Hi Ramesh, Thanks for your reply. I config this parameter in ranger UI, but the error is still exist. I think i should not find the real reason.
I read the code and find the error part . It is in the RangerAuthenticationEntryPoint::commence() ( Ranger version : 0.7.0 ) public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { String ajaxRequestHeader = request.getHeader("X-Requested-With"); .... .... if ("XMLHttpRequest".equals(ajaxRequestHeader)) { ... .... return; } else { try { logger.info("KKKK --- In commence.... ajaxRequestHeader = " + ajaxRequestHeader); /// Add one log info. the ajaxRequestHeader is null. so the ranger admin reply 401. VXResponse vXResponse = new VXResponse(); vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); vXResponse.setMsgDesc("Authentication Failed"); ... .... } } With tcpdump, this parameter is not exist in tcp message. But in the hdfs plugin file, this parameter could not be configed. Thanks & Regards Luochong luoch...@gdbigdata.com From: Ramesh Mani Date: 2017-07-16 03:38 To: user@ranger.apache.org Subject: Re: Which file config policy.download.auth.users ? Luochong, You can update this in the Ranger UI. Open the HDFS service you created in ranger UI and in the config you will find “ Add new configuration”. Add these properties there. Refer this for Screen shots, https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5+-+User+Guide?preview=/https%3A%2F%2Flh3.googleusercontent.com%2FFH8RmMq1pIX8w-_L3jqGMt9RtvqLjUH4Ywf68wMapfPWxytFdK8fIVfU7QDelFqC-6vBIqIONkIujEE7OPql-FQgeFmsW3wZSLQiRn5TQGVJWJ2EpevB36gBtUmATNTD1i5_gng Thanks, Ramesh From: "luoch...@gdbigdata.com" <luoch...@gdbigdata.com> Reply-To: "user@ranger.apache.org" <user@ranger.apache.org> Date: Saturday, July 15, 2017 at 12:24 AM To: user <user@ranger.apache.org> Subject: Which file config policy.download.auth.users ? Hi Env: Ranger version : 0.7.0 Hdfs : 2.7.0 with kerberos After I installed hdfs\ ranger\ kerberos manually, i found the hdfs fail to download policy from Ranger. In the namenode Log: 2017-07-15 07:28:37,556 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies. secureMode=true, user=nn/admin141.example....@example.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}, serviceName=hadooopdev. ret = null Read this document: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.5/bk_command-line-upgrade/content/upgrade-ranger_23.html In this file, there is one step: For Download Policy to be successful, use the Ranger UI to update the service configuration with the following custom properties for each supported component: policy.download.auth.users=<Component service user> tag.download.auth.users=<Component service user>(if tag download) So i think it is the reason that hdfs fail to download policy. I did not config this parameter policy.download.auth.users But i did not know how to config this parameter -- policy.download.auth.users . In the internet, this parameter should config in custom repo file. But i did know the path the custom repo file? Thank & Regards luoch...@gdbigdata.com