About frank93

frank93 · ‎06-02-2016

Hi, Ranger is not creating repositories for services (Knox, Kafka). I am using HDP 2.3 I am using default settings. I only installed second Ranger Admin. What can be the issue? Nothing in logs @EDIT If I add them manually, it is not working. Not even logs in audit->plugins that I added new policy.

frank93 · ‎05-25-2016

@Smart Solutions You can delete users and groups by doing this: log into the ranger database, and delete the following rows in order. delete from x_group_users where added_by_id in (1,2) delete from x_user where added_by_id in (1,2) delete from x_group where added_by_id in (1,2) Then you can sync your users/groups again with your restrictions.

frank93 · ‎05-11-2016

I found the solution. If anyone else is facing the same problem, review this link and use @bsaini topology. Thanks!

frank93 · ‎05-11-2016

Thank you very much @Alex Miller for your quick response. According to doc that you linked and log I found out that I had misconfigured userDnTemplate. I have another problem. In my AD/LDAP I am using sAMAccountName to identify user, so I need to type at the begging of userDnTemplate something like: sAMAccountName={0},ou=... so on, but it does not recognize users. I cant use cn={0} because as a cn I use two separate words - so I will not work. I dont use uid, and I am not AD admin to add or edit anything.

frank93 · ‎05-11-2016

Hi, I have a problem with configuring LDAP/AD with Knox. The DEMO LDAP works great for both: sandbox and my own cluster. I am configuring LDAP connection using this document: Setting Up LDAP Authentication. I configured main.ldapRealm.userDnTemplate and main.ldapRealm.contextFactory.url. I tried both classes in main.ldapRealm (KnoxLdapRealm and Jndi...) I am using Ambari to make changes. The versions I use is: sandbox - 2.4.0 and my cluster 2.3.2. When I configure my LDAP - Knox keeps saying that I am unauthorized (401). The credentials are correct because I can use them to log in beeline which is also configured with LDAP + AD. Do I need to change Advanced users-ldif section in Ambari as well? Thank you in advance.

frank93 · ‎04-11-2016

Ambari overwrites the configs in xml files. You need to use Ambari to add those properties (and make any changes in the configuration in the future)

frank93 · ‎04-04-2016

guys, do you have any ideas why I don't have option Oozie-server after clicking +Add button? I tried on every host in my cluster. I am using HDP 2.3 with Ambari 2.1.1

frank93 · ‎04-04-2016

Hi, My question is what are advantages of using High Availability in Ranger Admin? The only advantage is that I can log in to Ranger Admin GUI from 2 hosts, are there any others?

frank93 · ‎03-23-2016

Is there a possibility to access beeline via LDAP+AD without providing the password? Any password-less connection is supported? I do not want to type my password everytime I want to get access to Beeline when I use "su" or opening more than one connection on the same host. Thank you in advance

frank93 · ‎03-11-2016

Hi, I have exactly the same problem. I have done everything like Adi wrote and still got LDAP 49/52e. I can log in to ldapadmin using the same credentials as beeline rejects the authenticate.

Online	Offline
Last Visited	‎02-02-2018 11:23 AM

Member Since	‎03-04-2016 02:22 PM
Last Visited	‎02-02-2018 11:23 AM
Posts	165
Kudos received	35

Cloudera Community

Re: Ranger policies not working for some groups

Re: HUE HBase Kerberos Authentication failed

Re: Getting OutOfMemoryError: GC overhead limit ex...

Re: HDP 2.3 to 2.5 Rolling Upgrade MySQL Requireme...

Re: Apache Ranger external user

Ranger is not creating service repositories

Re: How to restrict the groups seen in Ranger?

Re: Setting up LDAP/AD in Knox

Re: Setting up LDAP/AD in Knox

Setting up LDAP/AD in Knox

Re: hue is not allowed to impersonate (403)

Re: How to setup High Availability for Oozie?

Advantages of Ranger Admin HA

Access Beeline via LDAP without providing password

Re: LDAP: error code 49 when setting LDAP auth for...