As we have been bitten by the AD issues mentioned by @Pranay Vyas. I thought I'd expand upon the issue. We wanted two clusters as similar as possible for DR purposes and was looking at using different AD OU's but the same cluster name. Please note as in HDP 2.5.5 Ambari 2.4.2, keytabs will be generated following the "name-cluster-name" pattern (i.e. ambari-qa-sandpit). You can create the two sets of AD principals but it fails (usually
around Zookeeper) with the issue "client not found in kerberos database"
even though you can see the entities in AD or via an ldapsearch. This means by default you can't have two clusters with the same name connected to the same AD. We didn't investigate changing the kerberos naming pattern but this could possibly fix the issue.
... View more
