Manually Connecting an SSSD Client to an Active Directory Domain

Following is a good article which worked successfully to connect Centos7 to Active Directory for users in AD to be able to login to Centos. Manually Connecting an SSSD Client to an Active Directory Domain https://access.redhat.com/articles/3023951   Another useful testing procedures blog: QA:Testcase Active Directory Setup https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup   Realmd and SSSD Active Directory Authentication https://outsideit.net/realmd-sssd-ad-authentication/Continue reading Manually Connecting an SSSD Client to an Active Directory Domain

Advertisements

Wireshark commands

Some Wireshark filter fields match against multiple protocol fields. For example, "ip.addr" matches against both the IP source and destination addresses in the IP header. The same is true for "tcp.port", "udp.port", "eth.addr", and others. It's important to note that ip.addr == 10.43.54.65 is equivalent to ip.src == 10.43.54.65 or ip.dst == 10.43.54.65 This can be counterintuitive in some cases. … Continue reading Wireshark commands

Tableau Desktop connect to Cloudera Hadoop using Kerberos

Reference: http://website4everything.blogspot.com/2015/04/connecting-tableau-to-hive-server-2.html The basic steps to connect Tableau to Cloudera Hive or Impala with Kerberos authentication involves the following steps: Download and Install the MIT Kerberos Client for Window Set the C:\ProgramData\MIT\Kerberos5\krb5.ini with  the Kerberos realm and server details (Optional) KRB5CCNAME system environment variable may need to be set at times to a temporary value: FILE:C:\temp\kerberos\krb5cache … Continue reading Tableau Desktop connect to Cloudera Hadoop using Kerberos

Kerberos commands

Common Kerberos commands: 1.Change password of a principal(user) $ kadmin.local kadmin.local: cpw <principalname> Enter password for princal "principalname@REALM.COM": 2.initialize a kerberos ticket $ kinit <principalname> To get detailed verbose info use below options: $ KRB5_TRACE=/dev/stdout kinit -V 3. Destroy the current ticket: $ kdestroy 4. Check the status of Kerberos KDC $ systemctl status kadmin $ systemctl … Continue reading Kerberos commands

Access webhdfs using Kerberos from laptop client

The following blog shows how to access a kerberized hadoop cluster from a Chrome browser in laptop. https://community.hortonworks.com/articles/28537/user-authentication-from-windows-workstation-to-hd.html This will work mostly except change the below: 3. network.negotiate-auth.gsslib = C:\Program Files\MIT\Kerberos\bin\gssapi64.dll instead of the gssapi32.dll  since we mostly use 64-bit Firefox which doesnt work with the 32bit dll.    

Install Windows Server 2012R2 using Virtualbox VHD

This blog will show how to download Windows Server 2012R2 180days evaluation and create a VM using Virtualbox VHD. Reference: http://www.sysprobs.com/download-windows-server-2012-r2-vhd-on-virtualbox-vmware-workstation First download the VHD file from Microsoft website. Make sure to select the VHD option: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2 NOTE: Once you use this VHD file to create a VM then this file cannot be used again … Continue reading Install Windows Server 2012R2 using Virtualbox VHD

Run a Python program to access Hadoop webhdfs with Kerberos enabled

Following python code makes REST calls to a secure Kerberos enabled Hadoop cluster to use webhdfs REST api to get file data:   You need to first run $ knit userid@REALM to authenticate and initiate the Kerberos ticket for the user. Make sure the python modules requests and requests_kerberos have been installed. Otherwise install it … Continue reading Run a Python program to access Hadoop webhdfs with Kerberos enabled

Run a Java program in Hadoop with Kerberos enabled.

Following steps are needed to run a Java program in Hadoop with Kerberos security enabled: 1. Create a text file named FileCount.java and store it in your home directory such as /home/userid 2. Copy paste the below code into the file FileCount.java . Change the hadoop hostname from quickstart.cloudera:8020 to the correct host. import java.io.*; import … Continue reading Run a Java program in Hadoop with Kerberos enabled.

Kerberos, SPNEGO and WebHDFS on Hadoop using Chrome browser:

SPNEGO, and WebHDFS on Hadoop using Chrome browser: Reference: http://www.ghostar.org/2015/06/google-chrome-spnego-and-webhdfs-on-hadoop/   We want to see if the Chrome browser can be used to authenticate users with Kerberos and display Hadoop webhdfs REST api data. In the Cloudera Security .pdf manual follow these steps: Step 9: (Optional) Enable Authentication for HTTP Web Consoles for Hadoop Roles … Continue reading Kerberos, SPNEGO and WebHDFS on Hadoop using Chrome browser:

Install Google Chrome on Centos 7

If you have a Centos server and want to install Chrome browser which will display GUI on Windows laptop using X server then follow these steps: First download and install Mobax terminal software on your laptop from https://mobaxterm.mobatek.net/ . This will provide the X server needed to display the browser on windows. Enable Google YUM … Continue reading Install Google Chrome on Centos 7