About Paulina

Paulina · ‎06-14-2019

Hello dear all! I am facing the following problem on kerberized CDH 6.1.0: when I open Hbase in Hue interface I see the message Api Error: Unable to authenticate Hbase log shows 2019-06-14 11:36:44,236 DEBUG org.apache.hadoop.security.UserGroupInformation: PrivilegedAction as:hbase (auth:SIMPLE) from:org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:162) 2019-06-14 11:36:44,238 DEBUG org.apache.hadoop.security.UserGroupInformation: PrivilegedActionException as:hbase (auth:SIMPLE) cause:org.apache.hadoop.hbase.thrift.HttpAuthenticationException: Kerberos authentication failed: 2019-06-14 11:36:44,238 INFO org.apache.hadoop.hbase.thrift.ThriftHttpServlet: Failed to authenticate with hbase kerberos principal 2019-06-14 11:36:44,238 ERROR org.apache.hadoop.hbase.thrift.ThriftHttpServlet: Kerberos Authentication failed org.apache.hadoop.hbase.thrift.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException Hbase principal exists. Could you please help me.

Paulina · ‎02-05-2019

Passwords for trust store and keystore must be the same. After changing the password for trust store everything went good.

Paulina · ‎01-14-2019

Dear all! I have kerberized cluster on Cloudera Express 5.9.3, Java Version: 1.7.0_67. Since I turned on HDFS Data At Rest Encryption using Java Keystore KMS I recieve an error in Pig job Failed to renew token: Kind: kms-dt, Service: 10.6.1.44:16000, Ident: (kms-dt owner=hdfs, renewer=yarn, realUser=, issueDate=1547451323413, maxDate=1548056123413, sequenceNumber=2, masterKeyId=2) Yarn log: Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect Caused by: java.security.UnrecoverableKeyException: Password verification failed I have checked the pessword by doing keytool -list, the password is correct. Please, help me to resolve this problem.

Paulina · ‎10-28-2018

The problem was in SSSD

Paulina · ‎10-24-2018

Yarn log Diagnostics: Application application_1540299431797_0022 initialization failed (exitCode=255) with output: main : command provided 0 main : run as user is ххх main : requested yarn user is ххх User ххх not found Failing this attempt. Failing the application

Paulina · ‎10-24-2018

Dear Cloudera Community, please help me to solve the problem with Pig job. Some users not all have problems with script events = load '/data/events/default/year=2018/month=07' using AvroStorage(); ev = limit events 100; dump The error looks like 2018-10-24 16:06:12,483 [main] INFO org.apache.pig.backend.hadoop.executionengine.mapReduceLayer.MapReduceLauncher - Failed! 2018-10-24 16:06:12,485 [main] ERROR org.apache.pig.tools.grunt.Grunt - ERROR 1066: Unable to open iterator for alias ev Details at logfile: /data/users/bigdata17/pig_1540382728474.log All users are in the same group and have permissions to read on the folders. HadoopVersion 5.9.3 Pig 0.12.0

Paulina · ‎10-09-2018

The reason of this problems was that HDFS is looking for uidNumber in memberUid and Hue is looking for uid in memberUid. As I added uidNumber in memberUid for my user in addition to other memberUids everything started to work. On the picture memberUid=1004 and memberUid=maslova is the same user Is there any other method to fix the problem, because if we leave membership like this we would have to add users in groups twice: uids and uidnumbers

