Member since
07-24-2017
42
Posts
0
Kudos Received
2
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
14161 | 12-21-2018 02:30 PM | |
4990 | 11-23-2018 09:06 AM |
12-21-2018
02:30 PM
All, Thanks for your response. I found the root cause of the issue. Ambari was using its master's key in KDC admin credentials that is why it was giving "Missing KDC administrator credentials. Please enter admin principal and password". So I have removed that crendential file (PFA for this) and issue has been solved. For others, you may need to keep ambari master key and KDC admin creds same, because that file is required at the time of ambari-server restart (if you have configured jceks). PFA, kerberos-admin-creds-issue-solved.png
... View more
12-21-2018
07:09 AM
All, Thanks for your response. I found the root cause of this issue in my case, Ambari was using Ambari master key for KDC admin credentials which was present at /var/lib/ambari-server/keys/credentials.jceks. I have taken backup of it and was able to work on 'Enable kerberos through Ambari UI'. But that previous file is required at the time of ambari-server restart. So need to keep ambari-master key same as KDC admin key (password). PFA, kerberos-admin-creds-issue-solved.png
... View more
12-20-2018
04:39 AM
@Geoffrey Shelton Okot PFA for services restart, services-restart.png
... View more
12-18-2018
04:10 AM
Ok. You can check files which I have already attached in above comments. Absolute path of files are /etc/hosts, /etc/krb5.conf, /etc/krbkdc/kadm5.acl, /etc/krb5kdc/kdc.conf PFA, krb5conf.png kdcconf.png kadm5conf.png hosts.png
... View more
12-13-2018
11:13 AM
@Geoffrey Shelton Okot Apart from the above can you share a tokenized version of your the below files- Sorry I did not get what you have asked. klist -V Kerberos 5 version 1.13.2 And KDC server's hostname -f output is --> ubuntu19.example.com Check attached files of KDC server, krb5conf.pngkdcconf.pngkadm5conf.pnghosts.png
... View more
12-13-2018
04:09 AM
@Robert Levas It is showing output as expected PFA, keytool-output.png
... View more
12-12-2018
01:14 PM
@Robert Levas I have checked ambari-server.log file at that time and made password store persistent by executing below command and from Ambari UI, I was able to check on save password box, curl -H "X-Requested-By:ambari" -u admin:admin -X PUT -d '{ "Credential" : { "principal" : "kadmin/admin@EXAMPLE.COM", "key" : "123456", "type" : "persisted" } }' http://ambari-server-host-ip:8080/api/v1/clusters/Ambari_PreDev/credentials/kdc.admin.credential But still Ambari UI is giving exception as missing credentials and not able to kerberize cluster. Also my last admin principal created is admin/admin@EXAMPLE.COM and changed password is password. PFA, ambari-server-logs.png
... View more
12-11-2018
01:00 PM
@Sampath Kumar I have already tried above steps and again tried the same as you said from reinstalltion of kerberos but facing the same issue.
... View more
12-11-2018
12:14 PM
I have setup kerberos and enabled in Ambari successfully on one environment but while trying the same on another environment I am facing issue while enabling kerberos. I have tried to store credentials using keytool, Rest API, checked kerberos descriptors but no luck. what else is left to check? PFA, missing-kdc-credentials.png
... View more
Labels:
- Labels:
-
Apache Ambari
11-23-2018
09:06 AM
While regenerating principals it was giving above error because it might be taking that principal name from Ambari database - Postgres
... View more