Member since
08-18-2016
14
Posts
0
Kudos Received
0
Solutions
06-09-2021
09:25 AM
I had a similar issue. You may want to check Ranger > Audit > Plugin Status to see if the policy is being applied. If it's not it may be that you have a jersey-client classpath conflict. More details here: https://jonmorisissqlblog.blogspot.com/2021/06/ranger-hive-policy-activation-time.html
... View more
07-02-2018
04:44 PM
Steps for dealing with SSL enabled Ranger? (I'm running HDP-2.6.4.0) Currently plagued with the following: Unable to get the Credential Provider from the Configuration The value of property hadoop.security.credential.provider.path must not be null SSLContext must not be null
... View more
04-26-2018
05:08 PM
From here: https://community.hortonworks.com/questions/2580/accessing-hdp-web-ui-from-windows-pc-causes-gsshea.html This worked for me: "...you need to pass your realm along with the username in username field like username@<REALM>"
... View more
07-26-2017
09:49 PM
All I had to do was configure ranger.truststore.file and ranger.https.attrib.keystore.file to point to a cacerts file (which had my AD cert previously imported). Did you import your AD cert into the cacerts file you referenced?
... View more
05-12-2017
04:54 PM
Are you aware of any guidance or best practices for managing the many keystores associated with the various HDP components?
...just make one keystore in /etc and configure all the references?
Maybe there's a consolidated list of all the configs that would have to be changed?
... View more
04-26-2017
08:52 PM
I just worked through this same issue and only found this conversations after the fact. I configured ranger.truststore.file and ranger.https.attrib.keystore.file to point to my $JAVA_HOME cacerts file (which had my AD cert previously imported), and I’m now able to log in to the Ranger-Admin UI with my AD credentials. I’m not sure what other ramifications this may have, but it solved my issue. It’s also raised another question, in that many HortonWorks components each have their own configurations for various keystores. (Ranger vs. Ranger-Admin as an apropos example). Are there any recommendations or best practices for consolidating all of these keystore locations into one place (like I did with the above solution)?
... View more
04-26-2017
08:45 PM
For anyone who
was following along, I believe I found the solution to this issue. I configured ranger.truststore.file
and ranger.https.attrib.keystore.file to point to my $JAVA_HOME cacerts file
(which had my AD cert previously imported), and I’m now able to log in to the Ranger-Admin
UI with my AD credentials. I’m not sure
what other ramifications this may have, but it solved my issue. It’s also
raised another question, in that many HortonWorks components each have their own
configurations for various keystores. Is
there any recommendations or best practices for consolidating all of these
keystore locations into one place (like I did with the above solution)?
... View more
04-26-2017
08:41 PM
Hi, I asked around on the Ranger mailing list, but was unable to find a solution to my problem.
(https://lists.apache.org/list.html?user@ranger.apache.org) I’m currently running HDP-2.5.3.0 / Ranger – 0.6.0 and have
Ranger Usersync setup and running with Active Directory.
(I've been informed that usersync and Ranger-Admin are two different setups / connections to AD, so this isn't particularly helpful). My problem is that AD users that come in from usersync are unable to login to the Ranger Admin UI. I get “Wrong Password” messages in
the Ranger Audit > Login Sessions when I try to login with my Active
Directory account. (I modified my account to be an “Admin” Role following
the initial import from usersync) So far I've been able to troubleshoot down to a possible issue with the Ranger-Admin keystore, so now I’m looking for the location for the correct keystore where I
would import my certificate from AD for Ranger-Admin. Is this the correct location:
ranger.credential.provider.path? It seems like the jceks file associated with that,
rangeradmin.jceks, has a blank password. Do you know where I would
configure that password? I've considered exporting the keys, configuring a new keystore with a password and re-importing, but my concern is: how would Ranger-Admin know the password? Hopefully I've explained my problem coherently. Please let me know if anyone needs more clarification. Thanks, Jon
... View more
Labels:
- Labels:
-
Apache Ranger
03-09-2017
08:00 PM
I've noticed the following This works: <param>
<name>main.ldapRealm.contextFactory.systemPassword</name>
<value>${ALIAS=ldcSystemPassword}</value>
</param>
This does not: <param name="main.ldapRealm.contextFactory.systemPassword" value=${ALIAS=ldcSystemPassword}/>
... View more
09-14-2016
04:45 PM
I put my experience with the same here: http://jonmorisissqlblog.blogspot.com/2016/09/hadoop-amabari-integration-with-active.html
... View more