Hi Siraj, I did not find the solution for this. This was the issue with the manual setup. When I used cloudera package installation all worked fine. ... View more

@michalis I removed the salt :normal while enabling kerberos using cloudera manager and it imported the kdc successfully..     Thanks @bgooley and @michalis  for the support and helping me to solve this tricky one.       ... View more

@bgooley I have updated the script, can you please check as its still failing ... View more

Any solution pls..  ... View more

Hi, any solution pls.. ... View more

@bgooley   Thanks a lot for reverting back to my queries .   I tried with the solution you said by changing sleep=0 to sleep=1 but still  get the same error message .    /usr/share/cmf/bin/import_credentials.sh failed with exit code 1 and output of << + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin + KEYTAB_OUT=/var/run/cloudera-scm-server/cmf4656589489540061286.keytab + USER=cloudera-scm/REDACTED@PRICLUSTER.COM + PASSWD=REDACTED + KVNO=1 + SLEEP=1 + RHEL_FILE=/etc/redhat-release + '[' -f /etc/redhat-release ']' + set +e + grep Tikanga /etc/redhat-release + '[' 1 -eq 0 ']' + '[' 1 -eq 0 ']' + '[' 1 -eq 0 ']' + set -e + '[' -z /etc/krb5.conf ']' + echo 'Using custom config path '\''/etc/krb5.conf'\'', contents below:' + cat /etc/krb5.conf + IFS=' ' + read -a ENC_ARR + for ENC in '"${ENC_ARR[@]}"' + echo 'addent -password -p cloudera-scm/REDACTED@PRICLUSTER.COM -k 1 -e aes256-cts:normal' + '[' 1 -eq 1 ']' + sleep 1 + ktutil addent: Bad encryption type while adding new entry + echo REDACTED + for ENC in '"${ENC_ARR[@]}"' + echo 'addent -password -p cloudera-scm/REDACTED@PRICLUSTER.COM -k 1 -e aes128-cts:normal' + '[' 1 -eq 1 ']' + sleep 1 ktutil: Unknown request "REDACTED". Type "?" for a request list. addent: Bad encryption type while adding new entry + echo REDACTED + for ENC in '"${ENC_ARR[@]}"' + echo 'addent -password -p cloudera-scm/REDACTED@PRICLUSTER.COM -k 1 -e des3-hmac-sha1:normal' + '[' 1 -eq 1 ']' + sleep 1 ktutil: Unknown request "REDACTED". Type "?" for a request list. addent: Bad encryption type while adding new entry + echo REDACTED + for ENC in '"${ENC_ARR[@]}"' + echo 'addent -password -p cloudera-scm/REDACTED@PRICLUSTER.COM -k 1 -e des-hmac-sha1:normal' + '[' 1 -eq 1 ']' + sleep 1 ktutil: Unknown request "REDACTED". Type "?" for a request list. addent: Bad encryption type while adding new entry + echo REDACTED + for ENC in '"${ENC_ARR[@]}"' + echo 'addent -password -p cloudera-scm/REDACTED@PRICLUSTER.COM -k 1 -e des-cbc-crc:normal' + '[' 1 -eq 1 ']' + sleep 1 ktutil: Unknown request "REDACTED". Type "?" for a request list. addent: Bad encryption type while adding new entry + echo REDACTED + echo 'wkt /var/run/cloudera-scm-server/cmf4656589489540061286.keytab' ktutil: Unknown request "REDACTED". Type "?" for a request list. + chmod 600 /var/run/cloudera-scm-server/cmf4656589489540061286.keytab chmod: cannot access `/var/run/cloudera-scm-server/cmf4656589489540061286.keytab': No such file or directory   I have also shared the modified import_credentials.sh.     cat /etc/redhat-release CentOS release 6.9 (Final) #!/usr/bin/env bash # Copyright (c) 2014 Cloudera, Inc. All rights reserved. set -e set -x # Explicitly add RHEL5/6 and SLES11/12 locations to path export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:$PATH KEYTAB_OUT=$1 USER=$2 PASSWD=$3 KVNO=$4 # Determine if sleep is needed before echoing password. # This is needed on Centos/RHEL 5 where ktutil doesn't # accept password from stdin. SLEEP=1 RHEL_FILE=/etc/redhat-release if [ -f $RHEL_FILE ]; then set +e # Ignore errors in grep grep Tikanga $RHEL_FILE if [ $? -eq 0 ]; then SLEEP=1 fi if [ $SLEEP -eq 0 ]; then grep 'CentOS release 5' $RHEL_FILE if [ $? -eq 0 ]; then SLEEP=1 fi fi if [ $SLEEP -eq 0 ]; then grep 'Scientific Linux release 5' $RHEL_FILE if [ $? -eq 0 ]; then SLEEP=1 fi fi set -e fi if [ -z "$KRB5_CONFIG" ]; then echo "Using system default krb5.conf path." else echo "Using custom config path '$KRB5_CONFIG', contents below:" cat $KRB5_CONFIG fi # Export password to keytab IFS=' ' read -a ENC_ARR <<< "$ENC_TYPES" { for ENC in "${ENC_ARR[@]}" do echo "addent -password -p $USER -k $KVNO -e $ENC" if [ $SLEEP -eq 1 ]; then sleep 1 fi echo "$PASSWD" done echo "wkt $KEYTAB_OUT" } | ktutil chmod 600 $KEYTAB_OUT # Do a kinit to validate that everything works kinit -k -t $KEYTAB_OUT $USER # If this is not AD admin account, return from here if [ "$AD_ADMIN" != "true" ]; then exit 0 fi # With AD do a simple search to make sure everything works. # Set properties needed for ldapsearch to work. # Tell GSSAPI not to negotiate a security or privacy layer since # AD doesn't support nested security or privacy layers LDAP_CONF=`mktemp /tmp/cm_ldap.XXXXXXXX` echo "TLS_REQCERT never" >> $LDAP_CONF echo "sasl_secprops minssf=0,maxssf=0" >> $LDAP_CONF export LDAPCONF=$LDAP_CONF set +e # Allow failures to SASL so we can see if simple auth works ldapsearch -LLL -H "$AD_SERVER" -b "$DOMAIN" "userPrincipalName=$USER" if [ $? -ne 0 ]; then echo "ldapsearch did not work with SASL authentication. Trying with simple authentication" ldapsearch -LLL -H "$AD_SERVER" -b "$DOMAIN" -x -D $USER -w $PASSWD "userPrincipalName=$USER" if [ $? -ne 0 ]; then echo "Failed to do ldapsearch." echo "Please make sure Active Directory configuration is correctly specified and LDAP over SSL is enabled." exit 1 fi # Simple authentication worked. Store the password in output file. echo -n $PASSWD > $KEYTAB_OUT fi set -e rm -f $LDAP_CONF ... View more

But even for centos or rhel6 needed it ? ... View more

Thanks. I tried sleep=1 in the past and it didn't work. But let me try again. 'll keep u updated. ... View more

Hi,   anybody has any idea.. ?  ... View more