Hi Dilli, First of all, thanks for answering so fast.
Actually, I would like to have some synchronization between RangerAdmin UI and NameNode users, in order to manage Users and authorizations directly from RangerAdmin UI. Is it possible somehow via Ranger UserSync ? Thanks, Loïc Loïc CHANEL Engineering student at TELECOM Nancy Trainee at Worldline - Villeurbanne 2015-06-09 17:18 GMT+02:00 Dilli Arumugam <[email protected]>: > Please note that user/group mapping that you see in RangerAdmin UI is > only used for policy definition time. > At policy enforcement time, user group membership is computed by NameNode > based on group mapping provider defined in NameNode. > > You can check what NameNode sees as groups that a user belongs to by > issuing command > > hdfs groups sam > > Sam is sample username here. > You would use your username in its place. > Thanks > Dilli > > From: Loïc Chanel <[email protected]> > Reply-To: "[email protected]" < > [email protected]> > Date: Tuesday, June 9, 2015 7:39 AM > To: "[email protected]" <[email protected]> > Subject: Issues with UserSync > > Hi All, > > As I am using Ranger with Unix authentication to manage the security of > HDFS on my cluster, I could not help but notice that even if I add users to > groups in the Ranger console, Ranger cannot find to which groups they > belong, and therefore do not authorize them to perform actions they should > be able to do. > > As I thought this issue came from UserSync, I noticed that in its logs > the following exception is printed every minute : > > ERROR PasswordValidator [Thread-22] - Response [FAILED: unable to validate > due to error javax.net.ssl.SSLHandshakeException: Remote host closed > connection during handshake] for user: null > javax.net.ssl.SSLHandshakeException: Remote host closed connection during > handshake > at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) > at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source) > at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) > at sun.security.ssl.AppInputStream.read(Unknown Source) > at sun.nio.cs.StreamDecoder.readBytes(Unknown Source) > at sun.nio.cs.StreamDecoder.implRead(Unknown Source) > at sun.nio.cs.StreamDecoder.read(Unknown Source) > at java.io.InputStreamReader.read(Unknown Source) > at java.io.BufferedReader.fill(Unknown Source) > at java.io.BufferedReader.readLine(Unknown Source) > at java.io.BufferedReader.readLine(Unknown Source) > at > com.xasecure.authentication.PasswordValidator.run(PasswordValidator.java:58) > at java.lang.Thread.run(Unknown Source) > Caused by: java.io.EOFException: SSL peer shut down incorrectly > at sun.security.ssl.InputRecord.read(Unknown Source) > ... 13 more > > As usually this is the sign of a problem of missing certificate, I > ensured the certificate corresponding to Unix authentication (<host>:5151) > is in Java trustore and restarted the NameNode and Ranger, but nothing > changed. > > When looking a little bit more into RangerAdmin and RangerUserSync logs, > it seems that RangerAdmin is the source of the problem, closing the > connection before handshake is fully established, but I have no idea about > how to correct it. > > Did someone encountered this error too ? Did I miss something ? > > Thanks in advance for your help, > > > Loïc > > Loïc CHANEL > Engineering student at TELECOM Nancy > Trainee at Worldline - Villeurbanne >
