Greetings Gerdan, Use memberOf or group identity user of where? I need more detailed information. Thanks, ... View more

Got it. For some reason ambari created a kerberos service check keytab with a date in the name. I renamed this on all hosts and started from scratch with kerberization and it worked this time using same cluster name. Thanks, ... View more

Hi Robert, Thanks for the quick and detailed response. In our initial planning, we didn't know that the host names would change and didn't disable Kerberos before wiping the cluster. So what issues will this cause? Thanks, ... View more

We rebuilt a kerberized cluster with new hostnames. Should we give it a new cluster name or can we use the same cluster name that is already in active directory. What's the cleanest way to do this without problems in Active Directory? Cluster will be in same hadoop OU. ... View more

I purposedly dropped a table after performing a backup and was able to successfully restore the database in Hive. One thing I notice is the file was not recovered in HDFS /apps/hive/warehouse despite the location showing when I run describe formatted against this the table. Is this behavior expected? ... View more

Hi Geoffrey I need the information on how to get the backup subset from mysql information synched with hive warehouse data in HDFS. /apps/hive/warehouse ... View more

mysql is the metastore and backup method. ... View more

Hi Kuldeep. I actually did a restore from the backup and was able to preserve the cluster this way. I will keep the information you sent me in case I have a similar problem moving forward. Thanks, ... View more

Hi Olivier, Is this approach considered an in place upgrade of the OS? We need to upgrade to RHEL7 from RHEL6 and our system team doesn't use any configuration management tools to do an in place upgrade. It sounds like the systems/hosts in the cluster will be wiped to do the OS upgrade. Do you have any information on how to do this and preserve the Hadoop data disks? We also need to upgrade from HDP 2.5.3 to 2.6.0 and our cluster is kerberized. What's the best approach for us to take in upgrading the OS and HDP simultaneously? ... View more

I will try this on next week and let you know the results. Thanks, Debra, ... View more

These are the errors in thrift server logs: Caused by: org.apache.thrift.transport.TTransportException: Invalid status 80 at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232) at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:184) at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125) at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41) at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216) ... 5 more ... View more

Hi Edgar, I'm having the same problem you had previously but even after entering HTTP/_HOST@myrealm it's still not working in a kerberos environment. Below are my settings: hbase.thrift.support.proxyuser=true hbase.thrift.security.qop=auth hbase.thrift.keytab.file=/etc/security/keytabs/hbase.service.key hbase.thrift.kerberos.principal=HTTP/_HOST@myrealm hbase.regionserver.thrift.http=true ... View more

I forgot to state that I have the hue user set up to impersonate/proxy in the core-site file as well. ... View more

Hi - We have a kerberized cluster HDP 2.5.3 and I have followed your instructions to the T and while I have no problems with Hive, Job Browser, & File Browser in HUE, I continue to get this error when trying to access HBASE tables in HUE: Api Error: Could not start SASL: Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) ... View more

Hi Geoffrey, Is this the same for creating headless keytabs/principals? We are able to create keytabs with host attributes, the issue is using the same service name to create a headless account. Does the article you pointed to address this? Thanks, ... View more

Hi Umair, Our AD team created a headless keytab without HOST attribute and the keytab with same service account name with HOST attribute broke and the headless keytab doesn't work. What is the appropriate syntax for creating headless keytabs in AD? We created it as follows: C:\Users\adminname>ktpass /princ serviceaccountname@domain.com /pass securepassword /mapuser serviceaccountname /pType KRB5_NT_PRINCIPA L /out serviceaccountname_headless.keytab Targeting domain controller: hostname.domain.com Failed to set property 'servicePrincipalName' to 'serviceaccountname' on Dn 'CN=serviceaccountname,OU=Hadoop,OU=Secure,OU=Secure,OU=Secure,DC=domain,DC=com': 0x13. WARNING: Unable to set SPN mapping data. If serviceaccountname already has an SPN mapping installed for serviceaccountname, this is no cause for concern. Password successfully set! Key created. Output keytab to serviceaccountname_headless.keytab: Keytab version: 0x502 keysize 57 serviceaccountname@domain.com ptype 1 (KRB5_NT_PRINCIPAL) vno 5 etype 0x17 (RC4-HMAC) keylength 16 (A000000000000000000) This is the error received when kiniting the headless keytab: Keytab contains no suitable keys for serviceaccountname@domain.com while getting initial credentials. ... View more