Cloudera Community

Announcements
Celebrating as our community reaches 100,000 members! Thank you!
somesh
user rank
Explorer
My Accepted Solutions
Show All

Re: Can't Logout from Ambari with Knox SSO

by Explorer in Support Questions
‎08-05-2021 07:18 AM
‎08-05-2021 07:18 AM
Hi @gyadav , I have configured the knox-sso for ranger,hdfs,yarn ui but getting the username and password is incorrect error.I have checked knox-audit log and also ambari logs but not able to find root cause and hdp env is 3.0.1 Thanks in advance.     ... View more

Re: User is not allowed to impersonate rm/hostnam...

by Explorer in Support Questions
‎06-01-2021 05:24 AM
‎06-01-2021 05:24 AM
Hi @Scharan , I have added below proxy values but getting same error. [that user name start with $OP something as normal user doesn't start with Alpha-numeric values]  ... View more

Re: Configured Ranger with AD/LDAP but not able to...

by Explorer in Support Questions
‎05-04-2021 11:22 PM
‎05-04-2021 11:22 PM
Able to retrieved the groups and users from that group by changing the parameters as per below link.    https://community.cloudera.com/t5/Support-Questions/LDAP-AD-users-not-appearing-in-Ranger/m-p/285175#M211652 ... View more

Re: Configured Ranger with AD/LDAP but not able to...

by Explorer in Support Questions
‎05-04-2021 10:02 PM
‎05-04-2021 10:02 PM
@Scharan ,the users are not syncing by disabling "Enable Group Search First". Please find the below configuration.   ldapUrl: ldap://ad.xxx.xxx:389, ldapBindDn: CN=user1,OU=bda,DC=HWX,DC=COM, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=hadoop,dc=apache,dc=org, userSearchBase: [OU=bda,DC=HWX,DC=COM], userSearchScope: 2, userObjectClass: (|(objectClass=person)(objectClass=user)(objectClass=top)), userSearchFilter: (|(objectClass=person)(objectClass=user)), extendedUserSearchFilter: (&(objectclass=(|(objectClass=person)(objectClass=user)(objectClass=top)))(|(objectClass=person)(objectClass=user))), userNameAttribute: sAMAccountName, userSearchAttributes: [sAMAccountName, memberof, ismemberof], userGroupNameAttributeSet: [memberof, ismemberof], pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: false, groupSearchBase: [CN=hdpadmin,OU=bda,DC=HWX,DC=COM], groupSearchScope: 2, groupObjectClass: hdpadmin, groupSearchFilter: (|(objectClass=person)(objectClass=user)), extendedGroupSearchFilter: (&(objectclass=hdpadmin)(|(objectClass=person)(objectClass=user))(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: (&(objectclass=hdpadmin)(|(objectClass=person)(objectClass=user))), groupMemberAttributeName: member, groupNameAttribute: hdpadmin, groupSearchAttributes: [hdpadmin, member], groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, userSearchEnabled: true, ldapReferral: follow ... View more

Configured Ranger with AD/LDAP but not able to syn...

by Explorer in Support Questions
‎05-04-2021 09:58 AM
‎05-04-2021 09:58 AM
Hi, I have configured Ranger with AD for user and group sync but not able to see the users in the Ranger. Ldapsearch  is working fine and able to retrieve the users from group hdpadmin. Please find below snap for the user configuration. Common Config User Config Group Config     ... View more

Re: Configuring Ranger Usersync with AD/LDAP for a...

by Explorer in Community Articles
‎05-03-2021 10:01 AM
‎05-03-2021 10:01 AM
@VidyaSargur Thanks, will open a new thread.  ... View more

Re: Configuring Ranger Usersync with AD/LDAP for a...

by Explorer in Community Articles
‎05-03-2021 06:14 AM
‎05-03-2021 06:14 AM
Hi @spolavarapu , I have followed your steps but still not able to sync AD users & groups ,please find details below for config and could you please suggest any solution here.     USER CONFIG COMMON CONFIG GROUP CONFIG ... View more

Re: Ranger Ldap Integration

by Explorer in Community Articles
‎04-30-2021 01:28 AM
‎04-30-2021 01:28 AM
@vidanimegh ,i have changed referral to follow but still users not sync to Ranger also not able to find any error in the usersync.log. Please find below config parameters and request you to pleases suggest if anything needs to be correct.    ldapUrl: ldaps://ad.HWX.COM:636, ldapBindDn: CN=user1,OU=bda,DC=HWX,DC=COM, ldapBindPassword: ***** , ldapAuthenticationMechanism: simple, searchBase: dc=hadoop,dc=apache,dc=org, userSearchBase: [OU=bda,DC=HWX,DC=COM], userSearchScope: 2, userObjectClass: user, userSearchFilter: ((memberof=OU=bda,DC=HWX,DC=COM)(memberof=CN=hdpadmin,OU=bda,DC=HWX,DC=COM)), extendedUserSearchFilter: (&(objectclass=user)((memberof=OU=bda,DC=HWX,DC=COM)(memberof=CN=hdpadmin,OU=bda,DC=HWX,DC=COM))), userNameAttribute: sAMAccountName, userSearchAttributes: [sAMAccountName], userGroupNameAttributeSet: null, pagedResultsEnabled: true, pagedResultsSize: 500, groupSearchEnabled: true, groupSearchBase: [DC=HWX,DC=COM], groupSearchScope: 2, groupObjectClass: group, groupSearchFilter: *, extendedGroupSearchFilter: (&(objectclass=group)(*)(|(member={0})(member={1}))), extendedAllGroupsSearchFilter: (&(objectclass=group)(*)), groupMemberAttributeName: member, groupNameAttribute: cn, groupSearchAttributes: [member, cn], groupUserMapSyncEnabled: false, groupSearchFirstEnabled: false, userSearchEnabled: false, ldapReferral: follow  ... View more

Re: Ranger Ldap Integration

by Explorer in Community Articles
‎04-29-2021 07:32 AM
‎04-29-2021 07:32 AM
Hi @sshimpi,@lvazquez .... I have fallowed above steps to sync AD users with Ranger but the users/groups not able to sync.   Please find the below error that occurring in the usersync log file.    ERROR LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder.getUsers() failed with exception: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=XXX,DC=COM'   ... View more

User is not allowed to impersonate rm/hostname.EX...

