@naveensangam  @jepe_desu  In reference to Invalid KDC administrator credentials issue raised by @naveensangam    I wrote a walkthrough of the solution that resolved the issue for other users like @jepe_desu  who had encountered exactly the same problem.  @naveensangam  can you update the thread if my solution resolved your issue or if not can you share what errors you have. Once you accept an answer it can be referenced by other members for similar issues rather than starting a new thread.    Happy  hadooping   ... View more

I have faced similar issue. When I try to logon to KnoxSSO, it is authenticated correctly and redirected to SSO logon page. After few hours investigation, I have realised that I need to setup ldap configs for my Advanced topology in Knox too. Not just KnoxSSO. I made below changes and I am able to resolve the issue.   Under Advanced Topology <param> <name>main.ldapRealm.userDnTemplate</name> <value>uid={0},cn=users,cn=accounts,dc=us-west-1,dc=compute,dc=internal</value> </param> <param> <name>main.ldapRealm.contextFactory.url</name> <value>ldap://xxxxxxxxxxx.us-west-1.compute.internal:389</value> </param>   Under Advanced knoxsso-topology   <param> <name>main.ldapRealm.userDnTemplate</name> <value>uid={0},cn=users,cn=accounts,dc=us-west-1,dc=compute,dc=internal</value> </param> <param> <name>main.ldapRealm.contextFactory.url</name> <value>ldap://xxxxxxxxxxx.us-west-1.compute.internal:389</value> </param> <param> <name>knoxsso.redirect.whitelist.regex</name> <value>.*</value> </param> And I have ensured the Ambari LDAP setup has the same basedn      ... View more

@Bhushan Kandalkar Good it worked out but you shouldn't have omitted the information about the architecture ie Load balancer such info is critical in the analysis ....:-) Happy hadooping ... View more

@Felix Albani Please suggest. ... View more

@Bhushan Kandalkar For Common Name for Certificate use a comma separated list (no spaces before of after comma). For example: hmaster.test.org,hmaster2.test.org I haven't got the chance to test 1-way ssl between plugins and ranger admin yet. However, by looking at the following jira https://issues.apache.org/jira/browse/RANGER-1094 This shows as fixed in ranger 0.6.3 and hdp-2.5.6 comes with ranger 0.6 so perhaps is still not supported in your version. HTH *** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer. ... View more

I've had success in the past by first using all the ambari required details to run an ldapsearch query in terminal, do this from the host where you are configuring ambari, if there are any issues with the credentials or any of the configuration parameters, the ldapsearch query should highlight these (openldap utilities need to be installed to access ldapsearch) Here's some ldapsearch examples: ldapsearch ... View more

@Vipin Rathor I am logging in using bhushan-kandalkar user but in Zeppelin Notebook UI, I am still getting 'bhushan-kandalkar@test.com' user for every notebook permission. ... View more