ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Howard <stevedhow...@gmail.com>
Subject Active Directory as a KDC for Hadoop
Date Wed, 27 May 2015 14:55:21 GMT
Hi All,

We are having an issue with the Ambari 2.0 release, and its wizard to
configure Active Directory as a KDC for securing the cluster.  We had no
errors during configuration, but none of the services start after it has
been completed.

Specifically, we get the infamous "Client not found in Kerberos database"
message.  This is actually a very simple one node cluster with Ambari and
HDP on Centos 6.  We point to a Windows Server 2008 AD DC.  When we print
the associated attributes in AD, it looks like the UPN is formatted as a
service principal name, which I don't think AD supports.

See below for a snippet of the attributes in AD...

[root@ambari2 ~]# /usr/jdk64/jdk1.7.0_67/bin/java TestAD | strings -a |
grep nn
>>>"CN=nn/ambari2.howard.local,CN=Users"
cn: nn/ambari2.howard.local
userPrincipalName: nn/ambari2.howard.local@HOWARD.LOCAL
servicePrincipalName: nn/ambari2.howard.local
distinguishedName: CN=nn/ambari2.howard.local,CN=Users,DC=howard,DC=local
name: nn/ambari2.howard.local
[root@ambari2 ~]#

Has anyone run in this?  Conversely, has anyone gotten AD to work as a KDC
for Hadoop?

Thanks,

Steve

Mime
View raw message