How to Set up a Cross-Realm Trust to Configure a BDA/Big Data Service MIT Kerberos Enabled Cluster with Active Directory on BDA V4.5 and Higher/Big Data Service
(Doc ID 2198152.1)
Last updated on FEBRUARY 17, 2023
Applies to:
Big Data Appliance Integrated Software - Version 4.5.0 and laterBig Data Service on OCI - Version N/A and later
Linux x86-64
Purpose
Provide the steps to set up a cross-realm trust to configure a BDA/Big Data Service on OCI(BDS) MIT Kerberos enabled cluster with Active Directory (AD) on BDA V4.5 and higher/BDS. Steps are also provided to back-out this configuration.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Details |
Introduction |
Overview of the steps to configure a MIT Kerberos realm on the BDA/BDS to trust Active Directory |
Prerequisites |
Known Issues |
Detailed Steps to configure a MIT Kerberos realm on the BDA/BDS to trust Active Directory |
Setup on the Active Directory Server |
Setup to establish the AD Encryption type on the AD Server |
Setup on the command line to setup encryption |
Setup on the master MIT KDC Server |
Setup applying to all BDA/BDS Cluster Hosts |
Configure the hdfs service Trusted Kerberos Realms in Cloudera Manager(CM) |
Sanity check |
Creating a new AD user for testing |
Overview of the steps to remove a MIT Kerberos realm on the BDA/BDS to trust Active Directory |
Steps to remove a MIT Kerberos realm on the BDA/BDS to trust Active Directory |
Remove the AD realm in hdfs "Trusted Kerberos Realms" Cloudera Manager |
Remove the added realm on all BDA/BDS Cluster Hosts. |
Remove created krbtgt/EXAMPLE.COM@SECUREBDA.EXAMPLE.COM on the master MIT KDC Server. |
Removal steps on the Active Directory Server. |
References |