Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
sshelgao
sshelgao
Explorer

Re: {"exception":"SecurityException","javaClassNam...

by Explorer sshelgao in Support Questions
‎06-25-2018 09:12 AM
‎06-25-2018 09:12 AM
Yes @Sindhu I have set that too. hadoop.proxyuser.knox.hosts=* and hadoop.proxyuser.knox.groups=* Didnt work. Same exception. Also One more thing to mention here. I have 2 principal knox@EXAMPLE.COM and snehal@EXAMPLE.COM with knox.keytab and snehal.keytab resp. Tried kinit both alternatively. Could not get this issue resolved. I am able to connect with knox user but not with snehal user. Is there any specific way to add user other than knox to access Knox gateway URLs.? ... View more

{"exception":"SecurityException","javaClassName":"...

by Explorer sshelgao in Support Questions
‎06-25-2018 06:42 AM
‎06-25-2018 06:42 AM
Hi , We are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site. same way added property for webhcat also. Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal I am getting {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck. Thanks, Snehal ... View more
Labels:

{"exception":"SecurityException","javaClassName":"...

by Explorer sshelgao in Support Questions
‎06-25-2018 06:40 AM
‎06-25-2018 06:40 AM
Hi, We are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site. same way added property for webhcat also. Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal I am getting {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck. Thanks, Snehal ... View more
Labels:

Re: Where to add keystore file for mutual authenti...

by Explorer sshelgao in Support Questions
‎06-22-2018 07:02 AM
‎06-22-2018 07:02 AM
Hi @Felix Albani, The above issue is solved. Now we are facing strange thing, we have created a new user say snehal, created snehal@EXAMPLE.COM principal and snehal.keytab with this principal. And added "hadoop.proxyuser.snehal.groups=* , ,hadoop.proxyuser.snehal.hosts=* " properties in HDFS->config->custome-core site. same way added property for webhcat also. Now i am hitting > GET https://host:8443/gateway/default/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name=snehal I am getting {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Non activated Name node :https://host:8443/gateway/default, Error Message: 403#@_#{"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=snehal != expected=knox"}} Tried many ways like, adding the user snehal in supergroup, also did "kdestroy -> kinit with snehal keytab and principal" many times with different users also, Restarted ambari-server. But no luck. Thanks, Snehal ... View more

Re: Where to add keystore file for mutual authenti...

by Explorer sshelgao in Support Questions
‎06-14-2018 12:38 PM
‎06-14-2018 12:38 PM
Thank you @Felix Albani for help. Sorry for delayed response. It saved my time and worked when I imported public certs of respective machines. ... View more

Where to add keystore file for mutual authenticati...

by Explorer sshelgao in Support Questions
‎06-11-2018 01:24 PM
‎06-11-2018 01:24 PM
Hi, I have added Knox service to the cluster and enabled the ssl .Now I want to enable mutual auth. I have followed the steps from https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.4/bk_security/content/setting_up_2-way_ssl_authentication.html. Where I have created gateway.jks (using cd $gateway bin/knoxcli.cmd create-cert --hostname $gateway-hostname command) and given truststore file path of the same in gateway-site.xml. Now I want to know where to provide keystore file path for client side authentication when I put "gateway.client.auth.needed = true" in gateway-site.xml file. ... View more
Labels:

Re: KNOX - GATEWAY - FILE READ OPERATION

by Explorer sshelgao in Support Questions
‎05-23-2018 10:51 AM
‎05-23-2018 10:51 AM
Hi , I am also facing 403 Forbidden issue while reading a file from WEBHDFS (OPEN operation), where i have enabled KNOX and kerberos. But on the sam efile LISTSTATUS opertaion is working fine. Here is the error: https://host:8443/gateway/default/webhdfs/v1/user/admin/hive/querystatus/stdout?op=OPEN <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 403 Forbidden</title> </head> <body><h2>HTTP ERROR 403</h2> <p>Problem accessing /gateway/default/webhdfs/data/v1/webhdfs/v1/user/knox/test/customers.csv. Reason: <pre> Forbidden</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html> Please help me with this. Thanks. ... View more
Contact Me
Online
Offline
Last Visited
‎08-28-2018 06:28 AM
Public Statistics
Date Registered ‎05-23-2018 10:26 AM
Last Visited ‎08-28-2018 06:28 AM
Total Messages Posted 7