Member since
04-09-2019
254
Posts
140
Kudos Received
34
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1536 | 05-22-2018 08:32 PM | |
10670 | 03-15-2018 02:28 AM | |
2835 | 08-07-2017 07:23 PM | |
3698 | 07-27-2017 05:22 PM | |
1998 | 07-27-2017 05:16 PM |
03-19-2022
10:16 PM
Thank you @adhishankarit for sharing this with us. This will be useful for other person as well. Many reader will get benefit from this.
... View more
03-10-2022
11:08 PM
Hello @RajeshReddy , DataSteward role would usually grant “environments/adminRanger” permission which makes user Ranger and Atlas admin. This would suffice to create a tag based policy. Can we get more info on the error you are getting? Any screenshot or error messages would help us greatly to help you further. Thanks.
... View more
03-10-2022
12:18 AM
Hello, In order to assist with this, I'd need to check more python code which you are running. Could you please share the snippet around the POST call? Also, I noticed the RangerPDPKnoxFilter in the stack trace. This means that your Knox topology (cdp-proxy-api) has Ranger Knox plugin enabled for authorization. Can you please disable the plugin (only for testing) and try again? Hope this helps. Thanks.
... View more
05-29-2019
03:09 AM
Hello @Vidya Sagar S, I think I see your problem. It's with the key of HTTP/RANGER_FQDN principal. Most probably, the key of Ranger SPNEGO principal (HTTP/RANGER_FQDN) has been changed/updated in Kerberos database but not in the spnego.service.keytab on Ranger node. Hence "checksum failed" error. To confirm this, please get the output of these commands on Ranger host: # klist -kt /etc/security/keytabs/spnego.service.keytab
# kinit <any-working-principal>
# kvno HTTP/<RANGER_FQDN> If the Key Version Number (kvno) in the first command output and last command output doesn't match, then that's the issue. To fix this, get the key of HTTP/RANGER_FQDN out in a new keytab and replace spnego.service.keytab on Ranger host. Restart Ranger admin from Ambari. Hope this helps!
... View more
08-20-2018
08:03 PM
+1 for detailed answer !
... View more
08-01-2018
08:41 PM
@Bhushan Kandalkar, Can you login to Zeppelin as 'bhushan-kandalkar' instead of 'bhushan-kandalkar@test.com'? You may need to set "activeDirectoryRealm.principalSuffix = @test.com" if you are using "org.apache.zeppelin.realm.ActiveDirectoryGroupRealm". With this set, you should be able to login as 'bhushan-kandalkar' and same would appear in notebook permission. Hope this helps.
... View more
07-31-2018
08:25 PM
@Bhushan Kandalkar, Please let us know the value of "zeppelin.notebook.storage" property in Zeppelin. If you can attach your zeppelin-site.xml from Zeppelin node ("after scrubbing your env. specific details"), that will be even better. What Felix is suggesting here, may actually work if done correctly.
... View more
06-28-2018
06:18 PM
Hello@Sami Ahmad, CAUTION: Retrieving the keytab resets the secret for the Kerberos principal. This renders all other keytabs for that principal invalid. The correct answer depends on which Kerberos implementation you are using. For MIT KDC, a system admin would use an interface, known as "kadmin" (or an alternative "kadmin.local"), to create keytab for users using 'ktadd' command. ktadd will regenerate key with a random password and then add it to keytab: # ktadd -k </path/to/file.keytab> <principal-name> For FreeIPA, an admin would use ipa-getkeytab command. This command can generate keytab with a random or provided password: # ipa-getkeytab -s <ipaserver.example.com> -p <principal-name> -k </path/to/file.keytab> For Microsoft AD, an admin should use ktpass command. This command is really useful when you want to generate a keytab for AD service principal to be used in Linux environment. This can also use a given password or a random password (+rndpass): # ktpass /princ hive/sandbox.hortonworks.com@HWX.COM /pass <password> /mapuser hiveservice /pType KRB5_NT_PRINCIPAL /crypto ALL /out c:\temp\hive.service.keytab Hope this helps!
... View more
06-05-2018
06:21 PM
@Karthik Palanisamy, This is really a good piece of information. Thanks for sharing. Keep them coming !
... View more
05-22-2018
08:32 PM
Hello @Satya Nittala, Atlas Type Model is a way to define metadata about the kind of data that you want to manage. Actually, Atlas Type System encompasses 'Types' and 'Entities'. It is very much possible to create custom type for your dataset. Please refer to this article: https://community.hortonworks.com/articles/91237/creating-custom-types-and-entities-in-atlas.html Hope this helps!
... View more