Hi All can you guys please help me out on this
On Fri, Dec 1, 2017 at 7:32 AM, Taher Koitawala <taher.koitaw...@gslab.com> wrote: > I get this SASL negotiation failure error in hiveserver2 logs when i do > test connection from Ranger Web UI. > > To connect to hiveserver2 from beeline we use > jdbc:hive2://hiveserver2_host:10000 and then we enter our LDAP username > and password. We have put the ldap certificate in the jvm keystore of > hiveserver2 > > On Dec 1, 2017 12:53 AM, "Ramesh Mani" <rm...@hortonworks.com> wrote: > >> Taher, >> >> Where do you see this SSL error? Is that when you do test connection in >> the Ranger UI for hive service? >> >> How do you connect to HiveServer2 via beeline? Can you share the command >> what you used for this. >> >> Thanks, >> Ramesh >> >> From: Taher Koitawala <taher.koitaw...@gslab.com> >> Reply-To: "user@ranger.apache.org" <user@ranger.apache.org> >> Date: Thursday, November 30, 2017 at 4:24 AM >> To: "user@ranger.apache.org" <user@ranger.apache.org> >> Subject: Ranger cannot connect to Hiveserver2 >> >> Hi All, >> We were using hive with ldap before and ranger was able to >> connect to hiveserver2. However since we moved hive from ldap to ldaps, >> ranger cannot connect to hiveserver2 now. Exception i get is on hiveserver2 >> side is SASL negotiation failure. >> >> I am guessing its the LDAP s certificate issue. When ranger prepares a >> client to connect to hiveserver2 may be it cannot find the certificate. I >> think that is strange because Ranger is liked to LDAPS and is allowing LDAP >> users to login to ranger with their creds. It just cannot connect to >> hiveserver2. >> >> My Ranger Webui plugin configurations are as follows: >> >> Service Name: hive_test >> Active Status: Enabled >> Username: <ranger_user> //LDAP user just for ranger >> Password: password >> jdbc.driverClassName: org.apache.hive.jdbc.HiveDriver >> jdbc.url: jdbc:hive2://<hiveserver2_host>:10000 >> Common Name for Certificate: blank >> Add new Configurations: BLANK >> >> >> >> Exception thrown is attached below >> >>
