hadoop.hdfs_clusters.default.webhdfs_url | Current value: http://mh0edge01:14000/webhdfs/v1/ Failed to access filesystem root |
Cannot access: /user/daleb. Note: you are a Hue admin but not a HDFS superuser, "hdfs" or part of HDFS supergroup, "hdfs".
Unable to authenticate <Response [401]>
--
You received this message because you are subscribed to the Google Groups "Hue-Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hue-user+u...@cloudera.org.
[29/Jun/2016 08:37:21 -0700] views ERROR Could not create home directory. Traceback (most recent call last): File "/opt/hue/desktop/core/src/desktop/auth/views.py", line 130, in dt_login ensure_home_directory(request.fs, user.username) File "/opt/hue/apps/useradmin/src/useradmin/views.py", line 662, in ensure_home_directory fs.do_as_user(username, fs.create_home_dir, home_dir) File "/opt/hue/desktop/core/src/desktop/lib/fs/proxyfs.py", line 86, in do_as_user return fn(*args, **kwargs) File "/opt/hue/desktop/core/src/desktop/lib/fs/proxyfs.py", line 149, in create_home_dir self._get_fs(home_path).create_home_dir(home_path) File "/opt/hue/desktop/libs/hadoop/src/hadoop/fs/hadoopfs.py", line 243, in create_home_dir if not self.exists(home_path): File "/opt/hue/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 242, in exists return self._stats(path) is not None File "/opt/hue/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 230, in _stats raise ex WebHdfsException: Unable to authenticate <Response [401]>
[29/Jun/2016 08:37:23 -0700] webhdfs ERROR Failed to determine superuser of WebHdfs at http://edge01.hadoop.local:14000/webhdfs/v1/: Unable to authenticate <Response [401]> Traceback (most recent call last): File "/opt/hue/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 149, in superuser sb = self.stats('/') File "/opt/hue/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 236, in stats res = self._stats(path) File "/opt/hue/desktop/libs/hadoop/src/hadoop/fs/webhdfs.py", line 230, in _stats raise ex WebHdfsException: Unable to authenticate <Response [401]>
[29/Jun/2016 08:37:23 -0700] kerberos_ ERROR handle_mutual_auth(): Mutual authentication failed
[29/Jun/2016 08:37:23 -0700] kerberos_ ERROR authenticate_server(): authGSSClientStep() failed: Traceback (most recent call last): File "/opt/hue/build/env/local/lib/python2.7/site-packages/requests_kerberos-0.6.1-py2.7.egg/requests_kerberos/kerberos_.py", line 229, in authenticate_server _negotiate_value(response)) GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Bad format in credentials cache', -1765328185))
[29/Jun/2016 08:37:23 -0700] kerberos_ DEBUG authenticate_server(): Authenticate header:
[29/Jun/2016 08:37:23 -0700] kerberos_ DEBUG handle_mutual_auth(): Authenticating the server
[29/Jun/2016 08:37:23 -0700] kerberos_ DEBUG handle_mutual_auth(): Handling: 401
[29/Jun/2016 08:37:23 -0700] kerberos_ DEBUG handle_response(): returning <Response [401]>
[29/Jun/2016 08:37:23 -0700] kerberos_ DEBUG handle_401(): returning <Response [401]>
[29/Jun/2016 08:37:23 -0700] kerberos_ ERROR generate_request_header(): authGSSClientStep() failed: Traceback (most recent call last): File "/opt/hue/build/env/local/lib/python2.7/site-packages/requests_kerberos-0.6.1-py2.7.egg/requests_kerberos/kerberos_.py", line 114, in generate_request_header _negotiate_value(response)) GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Bad format in credentials cache', -1765328185))
Thanks,
Dale
[libdefaults] renew_lifetime = 7d forwardable = true default_realm = {{realm}} ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false #default_tgs_enctypes = {{encryption_types}} #default_tkt_enctypes = {{encryption_types}}
{% if domains %}[domain_realm]{% for domain in domains.split(',') %} {{domain}} = {{realm}}{% endfor %}{% endif %}
[logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log
[realms] {{realm}} = { admin_server = {{admin_server_host|default(kdc_host, True)}} kdc = {{kdc_host}} }
{# Append additional realm declarations below #}
My ini file showed:## ssl_cert_ca_verify=TrueSo I uncommented that line (in HDFS section only) and tried it - this did not work.
I then changed it to False which also did not work.
In regards to kt_renewer...
-->root@mh0edge01:~# ssh hue@localhosthue@localhost's password:hue@mh0edge01:~$ curl -i --negotiate -u : "http://mh0edge01:14000/webhdfs/v1/user/?op=LISTSTATUS"HTTP/1.1 401 UnauthorizedServer: Apache-Coyote/1.1WWW-Authenticate: NegotiateSet-Cookie: hadoop.auth=; Path=/; HttpOnlyContent-Type: text/html;charset=utf-8Content-Length: 997Date: Thu, 30 Jun 2016 17:03:04 GMTHTTP/1.1 200 OKServer: Apache-Coyote/1.1WWW-Authenticate: Negotiate ***&*(%^*&(*$%^&*
Set-Cookie: hadoop.auth="u=hue&p=hue@AD.LOCAL&t=kerberos-dt&e=ftuasygduohldas="; Path=/; HttpOnly
To unsubscribe from this group and stop receiving emails from it, send an email to hue-user+unsubscribe@cloudera.org.
--
--
You received this message because you are subscribed to the Google Groups "Hue-Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hue-user+unsubscribe@cloudera.org.
root@edge:~# kinit -kt /etc/security/keytabs/hue.service.keytab hue/edge.hadoop.privateroot@edge:~# klist -k -t /etc/security/keytabs/hue.service.keytab
Keytab name: FILE:/etc/security/keytabs/hue.service.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
4 01/01/70 01:00:00 hue/edge.hadoop.private@AD.PRIVATE
[[kerberos]]
# Path to Hue's Kerberos keytab file
hue_keytab=/etc/security/keytabs/hue.service.keytab
# Kerberos principal name for Hue
hue_principal=hue/edge.hadoop.private@AD.PRIVATE
# Path to kinit
kinit_path=/usr/bin/kinit