@Geoffrey Shelton Okot Thank you. I have aligned my setup with the attached document but i still get the errors below from usersync.log and xa_portal.log. I'm thinking the change i made to the usersync user could be an issue but i made sure the rangerusersync user in ranger admin has the same password as the one i configured using the updatepasswordpolicy.py script. Not sure what else is the issue. Running a curl command on "GET http://domain.config.com:6080/service/xusers/groups/?pageSize=1000&startIndex=0" and it worked. Also tested my AD Bind user elsewhere and it works fine. 31 Aug 2017 07:22:17 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 3600000 milliseconds. Error details: com.sun.jersey.api.client.UniformInterfaceException: GET http://domain.config.com:6080/service/xusers/groups/?pageSize=1000&startIndex=0 returned a response status of 401 Unauthorized at com.sun.jersey.api.client.WebResource.handle(WebResource.java:686) at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:507) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildGroupList(PolicyMgrUserGroupBuilder.java:358) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.buildUserGroupInfo(PolicyMgrUserGroupBuilder.java:156) at org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.init(PolicyMgrUserGroupBuilder.java:152) at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:51) at java.lang.Thread.run(Thread.java:745) ========================================================================================== 2017-08-31 09:18:15,219 [http-bio-6080-exec-5] DEBUG org.apache.ranger.security.handler.RangerAuthenticationProvider (RangerAuthenticationProvider.java:412) - AD Authentication Failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:185) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61) at org.apache.ranger.security.handler.RangerAuthenticationProvider.getADBindAuthentication(RangerAuthenticationProvider.java:405) .... Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580^@] at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.raiseExceptionForErrorCode(ActiveDirectoryLdapAuthenticationProvider.java:220) ... 37 more Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580^@] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:345) at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:179) ... 35 more ... View more

@Jay SenSharma Restarting ambari-server did it for me. Thanks ... View more

@Jay SenSharma The file has the correct permissions (see below). I am running ambari-agent as "root" user. -rwxr-xr-x 1 root root 2002 Aug 1 10:44 /var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/run_ca.sh ... View more

The issue was a cyclic link where HDF 2.1.3 linked /etc/nifi/conf to /usr/hdf/current/nifi/conf while HDF 2.1.2 was linking the other way round. Deleting the previous link resolved the issue. HDF 2.1.2 installed and controllers are fine. Thanks for your guidance @Matt Clarke ... View more

Thanks @Matt Clarke I need the cluster up and running immediately. I opted for the 2.1.2 version of HDF. However, i ran into some issues while it was installing NiFi. Can you guide me on the way forward? Traceback (most recent call last): File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/nifi.py", line 360, in <module> Master().execute() File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/script.py", line 280, in execute method(env) File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/nifi.py", line 67, in install self.configure(env, True) File "/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/scripts/nifi.py", line 82, in configure recursive_ownership=True File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 114, in __new__ cls(names_list.pop(0), env, provider, **kwargs) File "/usr/lib/python2.6/site-packages/resource_management/core/base.py", line 155, in __init__ self.env.run() File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 160, in run self.run_action(resource, action) File "/usr/lib/python2.6/site-packages/resource_management/core/environment.py", line 124, in run_action provider_action() File "/usr/lib/python2.6/site-packages/resource_management/core/providers/system.py", line 177, in action_create raise Fail("Applying %s failed, looped symbolic links found while resolving %s" % (self.resource, path)) resource_management.core.exceptions.Fail: Applying Directory['/usr/hdf/current/nifi/conf'] failed, looped symbolic links found while resolving /usr/hdf/current/nifi/conf ... View more

thanks @Matt Clarke. Will downgrade asap. ... View more

Thanks @Jay SenSharma and @Willem Conradie I did put in some dummy properties for the configs but only managed to get past all the errors by removing Atlas service. ... View more