Member since
10-04-2015
22
Posts
4
Kudos Received
0
Solutions
07-23-2016
05:19 PM
We didn't used any regex for "sAMAccountName": Looklike your AD configured sAMAccountName as UPN.
See following notes may helpful to differentiate both properties.
http://www.morgantechspace.com/2014/04/samaccountname-vs-userprincipalname.html
... View more
07-19-2016
04:55 AM
1 Kudo
It went well with Robert L suggested changes. We recommended customer AD team to limit sAMAccountName characters to <=15 ------- When using an Active Directory server and the user name is mapped to theuserPrincipalNameattribute, theActiveDirectoryMembershipProviderclass will automatically generate a random 20-character user name for thesAMAccountNameparameter on your behalf. Parameters default to the following maximum lengths. Parameter Maximum length username 64 characters if using theuserPrincipalNameattribute. If using thesAMAccountNameattribute, the common restriction is 20 characters or less. password 128 characters. email 256 characters. passwordQuestion 256 characters. passwordAnswer 128 characters before and after encrypting.
---------- for more details Maximum Length User Logon Name (Pre Windows 2000)
https://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.createuser.aspx
... View more
02-12-2016
05:40 PM
1 Kudo
@wei yang try to downgrade snappy instead of remove. We blew away the kdump.conf files, plus some other files, when
we did that uninstall. We should do this with the downgrade command. snappy removal, removed following packages. abrt-addon-vmcore
abrt-cli
abrt-console-notification
crashcrash-gcore-command
kexec-tools
... View more
11-18-2015
10:15 PM
1 Kudo
thanks good collection.
... View more
11-18-2015
10:14 PM
thank you Neeraj suggested change worked.
... View more
11-18-2015
09:55 PM
While running Ranger dba_script.py - with DB Host value as database server name failing to connect. [root@prd002 ranger-admin]# export JAVA_HOME=/usr/java/default
[root@prd002 ranger-admin]# export JRE_HOME=$JAVA_HOME/jre
[root@prd002 ranger-admin]# export PATH=$JAVA_HOME/bin:$PATH
[root@prd002 ranger-admin]# python dba_script.py -q -d RangerDBerr.sql
2015-11-18 16:50:13,595 [I] File RangerDBerr.sql is available.
2015-11-18 16:50:13,595 [I] Running DBA setup script. QuiteMode:True
2015-11-18 16:50:13,595 [I] Using Java:/usr/java/default/bin/java
2015-11-18 16:50:13,595 [I] DB FLAVOR:ORACLE
2015-11-18 16:50:13,595 [I] DB Host:dbserver.com
2015-11-18 16:50:13,596 [I] Dry run mode:True
2015-11-18 16:50:13,596 [I] Logging DBA Script in file:RangerDBerr.sql
2015-11-18 16:50:13,596 [I] Checking connection
SQLException : SQL state: 08006 java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection ErrorCode: 17002
2015-11-18 16:50:13,880 [E] Can't establish connection,Change configuration or Contact Administrator!!
... View more
Labels:
- Labels:
-
Apache Ambari
11-17-2015
03:48 AM
Thank you Neeraj, As suggested restarted all hive services, added hive user along with ambari-qa and test was successful.
... View more
11-17-2015
03:30 AM
As Hive user beeline unable to connect Hiveserver2, receiving ranger permissions error. Unable to disable Hive ranger plugin security to none. Ambari failing to save new status with following error: 16 Nov 2015 15:20:52,270 INFO [qtp-client-223] StackAdvisorRunner:71 - advisor script stderr:
16 Nov 2015 15:22:42,245 INFO [qtp-client-232] PersistKeyValueService:82 - Looking for keyName user-pref-admin-dashboard
... View more
Labels:
- Labels:
-
Apache Hive
-
Apache Ranger
11-10-2015
01:53 PM
Thank you Neeraj, after change of ranger.audit.source.type from solr to db, ranger portal sees the logs.
