@David Streever Hi David, I am trying to enable kerberos on a cluster running Ambari 2.6.0 with HDP 2.6.3 and IPA 4.5.2 I want to keep the cluster name in the Ambari USER names.... When I use the above procedure I run into problems when the USER principals are created and subsequently when the keytabs are generated. It looks like the Ambari wizard does not change the local user name (%5) to also have the lower case cluster name... so that when the USER principals are created they are created as local user name without the cluster name. Then when running gen_keytabs.sh I get the following: Failed to parse result: PrincipalName not found. Retrying with pre-4.0 keytab retrieval method... Failed to parse result: PrincipalName not found. Failed to get keytab! Failed to get keytab chown: cannot access
‘/etc/security/keytabs/smokeuser.headless.keytab’: No such file or directory chmod: cannot access
‘/etc/security/keytabs/smokeuser.headless.keytab’: No such file or directory Failed to parse result: PrincipalName not found. I can see why this happens but I am unsure as to what the USER name should be... in other words do I edit the kerberos.csv so that local username matches the new Kerberos principal? Do the host's local usernames that are local to each host in the cluster need to match the Kerberos USER Princ names? I have tried with and without cluster name and I still run into errors during the Start and Test phase having to do with credentials not working. I am hoping once I figure this all out I can create a new HOWTO for IPA-Manual Princ process. FYI I was unable to get the Ambari Automatic Kerberization to work using the FreeIPA experimental feature before moving on to attempting your manual process. Any insights or assistance is much appreciated.
... View more
I am trying to get this working with Ambari 2.6.0 and HDP 2.6.3 with IPA 4.5.2 in centos 7 I have posted some questions about what local users and USER princ names.... https://community.hortonworks.com/questions/176350/ambari-kerberization-not-working-kerberoscsv-local.html Has anyone gotten this to work with Ambari 2.6.0 I am getting errors and I think it is probably something simple.
... View more