Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-9743

Storm service check failed after enabling security with existing AD

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 2.0.0
    • 2.0.0
    • ambari-server

    Description

      On last stage, storm service check failed 

      1017 [main] INFO  backtype.storm.StormSubmitter - Generated ZooKeeper secret payload for MD5-digest: -5540876373091122649:-7113320937502691642
1021 [main] INFO  backtype.storm.security.auth.AuthUtils - Got AutoCreds []
1039 [main] WARN  org.apache.storm.curator.retry.ExponentialBackoffRetry - maxRetries too large (60000). Pinning to 29
1043 [main] INFO  backtype.storm.utils.StormBoundedExponentialBackoffRetry - The baseSleepTimeMs [2000] the maxSleepTimeMs [5] the maxRetries [60000]
1043 [main] WARN  backtype.storm.utils.StormBoundedExponentialBackoffRetry - Misconfiguration: the baseSleepTimeMs [2000] can't be greater than the maxSleepTimeMs [5].
1847 [main] INFO  org.apache.storm.zookeeper.Login - successfully logged in.
Exception in thread "main" java.lang.RuntimeException: javax.security.sasl.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Illegal character in realm name; one of: '/', ':', '' (600))]
	at backtype.storm.security.auth.ThriftClient.reconnect(ThriftClient.java:99)
	at backtype.storm.security.auth.ThriftClient.<init>(ThriftClient.java:66)
	at backtype.storm.utils.NimbusClient.<init>(NimbusClient.java:52)
	at backtype.storm.utils.NimbusClient.getConfiguredClient(NimbusClient.java:36)
	at backtype.storm.StormSubmitter.submitTopology(StormSubmitter.java:211)
	at backtype.storm.StormSubmitter.submitTopology(StormSubmitter.java:157)
	at storm.starter.WordCountTopology.main(WordCountTopology.java:77)
Caused by: javax.security.sasl.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: Illegal character in realm name; one of: '/', ':', '' (600))]
	at com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:150)
	at com.sun.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:63)
	at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372)
	at org.apache.thrift7.transport.TSaslClientTransport.<init>(TSaslClientTransport.java:72)
	at backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin.connect(KerberosSaslTransportPlugin.java:127)
	at backtype.storm.security.auth.TBackoffConnect.doConnectWithRetry(TBackoffConnect.java:48)
	at backtype.storm.security.auth.ThriftClient.reconnect(ThriftClient.java:97)
	... 6 more
Caused by: GSSException: Invalid name provided (Mechanism level: Illegal character in realm name; one of: '/', ':', '' (600))
	at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:127)
	at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:95)
	at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:202)
	at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472)
	at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)
	at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170)
	at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137)
	at com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:108)
	... 12 more

      Attachments

        1. AMBARI-9743_01.patch
          3 kB
          Robert Levas

        Issue Links

          links to

          Web Link ReviewBoard

          Activity

            People

              rlevas Robert Levas
              rlevas Robert Levas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: