How to Set up a Cross-Realm Trust to Configure a BDA/Big Data Service MIT Kerberos Enabled Cluster with Active Directory on BDA V4.5 and Higher/Big Data Service
(Doc ID 2198152.1)
Last updated on FEBRUARY 17, 2023
Applies to:
Big Data Appliance Integrated Software - Version 4.5.0 and laterBig Data Service on OCI - Version N/A and later
Linux x86-64
Purpose
Provide the steps to set up a cross-realm trust to configure a BDA/Big Data Service on OCI(BDS) MIT Kerberos enabled cluster with Active Directory (AD) on BDA V4.5 and higher/BDS. Steps are also provided to back-out this configuration.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Purpose |
| Details |
| Introduction |
| Overview of the steps to configure a MIT Kerberos realm on the BDA/BDS to trust Active Directory |
| Prerequisites |
| Known Issues |
| Detailed Steps to configure a MIT Kerberos realm on the BDA/BDS to trust Active Directory |
| Setup on the Active Directory Server |
| Setup to establish the AD Encryption type on the AD Server |
| Setup on the command line to setup encryption |
| Setup on the master MIT KDC Server |
| Setup applying to all BDA/BDS Cluster Hosts |
| Configure the hdfs service Trusted Kerberos Realms in Cloudera Manager(CM) |
| Sanity check |
| Creating a new AD user for testing |
| Overview of the steps to remove a MIT Kerberos realm on the BDA/BDS to trust Active Directory |
| Steps to remove a MIT Kerberos realm on the BDA/BDS to trust Active Directory |
| Remove the AD realm in hdfs "Trusted Kerberos Realms" Cloudera Manager |
| Remove the added realm on all BDA/BDS Cluster Hosts. |
| Remove created krbtgt/EXAMPLE.COM@SECUREBDA.EXAMPLE.COM on the master MIT KDC Server. |
| Removal steps on the Active Directory Server. |
| References |