I'm trying to enable kerberos on my Cloudera 5.8 cluster and ran into the following "insufficient access" going through the wizard.   Generate Missing Credentials Command Status: Failed Start Time: Jan 23, 3:26:43 PM Duration: 5.07s /usr/share/cmf/bin/gen_credentials_ad.sh failed with exit code 50 and output of << + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/sbin:/usr/sbin:/bin:/usr/bin + KEYTAB_OUT=/var/run/cloudera-scm-server/cmf5990940897847273712.keytab + PRINC=yarn/engrlab-130-080.engrlab.marklogic.com@MLTEST1.LOCAL + USER=xPAaqNlHqq + PASSWD=REDACTED + DELETE_ON_REGENERATE=false + SET_ENCRYPTION_TYPES=false + ENC_TYPES_MASK=4 + USERACCOUNTCONTROL=66048 + ACCOUNTEXPIRES=0 + OBJECTCLASSES='objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user ' + DIST_NAME=CN=xPAaqNlHqq,CN=hadoop,OU=Groups,DC=MLTEST1,DC=LOCAL + '[' -z /var/run/cloudera-scm-server/krb51250421695602393571.conf ']' + echo 'Using custom config path '\''/var/run/cloudera-scm-server/krb51250421695602393571.conf'\'', contents below:' + cat /var/run/cloudera-scm-server/krb51250421695602393571.conf + SIMPLE_PWD_STR= + '[' '' = '' ']' + kinit -k -t /var/run/cloudera-scm-server/cmf8263942222058960810.keytab jsolis@MLTEST1.LOCAL ++ mktemp /tmp/cm_ldap.XXXXXXXX + LDAP_CONF=/tmp/cm_ldap.DCb5BvSw + echo 'TLS_REQCERT never' + echo 'sasl_secprops minssf=0,maxssf=0' + export LDAPCONF=/tmp/cm_ldap.DCb5BvSw + LDAPCONF=/tmp/cm_ldap.DCb5BvSw ++ ldapsearch -LLL -H ldaps://srv-202-1-vm1.colo.marklogic.com:636 -b CN=hadoop,OU=Groups,DC=MLTEST1,DC=LOCAL userPrincipalName=yarn/engrlab-130-080.engrlab.marklogic.com@MLTEST1.LOCAL SASL/GSSAPI authentication started SASL username: jsolis@MLTEST1.LOCAL SASL SSF: 0 + PRINC_SEARCH= + set +e + echo + grep -q userPrincipalName + '[' 1 -eq 0 ']' + set -e + '[' false = true ']' + ldapmodify -H ldaps://srv-202-1-vm1.colo.marklogic.com:636 ++ echo 'objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user ' ++ sed /str/d ++ echo yarn/engrlab-130-080.engrlab.marklogic.com@MLTEST1.LOCAL ++ sed -e 's/\@MLTEST1.LOCAL//g' ++ echo -n '"REDACTED"' ++ iconv -f UTF8 -t UTF16LE ++ base64 -w 0 SASL/GSSAPI authentication started SASL username: jsolis@MLTEST1.LOCAL SASL SSF: 0 ldap_add: Insufficient access (50) additional info: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 >>   If I go to Administration->Security->Status I get: Cluster 1 Successfully enabled Kerberos. Which is not really true because my cluster cannot start up.   If I go to Cluster->HDFS->Configuration I see errors like this:   Role is missing Kerberos keytab. Please run the Generate Missing Credentials command on the Kerberos Credentials tab of the Administration -> Security page. Show 4 Similar Messages Any ideas how to resolve this ? Thanks. ... View more

Encountering these messages below while running a mapreduce job. Any ideas what's casuing or how to fix ? Thanks.   Exception in createBlockOutputStream <java.io.IOException: Bad connect ack with firstBadLink as 172.18.9.141:50010>java.io.IOException: Bad connect ack with firstBadLink as 172.18.9.141:50010     at org.apache.hadoop.hdfs.DFSOutputStream$DataStreamer.createBlockOutputStream(DFSOutputStream.java:1116)     at org.apache.hadoop.hdfs.DFSOutputStream$DataStreamer.nextBlockOutputStream(DFSOutputStream.java:1039)     at org.apache.hadoop.hdfs.DFSOutputStream$DataStreamer.run(DFSOutputStream.java:487) ... View more