I have fixed it. Need to translate principal names from the Active Directory realm into the KDC realm. Configure the hadoop.security.auth_to_local setting in the core-site.xml file <property> <name>hadoop.security.auth_to_local</name> <value> RULE:[1:$1@$0](^.*@AD_REALM\.COM$)s/^(.*)@AD_REALM\.COM$/USER_YOU_WANT_TO_USE/g RULE:[2:$1@$0](^.*@AD_REALM\.COM$)s/^(.*)@AD_REALM\.COM$/USER_YOU_WANT_TO_USE/g DEFAULT </value> </property> You can test these rulesets by using "hadoop kerbname" or "hadoop org.apache.hadoop.security.HadoopKerberosName" ... View more