I am trying to configure Knox 0.12 on HDP 2.6.1 for Active Directory authentication, based on Hortonworks documentation and community forum reference https://community.hortonworks.com/articles/114601/how-to-configure-and-troubleshoot-a-knox-topology.html Issue#1 On advance admin topology, configured necessary parameters based on above document and when i execute curl statement, getting "HTTP/1.1 403 Forbidden" error. When i checked the gateway.log, Computed userDn and Computed roles/groups are proper and matches with my LDAP setup. But then it is errors out and couldn't find where it fails. Issue#2 On KnoxSSO topology, i am using userDnTemplate where sAMAccountName is referred (sAMAccountName={0},ou=Accounts,...) This fails with error 2018-05-25 10:09:30,022 INFO hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(203)) - Could not login: org.apache.shiro.authc.UsernamePasswordToken - <sAMAccountName> 2018-05-25 10:09:30,023 ERROR hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(205)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580] Appreciate the community help for the steps to fix the issue ... View more