atuan5237
New Contributor

HDFS command with different domain account

by New Contributor in Support Questions
‎11-08-2017 12:34 PM
‎11-08-2017 12:34 PM
Hi Guys, https://community.hortonworks.com/questions/52615/how-to-view-hdfs-files-when-kerberos-is-installed.html I have a question just like this one, but something differents. If my Kerberos and LDAP are used windows AD server, how can I access HDFS by using user's account and their keytab? I try to find some data like this. https://developer.ibm.com/hadoop/2016/08/08/ambari-pig-view-kerberos-enabled-clusters/ Maybe I should create user's keytab on Linux or on AD server. When I using command line with the keytab. Is it right? or wrong? And I also found this https://community.hortonworks.com/questions/144787/how-to-test-kerberos-authentication.html I try to verify this one, but something wrong # kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-ambari@EXAMPLE.COM Err: kinit: Keytab contains no suitable keys for hdfs-ambari@EXAMPLE.COM while getting initial credentials This verify didn't use my create keytab, it just using ambari system create keytab. Why it's fail? If I want to test HDFS with different domain users, how can I do? (with command) Thank you for help . ... View more
Labels:

Re: HDFS with kerberos authorization access test

by New Contributor in Support Questions
‎10-25-2017 11:26 AM
‎10-25-2017 11:26 AM
Dear Jay, Oh!! Thank you very much. I think I should enter the limited user, so I just entered "auth=KERBEROS;proxyuser=ambari1" or "auth=KERBEROS;proxyuser=ambari1@example.com" into the field. It shows the error message: Invalid value: "ambari1@example.com" does not belong to the domain ^[A-Za-z_][A-Za-z0-9._-]*[$]?$ Then I wahched your answer again, and check config file "/etc/ambari-server/conf/krb5JAASLogin.conf" . After I changed the right principal name "auth=KERBEROS;proxyuser=ambari-server-c1" . It's work now !!!! Thank you very much !!! 🙂 ... View more

HDFS with kerberos authorization access test

by New Contributor in Support Questions
‎10-24-2017 11:15 AM
‎10-24-2017 11:15 AM
Hi Guys, Question: If I want to test the LDAP users with kerberos authorization to access the HDFS, how could I do this? Version: My Ambar server Version is 2.5.0.3、HDP 2.6.0.3-8 Descriptions: I already set up the Ambari server and enable Kerberos and LDAP. Now I want to test authorization on the HDFS view. I create Instance from "Manage Ambari" => "Views" => "FILES" => Create Instance and set some permissions . I set up the setting "WebHDFS authorization" = auth=KERBEROS;* and set an LDAP user ID. But when I change the User ID to log in Ambari server, it can't be used Service checks completed. Error message: Failed to transition to undefined Usernames not matched: name=root != expected=ambari-server-c1 PS. Before testing, I used kinit created the user's keytab and put it on /etc/security/keytabs/ file, and Verify the keytab it didn't show any error message. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎04-19-2018 01:03 AM
Public Statistics
Date Registered ‎10-24-2017 10:27 AM
Last Visited ‎04-19-2018 01:03 AM
Total Messages Posted 3