My Oracle Support Banner

How to Set up a Cross-Realm Trust to Configure a BDA/Big Data Service MIT Kerberos Enabled Cluster with Active Directory on BDA V4.5 and Higher/Big Data Service (Doc ID 2198152.1)

Last updated on MAY 26, 2021

Applies to:

Big Data Appliance Integrated Software - Version 4.5.0 and later
Big Data Service on OCI - Version N/A and later
Linux x86-64

Purpose

Provide the steps to set up a cross-realm trust to configure a BDA/Big Data Service on OCI(BDS) MIT Kerberos enabled cluster with Active Directory (AD) on BDA V4.5 and higher/BDS.  Steps are also provided to back-out this configuration.

 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Details
 Introduction
 Overview of the steps to configure a MIT Kerberos realm on the BDA/BDS to trust Active Directory
 Prerequisites
 Known Issues
 Detailed Steps to configure a MIT Kerberos realm on the BDA/BDS to trust Active Directory
 Setup on the Active Directory Server
 Setup to establish the AD Encryption type on the AD Server
 Setup on the command line to setup encryption
 Setup on the master MIT KDC Server
 Setup applying to all BDA/BDS Cluster Hosts
 Configure the hdfs service  Trusted Kerberos Realms in Cloudera Manager(CM)
 Sanity check
 Creating a new AD user for testing
 Overview of the steps to remove a MIT Kerberos realm on the BDA/BDS to trust Active Directory
 Steps to remove a MIT Kerberos realm on the BDA/BDS to trust Active Directory
 Remove the AD realm in hdfs "Trusted Kerberos Realms"  Cloudera Manager
 Remove the added realm on all BDA/BDS Cluster Hosts.
 Remove created krbtgt/EXAMPLE.COM@SECUREBDA.COM on the master MIT KDC Server.
 Removal steps on the Active Directory Server.
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.