Hello, We have a kerberized HDP 2.6.5 and are looking into setting up a windows based native HDP edge node to the mix on premise (no azure). Is that doable? Is Virtualization or containerization mandatory to achive this? We've been looking options but not finding clear guide how to achive that? We are not planing to migrate yet to HDP 3.x, given the cloudera/hortonworks roadmap is not all that clear yet. looking forward your insights best regards ... View more

Hello all, we've been able to configure one way trust to AD with our HDP 2.6.5. after removing local user from the local MIT KDC, we can do the following from EDGE node : hdfs dfs -ls /tmp Now, we have 2 issues which probably boil down to the same. We cannot access to webhdfs from a firefox enabled browser (which use to be working prior to 1 way trust setup using the local KDC user). we've seen https://community.hortonworks.com/questions/73846/spnego-issue-after-setting-up-mit-kdc-one-way-trus.html but the solution given is multidirectional. we have set in the /etc/krb5.conf the declaration of both AD and local MIT servers, but we have [domain_realm] AD_domain = LOCAL_MIT_KDC we do not have the .AD_domain = LOCAL_MIT_KDC Could someone share light on this latter '.' prefixed domain conf use and necessity? Also, in hostnames are resolved correctly not from the /etc/host, but using dns (domainname=(None) while dnsdomainname=correct domain. Also, the /etc/hostname contains the fully qualified hostname. nsswitch.conf resolves host first by file then dns So, in previous linked solution, the suggestion to add fully qualified host in /etc/host seems not necessary, unless some good reason is given. do web have to follow both setup described here in order to get access to the webhdfs for browsing content? we cannot acces the SOLR console UI from ambari is there something special to perform on SOLR Cloud to enable access to SOLR console UI after kerberization and/one way trust AD? for the record, the kerberization of the access to ambari is not done on our side. Could that be the reason for one or both of these behaviour? looking forward thread of light from other experts ... View more

Hi, We have kerberized HDP 2.6.0.3 with SOLR 5.2.2.5. We tried to following article to setup ranger-solr-plugin to audit and control SOLR usage. https://community.hortonworks.com/articles/15159/securing-solr-collections-with-ranger-kerberos.html#comment-46380 Once we enable the ranger-solr-plugin (ranger-solr-plugin-0.7.0.2.6.0.3-8.el6.noarch), we are not able to connect to the the SOLR Consoles getting an error 500. We created ranger policy. We had to follow a work arround for that the solr-config authoriser setup in zookeeper was getting overwritten upon restart of the solr cloud nodes. Following https://community.hortonworks.com/questions/66544/hdp-25-solr-service-restart-via-ambari-overwrite-s.html Unfortunately, we are not able to setup DEBUG log level to get further details where things are going wrong. Has anyone attempted similar setup successfully ? looking forward any hints / pointers ... View more