... View more
11-10-2015
01:28 PM
Is Solr/Solr cloud is must to access Ranger audit access logs? Any referrence document to configure audit access logs from Oracle DB 12C backend. Environment with Ambari 2.1.2 and HDP-2.3.2.0-2950
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Ranger
11-09-2015
09:28 PM
Thank you Al. xa_portal.log shows following error, look like ranger portal expecting ranger_audits in solar, which we didn't installed. Customer opened support case, waiting for support response. 2015-11-09 13:30:15,027 [http-bio-6080-exec-6] ERROR
org.apache.ranger.solr.SolrUtil (SolrUtil.java:79) - Error from Solr
server.
org.apache.solr.client.solrj.SolrServerException: IOException
occured when talking to server at:
http://solr_host:6083/solr/ranger_audits
at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:572)
at
... View more
11-07-2015
05:52 AM
thank you for sharing, simple example to demonstrate Kerberos requirement.
... View more
11-07-2015
05:36 AM
Pardeep, thanks for detailed notes, helpful.
... View more
11-06-2015
08:37 PM
ENV: Ambari 2.1.2, Ranger:0.5.0.2.3 HDFS/HIVE plugin configured, tried Audit logs to HDFS and changed to DB(Oracle 12c) /var/log/ranger/admin/xa_portal.log reports following error. 2015-11-06 15:30:05,987 [http-bio-6080-exec-3] INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:311) - Operation error. response=VXResponse={org.apache.ranger.view.VXResponse@2a7e763statusCode={1} msgDesc={Error running query} messageList={[VXMessage={org.apache.ranger.view.VXMessage@6d64c8e4name={ERROR_SYSTEM} rbKey={xa.error.system} message={System Error. Please try later.} objectId={null} fieldName={null} }]} }
javax.ws.rs.WebApplicationException
... View more
Labels:
- Labels:
-
Apache Ambari
11-05-2015
01:40 PM
1 Kudo
@Neeraj after this incident we corrected SID and ambari add service wizard failing to finish with error at stage 6 "Server Error". Opened support case for Ambari SME support to cleanup and redo add service.
... View more
11-05-2015
04:11 AM
Initial attempt to Add Ranger service to running HDP 2.3.2 cluster managed with Ambari 2.1.2 on Redhat 7.1, Oracle JDK 8 and Oracle 12C backend database for Ranger.
ambari ranger DB test connection successful but failed to connect database @step 6 with following error. File "/usr/lib/python2.6/site-packages/resource_management/core/shell.py", line 291, in _call
raise Fail(err_msg)
resource_management.core.exceptions.Fail: Execution of 'python /usr/hdp/current/ranger-admin/dba_script.py -q' returned 1. 2015-11-04 11:46:19,927 [I] Running DBA setup script. QuiteMode:True
2015-11-04 11:46:19,927 [I] Using Java:/usr/java/default/bin/java
2015-11-04 11:46:19,927 [I] DB FLAVOR:ORACLE
2015-11-04 11:46:19,927 [I] DB Host:roadrunner.example.com
2015-11-04 11:46:19,927 [I] ---------- Creat
ing Ranger Admin db user ----------
2015-11-04 11:46:19,927 [I] Checking connection
SQLException : SQL state: 08006 java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection ErrorCode: 17002
2015-11-04 11:46:20,196 [E] Can't establish connection,Change configuration or Contact Administrator!!Following procedure and followed to re-add ranger service.1) curl -i -uadmin:admin -H "X-Requested-By: ambari" -d '{"HostRoles": { "state": "UNKNOWN"}}' -X DELETE "http://hdpqa001.example.com:8080/api/v1/clusters/hdpclu/services/RANGER";
HTTP/1.1 200 OK
User: admin
Set-Cookie: AMBARISESSIONID=1aul0secz52361k6uhu9akhjbd;Path=/;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain
Content-Length: 0
Server: Jetty(8.1.17.v20150415)2) Ambari add Ranger service wizard.------ Multiple attempts failed at stage 6 with a error popup "server error"What is best approach to cleanup and add Ranger service.