by Explorer in Support Questions
‎04-23-2021 03:18 AM
‎04-23-2021 03:18 AM
Hi All, After the integration of AD with kerberos we are not able to start the RM due the "User impersonate" issue.   [Error: User: $UN3000-7G7U66I5CC6J@EXAMPLE.COM is not allowed to impersonate rm/hostname.EXAMPLE.COM@EXAMPLE.COM]   Loggers for RM: 2021-04-21 16:10:08,878 INFO service.AbstractService (AbstractService.java:noteFailure(267)) - Service ResourceManager failed in state STARTED org.apache.hadoop.service.ServiceStateException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: $UN3000-7G7U66I5CC6J@EXAMPLE.COM is not allowed to impersonate rm/hostname.EXAMPLE.COM@EXAMPLE.COM at org.apache.hadoop.service.ServiceStateException.convert(ServiceStateException.java:105) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:203) at org.apache.hadoop.service.CompositeService.serviceStart(CompositeService.java:121) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:194) at org.apache.hadoop.service.CompositeService.serviceStart(CompositeService.java:121) at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1324) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:194) at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1513) Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: $UN3000-7G7U66I5CC6J@EXAMPLE.COM is not allowed to impersonate rm/hostname.EXAMPLE.COM@EXAMPLE.COM at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1497) at org.apache.hadoop.ipc.Client.call(Client.java:1443) at org.apache.hadoop.ipc.Client.call(Client.java:1353) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:228) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:116) at com.sun.proxy.$Proxy13.getFileInfo(Unknown Source) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:900) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:422) at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeMethod(RetryInvocationHandler.java:165) at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invoke(RetryInvocationHandler.java:157) at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeOnce(RetryInvocationHandler.java:95) at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:359) at com.sun.proxy.$Proxy14.getFileInfo(Unknown Source) at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:1654) at org.apache.hadoop.hdfs.DistributedFileSystem$29.doCall(DistributedFileSystem.java:1583) at org.apache.hadoop.hdfs.DistributedFileSystem$29.doCall(DistributedFileSystem.java:1580) at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81) at org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:1595) at org.apache.hadoop.yarn.client.api.impl.FileSystemTimelineWriter.<init>(FileSystemTimelineWriter.java:119) at org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl.createTimelineWriter(TimelineClientImpl.java:152) at org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl.serviceStart(TimelineClientImpl.java:143) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:194) ... 6 more 2021-04-21 16:10:08,881 INFO handler.ContextHandler (ContextHandler.java:doStop(910)) - Stopped o.e.j.w.WebAppContext@5e1a986c{/,null,UNAVAILABLE}{/cluster} 2021-04-21 16:10:08,888 INFO server.AbstractConnector (AbstractConnector.java:doStop(318)) - Stopped ServerConnector@2de9ca6{HTTP/1.1,[http/1.1]}{0.0.0.0:8088} 2021-04-21 16:10:08,891 INFO handler.ContextHandler (ContextHandler.java:doStop(910)) - Stopped o.e.j.w.WebAppContext@1e545821{/ui2,file:///usr/hdp/3.0.1.0-187/hadoop-yarn/webapps/ui2/,UNAVAILABLE} 2021-04-21 16:10:08,891 INFO handler.ContextHandler (ContextHandler.java:doStop(910)) - Stopped o.e.j.s.ServletContextHandler@3d904e9c{/static,jar:file:/usr/hdp/3.0.1.0-187/hadoop-yarn/hadoop-yarn-common-3.1.1.3.0.1.0-187.jar!/webapps/static,UNAVAILABLE} 2021-04-21 16:10:08,891 INFO handler.ContextHandler (ContextHandler.java:doStop(910)) - Stopped o.e.j.s.ServletContextHandler@658255aa{/logs,file:///u01/var/log/hadoop-yarn/yarn/,UNAVAILABLE} 2021-04-21 16:10:08,893 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,894 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,894 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,894 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,894 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,894 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,894 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,895 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,895 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,895 INFO event.AsyncDispatcher (AsyncDispatcher.java:serviceStop(155)) - AsyncDispatcher is draining to stop, ignoring any new events. 