hi > Up untill ranger .5 there is a known issue of marking AD imported groups as "internal" but it does not impact functionality. > once the AD sync is established you should see the users and groups being imported in the logs under ../ranger/usersync (as set in property " ranger_usersync_log_dir") > HDFS policy test could fail due to several config issues .. repo name match, repo user not getting kerberos ticket etc.. ensure that you are able to connect to web hdfs using the kerberos ticket 1st. Also in case of HA setup ranger repo config needs to be changed accordingly.
*Cheers !!* Arvind On Mon, May 16, 2016 at 10:10 PM, Dale Bradman <da...@profusion.com> wrote: > Hi, > > > > I have a working kerberised cluster that is connected to an Active > Directory instance. My KDC is installed on my AD. > > > > I installed Ranger using Ambari and I have some questions: > > > > 1) If the install of Ranger and subsequent integration with active > directory is successful, should the Users/Groups page display a list of > users from Active Directory and mark them as “External”? I am not seeing > any “External” users other than “hive”,”yarn”, and “hadoop”. > > 2) I’m also trying to follow this guide > https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Ranger_Install_Guide/content/hdfs_plugin_kerberos.html > which says that the new user must be synced to Ranger Admin however when I > create a new user in Active Directory, the user does not appear in > Users/Groups tab. > > 3) “Test Connection” is failing for my HDFS policy (my only policy > so far). UI error shows “Connection Failed. Unable to connect repository > with given config for murkhana_hadoop”. Digging deeper, my xa_portal.log > shows “[http-bio-6080-exec-6] ERROR org.apache.ranger.biz.ServiceMgr > (ServiceMgr.java:120) - ==> ServiceMgr.validateConfig > Error:java.util.concurrent.ExecutionException: > org.apache.ranger.plugin.client.HadoopException: Unable to login to Hadoop > environment [murkhana_hadoop]” Can you point me in the right direction to > fix this please? > > > > Thanks. > > >
