A very late reply to this topic, just to document the similar error I had using a Kafka client from a different Kerberos realm. [2020-07-13 09:47:08,678] ERROR [Consumer clientId=consumer-1, groupId=console-consumer-57017] Connection to node -1 failed authentication due to: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]) occurred when evaluating SASL token received from the Kafka Broker. Kafka Client will go to AUTHENTICATION_FAILED state. (org.apache.kafka.clients.NetworkClient) Debugging showed: error code is 7 error Message is Server not found in Kerberos database crealm is REALM1.DOMAIN.COM cname is rzuidhof@REALM1.DOMAIN.COM sname is krbtgt/REALM2.DOMAIN.COM@REALM1.DOMAIN.COM Situation is a HDP cluster being access using a client on a host joined to a different (IPA) domain. No trust. This works without trust, I think trust is only needed to use accounts from a different domain but we used keytabs and interactive kinit from REALM1 in REALM2 to access services in REALM1. All that was needed to get this to work was one additional line in /etc/krb5.conf on the REALM2 servers under [domain_realm] realm1.domain.com = REALM1.DOMAIN.COM We already had under [libdefaults]: dns_lookup_realm = true dns_lookup_kdc = true We also arranged DNS forwarding, but no reverse lookups.
... View more
@pauljoshiva The error which you mposted seems to be occurring because of the incorrect content of "nifi-bootstrap-notification-services-env" teamplate. So can you please check the template in ambari UI and please check and verify the contents present inside this tem[late.] Ambari UI --> NiFi --> Configs (Tab) --> "Advanced nifi-bootstrap-notification-services-env" --> "Template for bootstrap-notification-services.xml" Also can you please share the output of the following commad from the Ambari Server host: # /var/lib/ambari-server/resources/scripts/configs.py --protocol=http --unsafe --user=admin --password=admin --port=8080 --action=get --host=localhost --cluster=KerLatest --config-type=nifi-bootstrap-notification-services-env --file=/tmp/nifi-bootstrap-notification-services-env.json
# cat /tmp/nifi-bootstrap-notification-services-env.json NOTE: Please replace the username & password for ambari admin / Hostname & Port and also the cluster name "KerLatest" according to your environment.
... View more
Thank you for this explanation. I restarted Infra Solr, afterwards Atlas would not start anymore. The url /solr/admin/authorization gave a 404 not found error but was solved by the first three configs on top of this page.
... View more