Member since
10-10-2018
4
Posts
0
Kudos Received
0
Solutions
03-23-2020
02:14 AM
hello, This wokarround didn't work for me. Configured the LDAP setup so that the BaseDN matches only 1 entry. calling " ambari-server sync-ldap --existing" didn't remove all existing LDAP Users and groups rather it deleted 2 only. may be i missed something, but after running the setup do we need to restart ambari-server? What should be the expected behaviour when runing the "ambari-server sync-ldap --all" and the BaseDN pointing to a single AD entry? The doc states the following for option '--exisiting' : "Users will be removed from Ambari if they no longer exist in LDAP, and group membership in Ambari will be updated to match LDAP". Since AD users still exist that would have no effect to remove the users even if baseDN points to single entry. What we are looking for (HDP2.6.5) is to remove all LDAP synced users other than these specified in --users users.txt and --groups group.txt. It looks like there is no such tool and we have to resort to manually use ambari APIs somehow. One thing i'm not sure is how are the lowercased alias being handled, since during the first sync we had the default value 'true' to force lower case, and now changed it to 'false' looking forward your insights
... View more
07-15-2019
08:02 AM
Hello, We have a kerberized HDP 2.6.5 and are looking into setting up a windows based native HDP edge node to the mix on premise (no azure). Is that doable? Is Virtualization or containerization mandatory to achive this? We've been looking options but not finding clear guide how to achive that? We are not planing to migrate yet to HDP 3.x, given the cloudera/hortonworks roadmap is not all that clear yet. looking forward your insights best regards
... View more
Labels:
03-20-2019
05:45 PM
Hello all, we've been able to configure one way trust to AD with our HDP 2.6.5. after removing local user from the local MIT KDC, we can do the following from EDGE node : hdfs dfs -ls /tmp Now, we have 2 issues which probably boil down to the same. We cannot access to webhdfs from a firefox enabled browser (which use to be working prior to 1 way trust setup using the local KDC user). we've seen https://community.hortonworks.com/questions/73846/spnego-issue-after-setting-up-mit-kdc-one-way-trus.html but the solution given is multidirectional. we have set in the /etc/krb5.conf the declaration of both AD and local MIT servers, but we have [domain_realm] AD_domain = LOCAL_MIT_KDC we do not have the .AD_domain = LOCAL_MIT_KDC Could someone share light on this latter '.' prefixed domain conf use and necessity? Also, in hostnames are resolved correctly not from the /etc/host, but using dns (domainname=(None) while dnsdomainname=correct domain. Also, the /etc/hostname contains the fully qualified hostname. nsswitch.conf resolves host first by file then dns So, in previous linked solution, the suggestion to add fully qualified host in /etc/host seems not necessary, unless some good reason is given. do web have to follow both setup described here in order to get access to the webhdfs for browsing content? we cannot acces the SOLR console UI from ambari is there something special to perform on SOLR Cloud to enable access to SOLR console UI after kerberization and/one way trust AD? for the record, the kerberization of the access to ambari is not done on our side. Could that be the reason for one or both of these behaviour? looking forward thread of light from other experts
... View more
- Tags:
- Kerberos
10-11-2018
12:04 AM
Hi, We have kerberized HDP 2.6.0.3 with SOLR 5.2.2.5. We tried to following article to setup ranger-solr-plugin to audit and control SOLR usage. https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html#comment-46380 Once we enable the ranger-solr-plugin (ranger-solr-plugin-0.7.0.2.6.0.3-8.el6.noarch), we are not able to connect to the the SOLR Consoles getting an error 500. We created ranger policy. We had to follow a work arround for that the solr-config authoriser setup in zookeeper was getting overwritten upon restart of the solr cloud nodes. Following https://community.hortonworks.com/questions/66544/hdp-25-solr-service-restart-via-ambari-overwrite-s.html Unfortunately, we are not able to setup DEBUG log level to get further details where things are going wrong. Has anyone attempted similar setup successfully ? looking forward any hints / pointers
... View more
Labels: