Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
mvenkataraman
mvenkataraman
Cloudera Employee

Re: Switch from MIT Kerberos auth to AD Auth

by mvenkataraman Cloudera Employee in Support Questions
‎07-16-2020 05:44 PM
‎07-16-2020 05:44 PM
If you need to switch to AD based kerberos from MIT, then the following things need to happen: Get a OU designated for Cloudera Service principals to be created Then get a admin user account such as svc-cloudera@REALM that can create/delete/modify the service accounts in the OU designated for Cloudera, it needs to have full permission on that OU Now go to CM >>Administration >> Security >> Kerberos Credentials >> Configuration and edit the config to make the switch What needs to be changed/added : KDC TYPE Edit the Active Directory Suffix to specify the OU you created for the service accounts Enable this 'Active Directory Delete Accounts on Credential Regeneration' Enable this 'Active Directory Set Encryption Types' Make sure that the setting 'Active Directory Password Properties' satisfies your AD password restriction Kerberos Security Realm needs to be same as your domain but in UPPER CASE KDC Server Host needs to have the AD host. Don't use the load balanced domain controller Then save the changes. Go back to Kerberos Credentials page and click on 'Generate Missing Credentials Make sure that the principals now match the AD REALM and also have the AD team check if the principals appear in the OU allotted for this cluster     ... View more

Re: Installation failed. Failed to copy installati...

by mvenkataraman Cloudera Employee in Support Questions
‎07-16-2020 05:29 PM
‎07-16-2020 05:29 PM
When you add the node, there is a script called allkeys.sh will generate a key bundle, it contains the GPG key info and key bundle is called allkeys.asc DEFAULT_CLOUDERA_KEY_BUNDLE_NAME = " allkeys.asc " The key bundle will get the key for each of the flavor, so in your case it is archive.key which is located here :  https://archive.cloudera.com/cdh5/ubuntu/lucid/amd64/cdh/archive.key If it is RHEL, then it uses this:  https://archive.cloudera.com/cdh5/redhat/7/x86_64/cdh/RPM-GPG-KEY-cloudera Once all these keys are downloaded, it will be signed by the master key. Finally gpg command is used to export the keys to bundle called allkeys gpg --export -a > allkeys So I would check what is the repo that is being used    ... View more

Re: Cloudera Manager - Installation failed. Failed...

by mvenkataraman Cloudera Employee in Support Questions
‎07-16-2020 05:03 PM
1 Kudo
‎07-16-2020 05:03 PM
1 Kudo
@Petch I see that you are getting this error: [09/Jul/2020 23:45:02 +0000] 10401 MainThread agent ERROR Heartbeating to util.localdomain:7182 failed. ConnectionClosedException: Reader read 0 bytes.   Usually this error is reported if the CM is looking for the agent to communicate via TLS protocol but the config.ini has this setting 'use_tls' set to 0   Check and change it to use_tls=1 Then restart the agent using the following command : service cloudera-scm-agent restart ... View more
Contact Me
Online
Offline
Last Visited
‎08-06-2020 04:43 PM
Public Statistics
Date Registered ‎09-05-2019 11:24 AM
Last Visited ‎08-06-2020 04:43 PM
Total Messages Posted 19
Total Kudos Received 1