Member since
05-23-2018
7
Posts
0
Kudos Received
0
Solutions
06-25-2018
09:12 AM
Yes @Sindhu I have set that too. hadoop.proxyuser.knox.hosts=* and hadoop.proxyuser.knox.groups=* Didnt work. Same exception. Also One more thing to mention here. I have 2 principal knox@EXAMPLE.COM and snehal@EXAMPLE.COM with knox.keytab and snehal.keytab resp. Tried kinit both alternatively. Could not get this issue resolved. I am able to connect with knox user but not with snehal user. Is there any specific way to add user other than knox to access Knox gateway URLs.?
... View more
06-25-2018
06:40 AM
Hi, We are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site. same way added property for webhcat also. Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal I am getting {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck. Thanks, Snehal
... View more
Labels:
- Labels:
-
Apache Knox
06-22-2018
07:02 AM
Hi @Felix Albani, The above issue is solved. Now we are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site. same way added property for webhcat also. Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal I am getting {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}}
Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck. Thanks, Snehal
... View more
06-14-2018
12:38 PM
Thank you @Felix Albani for help. Sorry for delayed response. It saved my time and worked when I imported public certs of respective machines.
... View more
06-11-2018
01:24 PM
Hi, I have added Knox service to the cluster and enabled the ssl .Now I want to enable mutual auth. I have followed the steps from https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.4/bk_security/content/setting_up_2-way_ssl_authentication.html. Where I have created gateway.jks (using cd $gateway bin/knoxcli.cmd create-cert --hostname $gateway-hostname command) and given truststore file path of the same in gateway-site.xml. Now I want to know where to provide keystore file path for client side authentication when I put "gateway.client.auth.needed = true" in gateway-site.xml file.
... View more
Labels:
- Labels:
-
Apache Knox
05-23-2018
10:51 AM
Hi , I am also facing 403 Forbidden issue while reading a file from WEBHDFS (OPEN operation), where i have enabled KNOX and kerberos. But on the sam efile LISTSTATUS opertaion is working fine. Here is the error: https://host:8443/gateway/default/webhdfs/v1/user/admin/hive/querystatus/stdout?op=OPEN <html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 403 Forbidden</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /gateway/default/webhdfs/data/v1/webhdfs/v1/user/knox/test/customers.csv. Reason:
<pre> Forbidden</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html> Please help me with this. Thanks.
... View more