Oozie LB Connection Failed With GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) Error

It is quite common from lots of Hadoop clusters that after enabling Load Balancer for certain services that have Kerberos already, the connection to those services via Load Balancer will fail. However, the direct connection to them will always successful. The typical errors returned looks like below: GSSException: No valid …

How to setup multiple KDCs through Cloudera Manager

Currently Cloudera Manager does not support setting up multiple KDCs for the krb5.conf file natively, this article explains the workarounds we can have using the existing feature provided by Cloudera Manager. This article also assumes that you have krb5.conf file managed by Cloudera Manager. If you are using Cloudera Manager …

Unable to generate keytab from within Cloudera Manager

When generating credentials through Cloudera Manager, sometimes Cloudera Manager will return you the following error: /usr/share/cmf/bin/gen_credentials_ad.sh failed with exit code 53 and output of << + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/sbin:/usr/sbin:/bin:/usr/bin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/sbin:/usr/sbin:/bin:/usr/bin + KEYTAB_OUT=/var/run/cloudera-scm-server/cmf2781839247630884630.keytab + PRINC=sqoop2/<host>@REALM.COM + USER=kaupocSuFoZIOIDa + PASSWD=REDACTED + DIST_NAME=CN=kaupocSuFoZIOIDa,OU=Cloudera,OU=ServersUnix,OU=IT,OU=Basel,OU=AdminUnits,DC=emea,DC=XXXX,DC=com + '[' -z /etc/krb5-cdh.conf ']' + echo 'Using custom config …

Kerberos connections to HIveServer2 not working cross domain

The following is the scenario of the cross domain problem with Kerberized cluster: 1. Cluster is within realm “DEV.EXAMPLE.COM” 2. Client is outside cluster with realm “EXAMPLE.COM” 3. Connect to Impala from client machine works 4. Connect to HS2 from client machine does not work and get the following error: …