Paulina · ‎10-09-2018

@bgooley Hello! The changes you have adviced in search filter (&(objectClass=posixAccount)(uid={0})) had an effect! Now the command hdfs groups hdfs returns hdfs : hdfs hdfs groups maslova maslova : maslova Now the search bind returns the group, which is in gidNumber of the account. LDAP log: Oct 9 10:16:40 sspeapp01v slapd[29022]: conn=88425 op=2613 SRCH base="dc=sec,dc=oteco" scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=maslova))" Oct 9 10:16:40 sspeapp01v slapd[29022]: conn=88425 op=2613 SRCH attr=cn uidNumber gidNumber Oct 9 10:16:40 sspeapp01v slapd[29022]: <= mdb_equality_candidates: (uid) not indexed Oct 9 10:16:40 sspeapp01v slapd[29022]: conn=88425 op=2613 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 9 10:16:40 sspeapp01v slapd[29022]: conn=88425 op=2614 SRCH base="dc=sec,dc=oteco" scope=2 deref=3 filter="(&(objectClass=posixGroup)(|(gidNumber=1004)(memberUid=1004)))" Oct 9 10:16:40 sspeapp01v slapd[29022]: conn=88425 op=2614 SRCH attr=cn uidNumber gidNumber Oct 9 10:16:40 sspeapp01v slapd[29022]: <= mdb_equality_candidates: (gidNumber) not indexed Oct 9 10:16:40 sspeapp01v slapd[29022]: <= mdb_equality_candidates: (memberUid) not indexed HDFS configuration looks like: Hadoop User Group Mapping LDAP Group Search Filter (objectClass=posixGroup) Hadoop User Group Mapping LDAP Group Membership Attribute memberUid Hadoop User Group Mapping LDAP Group Name Attribute cn Something is wrong with these lines, I think

Paulina · ‎10-08-2018

@bgooley Unfortunately that did not help

Paulina · ‎10-04-2018

@bgooley Hi Host <property> <name>hadoop.security.group.mapping</name> <value>org.apache.hadoop.security.LdapGroupsMapping</value> </property> <property> <name>hadoop.security.group.mapping.ldap.url</name> <value>ldap://sspeapp01v.sec.oteco</value> </property> <property> <name>hadoop.security.group.mapping.ldap.bind.user</name> <value>cn=admin,dc=sec,dc=oteco</value> </property> <property> <name>hadoop.security.group.mapping.ldap.base</name> <value>dc=sec,dc=oteco</value> </property> <property> <name>hadoop.security.group.mapping.ldap.search.filter.user</name> <value>(objectClass=posixAccount)</value> </property> <property> <name>hadoop.security.group.mapping.ldap.search.filter.group</name> <value>(objectClass=posixGroup)</value> </property> <property> <name>hadoop.security.group.mapping.ldap.search.attr.member</name> <value>memberUid</value> </property> <property> <name>hadoop.security.group.mapping.ldap.search.attr.group.name</name> <value>cn</value> </property> NameNode <property> <name>hadoop.security.group.mapping</name> <value>org.apache.hadoop.security.LdapGroupsMapping</value> </property> <property> <name>hadoop.security.group.mapping.ldap.url</name> <value>ldap://sspeapp01v.sec.oteco</value> </property> <property> <name>hadoop.security.group.mapping.ldap.bind.user</name> <value>cn=admin,dc=sec,dc=oteco</value> </property> <property> <name>hadoop.security.group.mapping.ldap.bind.password</name> <value>********</value> </property> <property> <name>hadoop.security.group.mapping.ldap.base</name> <value>dc=sec,dc=oteco</value> </property> <property> <name>hadoop.security.group.mapping.ldap.search.filter.user</name> <value>(objectClass=posixAccount)</value> </property> <property> <name>hadoop.security.group.mapping.ldap.search.filter.group</name> <value>(objectClass=posixGroup)</value> </property> <property> <name>hadoop.security.group.mapping.ldap.search.attr.member</name> <value>memberUid</value> </property> <property> <name>hadoop.security.group.mapping.ldap.search.attr.group.name</name> <value>cn</value> </property> And there is no hadoop.user.group.static.mapping.overrides in core-site.xml

Online	Offline
Last Visited	‎07-29-2019 10:10 AM

Member Since	‎09-04-2018 03:01 AM
Last Visited	‎07-29-2019 10:10 AM
Posts	25
Kudos received	3

Cloudera Community

Re: Failed to renew token: Kind: kms-dt during run...

Re: Pig ERROR 1066: Unable to open iterator for al...

Api Error: Unable to authenticate in Hue while try...

Re: Failed to renew token: Kind: kms-dt during run...

Failed to renew token: Kind: kms-dt during running...

Re: Pig ERROR 1066: Unable to open iterator for al...

Re: Pig ERROR 1066: Unable to open iterator for al...

Pig ERROR 1066: Unable to open iterator for alias

Re: The application won't work without a running H...

Re: The application won't work without a running H...

Re: The application won't work without a running H...

Re: The application won't work without a running H...