2021-04-21 16:10:08,895 INFO storage.HBaseTimelineWriterImpl (HBaseTimelineWriterImpl.java:serviceStop(580)) - closing the entity table 2021-04-21 16:10:08,906 INFO storage.HBaseTimelineWriterImpl (HBaseTimelineWriterImpl.java:serviceStop(585)) - closing the app_flow table 2021-04-21 16:10:08,906 INFO storage.HBaseTimelineWriterImpl (HBaseTimelineWriterImpl.java:serviceStop(590)) - closing the application table 2021-04-21 16:10:08,906 INFO storage.HBaseTimelineWriterImpl (HBaseTimelineWriterImpl.java:serviceStop(594)) - closing the flow run table 2021-04-21 16:10:08,906 INFO storage.HBaseTimelineWriterImpl (HBaseTimelineWriterImpl.java:serviceStop(599)) - closing the flowActivityTable table 2021-04-21 16:10:08,906 INFO storage.HBaseTimelineWriterImpl (HBaseTimelineWriterImpl.java:serviceStop(607)) - closing the hbase Connection 2021-04-21 16:10:08,906 INFO zookeeper.ReadOnlyZKClient (ReadOnlyZKClient.java:clse(342)) - Close zookeeper connection 0x4bff2185 to hostname1.EXAMPLE.COM:2181,hostname2.EXAMPLE.COM:2181,hostname3.EXAMPLE.COM:2181 2021-04-21 16:10:08,907 INFO ipc.Server (Server.java:stop(3082)) - Stopping server on 8141 2021-04-21 16:10:08,909 INFO ipc.Server (Server.java:run(1185)) - Stopping IPC Server listener on 8141 2021-04-21 16:10:08,910 INFO resourcemanager.ResourceManager (ResourceManager.java:transitionToStandby(1302)) - Transitioning to standby state 2021-04-21 16:10:08,911 INFO resourcemanager.ResourceManager (ResourceManager.java:transitionToStandby(1309)) - Transitioned to standby state 2021-04-21 16:10:08,910 INFO ipc.Server (Server.java:run(1319)) - Stopping IPC Server Responder 2021-04-21 16:10:08,911 FATAL resourcemanager.ResourceManager (ResourceManager.java:main(1516)) - Error starting ResourceManager org.apache.hadoop.service.ServiceStateException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: $UN3000-7G7U66I5CC6J@EXAMPLE.COM is not allowed to impersonate rm/hostname.EXAMPLE.COM@EXAMPLE.COM at org.apache.hadoop.service.ServiceStateException.convert(ServiceStateException.java:105) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:203) at org.apache.hadoop.service.CompositeService.serviceStart(CompositeService.java:121) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:194) at org.apache.hadoop.service.CompositeService.serviceStart(CompositeService.java:121) at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:1324) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:194) at org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:1513) Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: $UN3000-7G7U66I5CC6J@EXAMPLE.COM is not allowed to impersonate rm/hostname.EXAMPLE.COM@EXAMPLE.COM at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1497) at org.apache.hadoop.ipc.Client.call(Client.java:1443) at org.apache.hadoop.ipc.Client.call(Client.java:1353) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:228) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:116) at com.sun.proxy.$Proxy13.getFileInfo(Unknown Source) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:900) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:422) at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeMethod(RetryInvocationHandler.java:165) at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invoke(RetryInvocationHandler.java:157) at org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeOnce(RetryInvocationHandler.java:95) at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:359) at com.sun.proxy.$Proxy14.getFileInfo(Unknown Source) at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:1654) at org.apache.hadoop.hdfs.DistributedFileSystem$29.doCall(DistributedFileSystem.java:1583) at org.apache.hadoop.hdfs.DistributedFileSystem$29.doCall(DistributedFileSystem.java:1580) at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81) at org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:1595) at org.apache.hadoop.yarn.client.api.impl.FileSystemTimelineWriter.<init>(FileSystemTimelineWriter.java:119) at org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl.createTimelineWriter(TimelineClientImpl.java:152) at org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl.serviceStart(TimelineClientImpl.java:143) at org.apache.hadoop.service.AbstractService.start(AbstractService.java:194) ... 6 more 2021-04-21 16:10:08,912 INFO zookeeper.ClientCnxn (ClientCnxn.java:run(524)) - EventThread shut down 2021-04-21 16:10:08,911 INFO zookeeper.ZooKeeper (ZooKeeper.java:close(684)) - Session: 0x278f31f01d00022 closed 2021-04-21 16:10:08,917 INFO resourcemanager.ResourceManager (LogAdapter.java:info(49)) - SHUTDOWN_MSG: /************************************************************ SHUTDOWN_MSG: Shutting down ResourceManager at hostname.EXAMPLE.COM/10.X.X.X ... View more
Contact Me
Online
Offline
Last Visited
‎08-09-2021 01:28 PM
Community Statistics
Member Since ‎10-28-2020 05:56 AM
Last Visited ‎08-09-2021 01:28 PM
Posts 11