Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.
Jon_Morisi
Explorer

Re: I am having Hive access errors. I suspect Ran...

by Explorer in Support Questions
‎06-09-2021 09:25 AM
‎06-09-2021 09:25 AM
I had a similar issue. You may want to check Ranger > Audit > Plugin Status to see if the policy is being applied. If it's not it may be that you have a jersey-client classpath conflict. More details here: https://jonmorisissqlblog.blogspot.com/2021/06/ranger-hive-policy-activation-time.html ... View more

Re: Securing Solr Collections with Ranger + Kerber...

by Explorer in Community Articles
‎07-02-2018 04:44 PM
‎07-02-2018 04:44 PM
Steps for dealing with SSL enabled Ranger? (I'm running HDP-2.6.4.0) Currently plagued with the following: Unable to get the Credential Provider from the Configuration The value of property hadoop.security.credential.provider.path must not be null SSLContext must not be null ... View more

Re: Accessing HDP web UI from Windows PC causes "G...

by Explorer in Support Questions
‎04-26-2018 05:08 PM
‎04-26-2018 05:08 PM
From here: https://community.hortonworks.com/questions/2580/accessing-hdp-web-ui-from-windows-pc-causes-gsshea.html This worked for me: "...you need to pass your realm along with the username in username field like username@<REALM>" ... View more

Re: Not able to logon to Ranger UI with synchronis...

by Explorer in Support Questions
‎07-26-2017 09:49 PM
‎07-26-2017 09:49 PM
All I had to do was configure ranger.truststore.file and ranger.https.attrib.keystore.file to point to a cacerts file (which had my AD cert previously imported). Did you import your AD cert into the cacerts file you referenced? ... View more

Re: usersync and Ranger UI Login

by Explorer in Support Questions
‎05-12-2017 04:54 PM
‎05-12-2017 04:54 PM
Are you aware of any guidance or best practices for managing the many keystores associated with the various HDP components? ...just make one keystore in /etc and configure all the references? Maybe there's a consolidated list of all the configs that would have to be changed? ... View more

Re: Ranger AD users cannot log in to UI after HDP ...

by Explorer in Support Questions
‎04-26-2017 08:52 PM
‎04-26-2017 08:52 PM
I just worked through this same issue and only found this conversations after the fact. I configured ranger.truststore.file and ranger.https.attrib.keystore.file to point to my $JAVA_HOME cacerts file (which had my AD cert previously imported), and I’m now able to log in to the Ranger-Admin UI with my AD credentials. I’m not sure what other ramifications this may have, but it solved my issue. It’s also raised another question, in that many HortonWorks components each have their own configurations for various keystores. (Ranger vs. Ranger-Admin as an apropos example). Are there any recommendations or best practices for consolidating all of these keystore locations into one place (like I did with the above solution)? ... View more

Re: usersync and Ranger UI Login

by Explorer in Support Questions
‎04-26-2017 08:45 PM
‎04-26-2017 08:45 PM
For anyone who was following along, I believe I found the solution to this issue. I configured ranger.truststore.file and ranger.https.attrib.keystore.file to point to my $JAVA_HOME cacerts file (which had my AD cert previously imported), and I’m now able to log in to the Ranger-Admin UI with my AD credentials. I’m not sure what other ramifications this may have, but it solved my issue. It’s also raised another question, in that many HortonWorks components each have their own configurations for various keystores. Is there any recommendations or best practices for consolidating all of these keystore locations into one place (like I did with the above solution)? ... View more

usersync and Ranger UI Login

by Explorer in Support Questions
‎04-26-2017 08:41 PM
‎04-26-2017 08:41 PM
Hi, I asked around on the Ranger mailing list, but was unable to find a solution to my problem. (https://lists.apache.org/list.html?user@ranger.apache.org) I’m currently running HDP-2.5.3.0 / Ranger – 0.6.0 and have Ranger Usersync setup and running with Active Directory. (I've been informed that usersync and Ranger-Admin are two different setups / connections to AD, so this isn't particularly helpful). My problem is that AD users that come in from usersync are unable to login to the Ranger Admin UI. I get “Wrong Password” messages in the Ranger Audit > Login Sessions when I try to login with my Active Directory account. (I modified my account to be an “Admin” Role following the initial import from usersync) So far I've been able to troubleshoot down to a possible issue with the Ranger-Admin keystore, so now I’m looking for the location for the correct keystore where I would import my certificate from AD for Ranger-Admin. Is this the correct location: ranger.credential.provider.path? It seems like the jceks file associated with that, rangeradmin.jceks, has a blank password. Do you know where I would configure that password? I've considered exporting the keys, configuring a new keystore with a password and re-importing, but my concern is: how would Ranger-Admin know the password? Hopefully I've explained my problem coherently. Please let me know if anyone needs more clarification. Thanks, Jon ... View more
Labels:

Re: Knox topology with alias for password not work...

by Explorer in Support Questions
‎03-09-2017 08:00 PM
‎03-09-2017 08:00 PM
I've noticed the following This works: <param> <name>main.ldapRealm.contextFactory.systemPassword</name> <value>${ALIAS=ldcSystemPassword}</value> </param> This does not: <param name="main.ldapRealm.contextFactory.systemPassword" value=${ALIAS=ldcSystemPassword}/> ... View more

Re: How to correctly fill out the Ambari Kerberos ...

by Explorer in Community Articles
‎09-14-2016 04:45 PM
‎09-14-2016 04:45 PM
I put my experience with the same here: http://jonmorisissqlblog.blogspot.com/2016/09/hadoop-amabari-integration-with-active.html ... View more
Contact Me
Online
Offline
Last Visited
‎06-07-2022 02:24 PM
Public Statistics
Date Registered ‎08-18-2016 10:36 PM
Last Visited ‎06-07-2022 02:24 PM
Total Messages Posted 14