How to Set up a Cross-Realm Trust to Configure a BDA/Big Data Service MIT Kerberos Enabled Cluster with Active Directory on BDA V4.5 and Higher/Big Data Service
(Doc ID 2198152.1)
Last updated on MAY 26, 2021
Applies to:Big Data Appliance Integrated Software - Version 4.5.0 and later
Big Data Service on OCI - Version N/A and later
Provide the steps to set up a cross-realm trust to configure a BDA/Big Data Service on OCI(BDS) MIT Kerberos enabled cluster with Active Directory (AD) on BDA V4.5 and higher/BDS. Steps are also provided to back-out this configuration.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|Overview of the steps to configure a MIT Kerberos realm on the BDA/BDS to trust Active Directory|
|Detailed Steps to configure a MIT Kerberos realm on the BDA/BDS to trust Active Directory|
|Setup on the Active Directory Server|
|Setup to establish the AD Encryption type on the AD Server|
|Setup on the command line to setup encryption|
|Setup on the master MIT KDC Server|
|Setup applying to all BDA/BDS Cluster Hosts|
|Configure the hdfs service Trusted Kerberos Realms in Cloudera Manager(CM)|
|Creating a new AD user for testing|
|Overview of the steps to remove a MIT Kerberos realm on the BDA/BDS to trust Active Directory|
|Steps to remove a MIT Kerberos realm on the BDA/BDS to trust Active Directory|
|Remove the AD realm in hdfs "Trusted Kerberos Realms" Cloudera Manager|
|Remove the added realm on all BDA/BDS Cluster Hosts.|
|Remove created krbtgt/EXAMPLE.COM@SECUREBDA.COM on the master MIT KDC Server.|
|Removal steps on the Active Directory Server.|