Or Any debug options to collect Add service process logs to understand error.
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Ranger
10-30-2015
01:32 AM
thank you for the details, next week I will test in new cluster build.
... View more
10-30-2015
01:29 AM
thank you, good information.
... View more
10-21-2015
02:57 PM
How to change SamAccountName : $K5V500-1ET1B4KFE6C4 to username storm-poc. Ambari 2.1.2 enable kerberos wizard created AD account SamAccountName : $K5V500-1ET1B4KFE6C4. Get-ADUser -Identity '$K5V500-1ET1B4KFE6C4' -Properties *
AccountExpirationDate :
accountExpires : 0
AccountLockoutTime :
AccountNotDelegated : False
AllowReversiblePasswordEncryption : False
BadLogonCount : 0
badPasswordTime : 0
badPwdCount : 0
CannotChangePassword : False
CanonicalName : ldap.customer.com/HDP/Domain Accounts/Service Accounts/storm-poc
Certificates : {}
City :
CN : storm-poc
codePage : 0
Company :
Country :
countryCode : 0
Created : 10/16/2015 12:54:07 PM
createTimeStamp : 10/16/2015 12:54:07 PM
Deleted :
Department :
Description :
DisplayName :
DistinguishedName : CN=storm-poc,OU=Service Accounts,OU=Domain Accounts,OU=HDP,DC=poc,DC=customer,DC=com
Division :
DoesNotRequirePreAuth : False
dSCorePropagationData : {12/31/1600 7:00:00 PM}
EmailAddress :
EmployeeID :
EmployeeNumber :
Enabled : True
Fax :
GivenName :
HomeDirectory :
HomedirRequired : False
HomeDrive :
HomePage :
HomePhone :
Initials :
instanceType : 4
isDeleted :
LastBadPasswordAttempt :
LastKnownParent :
lastLogoff : 0
lastLogon : 130898381140333887
LastLogonDate : 10/16/2015 12:54:07 PM
lastLogonTimestamp : 130894880477406005
LockedOut : False
logonCount : 60159
LogonWorkstations :
Manager :
MemberOf : {}
MNSLogonAccount : False
MobilePhone :
Modified : 10/16/2015 12:54:07 PM
modifyTimeStamp : 10/16/2015 12:54:07 PM
msDS-User-Account-Control-Computed : 0
Name : storm-poc
nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory : CN=Person,CN=Schema,CN=Configuration,DC=poc,DC=customer,DC=com
ObjectClass : user
ObjectGUID : 6d7826eb-4729-4074-8e4a-3705c9adcd40
objectSid : S-1-5-21-568884682-143551100-1954249272-195764
Office :
OfficePhone :
Organization :
OtherName :
PasswordExpired : False
PasswordLastSet : 10/16/2015 12:54:07 PM
PasswordNeverExpires : True
PasswordNotRequired : False
POBox :
PostalCode :
PrimaryGroup : CN=Domain Users,CN=Users,DC=poc,DC=customer,DC=com
primaryGroupID : 513
ProfilePath :
ProtectedFromAccidentalDeletion : False
pwdLastSet : 130894880476781969
SamAccountName : $K5V500-1ET1B4KFE6C4
sAMAccountType : 805306368
ScriptPath :
sDRightsEffective : 15
ServicePrincipalNames : {}
SID : S-1-5-21-568884682-143551100-1954249272-195764
SIDHistory : {}
SmartcardLogonRequired : False
State :
StreetAddress :
Surname :
Title :
TrustedForDelegation : False
TrustedToAuthForDelegation : False
UseDESKeyOnly : False
userAccountControl : 66048
userCertificate : {}
UserPrincipalName : storm-poc@ldap.customer.com
uSNChanged : 9889735
uSNCreated : 9889732
whenChanged : 10/16/2015 12:54:07 PM
whenCreated : 10/16/2015 12:54:07 PM
... View more
Labels: