory (AD) users. Thanks ... View more
Labels:

Re: Hortonworks documentation with Specific word '...

by Explorer in Support Questions
‎04-07-2017 02:24 PM
‎04-07-2017 02:24 PM
Dear Stanca, I agree with you on all the points but you know sometimes lack of knowledge makes things difficult. As a culture in Finland & Sweden, some of these senior Non-IT executives wants to see specific written words, especially when competitor has something in writing. Last reply from Jay and your reply are both helpful to do the test which we are proposing now to prove in terms of disabling the SSL and enabling only TLS , followed by using Openssl_Client test. You would also agree that in a competitive situation (cloudera writing 'TLS' and hortonworks Not in their documentation), it is hard to argue why cloudera is saying and Horton not saying. Thanks for the details & help. ... View more

Re: Horton documentation specifically stating 'TLS...

by Explorer in Support Questions
‎04-07-2017 12:25 PM
‎04-07-2017 12:25 PM
Dear Jay, You understood it correctly. Customer is looking a similar documentation from Horton as it is from Apache in your link above. specifically mentioning TLS. The argument is how do we know ensure Hortonworks has implemented what Apache Hadoop is saying. Hortonworks documentation did not provide it in writing / in their documentation. Your openssl_s command test is surely one way and will help. But do you think a page/ document from Horton exist any where stating that all hadoop.ssl.enabled.protocols property in core-site.xml file can use TLS protocol. Thanks for help. ... View more

Hortonworks documentation with Specific word 'TLS'

by Explorer in Support Questions
‎04-07-2017 10:41 AM
‎04-07-2017 10:41 AM
We have a tricky situation where customer is looking for written proof of 'TLS' support for services on HDP2.5 for webUIs. They claim that it is only Kafka which says that but no other service , https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/ch_wire-kafka.html Is there a documentation , link or written proof where he can specifically see 'TLS' support for HDP services. The argument is cloudera documentation clearly state is everywhere. The issue is - he suspect that Horton still use the old protocols / ciphers and not TLS except Kafka. Any pointers , link or documentation he can refer to ... View more

Horton documentation specifically stating 'TLS'

by Explorer in Support Questions
‎04-07-2017 10:36 AM
‎04-07-2017 10:36 AM
We have tricky situation where customer wants a written proof of ssl supporting TLS on services running with HDP2.5. He says that Hortonworks documentation don't say that services use TLS1.1/2 except Kafka as per the link https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/ch_wire-kafka.html Is there any documentation or written proof / link available which they can refer and see the word 'TLS ' specifically. The argument is that cloudera documentation clearly states it everywhere. Why Hortonworks do not ? ... View more

Cryto algorithms used for HDFS encryption, SSL com...

by Explorer in Support Questions
‎04-05-2017 05:54 AM
‎04-05-2017 05:54 AM
Hello, Please help to understand the cryto algorithms used for : 1) HDFS encryption at rest 2) SSL/TLS communications 3) Kerberos We have a HDP 2.5 Thanks, Vishal. ... View more
Labels:

Re: Encryption keys in Ranger KMS using Pass Phras...

by Explorer in Support Questions
‎03-30-2017 09:00 AM
‎03-30-2017 09:00 AM
Where does it gets stored, in postgres database or .conf file. Thanks ... View more

Re: Keys Backup other than PostgreS DB backup

by Explorer in Support Questions
‎03-30-2017 04:56 AM
‎03-30-2017 04:56 AM
Do you the script name and path please. Thanks ... View more

How is PostgreS DB authentication secured on a Had...

by Explorer in Support Questions
‎03-29-2017 02:23 AM
‎03-29-2017 02:23 AM
How is PostgreS DB authentication secured? ... View more
Labels:

Revocation checking support on SSL/TLS

by Explorer in Support Questions
‎03-29-2017 02:20 AM
‎03-29-2017 02:20 AM
which version of HDP supports revocation checking on SSL/TLS communications? How is this done (CRL or OCSP)? ... View more

Authentication credentials in local KDC

by Explorer in Support Questions
‎03-29-2017 02:18 AM
‎03-29-2017 02:18 AM
How are authentication credentials stored and protected within the local KDC created during Kerberos implementation? What encryption algorithm can be used ? ... View more
Labels:

Keys Backup other than PostgreS DB backup

by Explorer in Support Questions
‎03-29-2017 02:14 AM
‎03-29-2017 02:14 AM
Is there any mechanism to backup keys, other than PostgreS Database backup, such as exporting keys in a pass-phrase protected file on a USB which is then kept in a safe? ... View more
Labels:

Expiry for EZK and DEK.

by Explorer in Support Questions
‎03-29-2017 02:13 AM
‎03-29-2017 02:13 AM
Can we set an expiry on EZK and DEK? Can we rollover DEKs ... View more

Encryption keys in Ranger KMS using Pass Phrase

by Explorer in Support Questions
‎03-29-2017 02:12 AM
‎03-29-2017 02:12 AM
Is pass-phrase something that we can use to generate encryption keys in Ranger KMS? Where can we use pass phrase in Ranger KMS and where does it get stored. ... View more
Contact Me
Online
Offline
Last Visited
‎04-07-2017 01:16 AM
Public Statistics
Date Registered ‎04-06-2017 09:40 PM
Last Visited ‎04-07-2017 01:16 AM
Total Messages Posted 38
Total Kudos Received 1