The server has to be configured to allow kerberos authentication inside Dataiku. This is used for MES connection.

Step-by-step guide

Pre-requisites : 

  1. Root access to server

  2. krb5-workstation should be installed in the server. If not install using

    yum install krb5-workstation


  1. ssh into the machine

  2. Switch to root
    sudo su

  3. Edit kerberos conf file and make sure that realms and domain_realm below is included
    vim /etc/krb5.conf


	# To opt out of the system crypto-policies configuration of krb5, remove the
	# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
	includedir /etc/krb5.conf.d/

	[logging]
 	 default = FILE:/var/log/krb5libs.log
	 kdc = FILE:/var/log/krb5kdc.log
	 admin_server = FILE:/var/log/kadmind.log

	[libdefaults]
	 dns_lookup_realm = false
	 ticket_lifetime = 24h
	 renew_lifetime = 7d
	 forwardable = true
	 rdns = false
	 pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
	 spake_preauth_groups = edwards25519
	

	[realms]
	 EUA.SOLVAY.COM = {
	 kdc = frpardc61e.eua.solvay.com
	 kdc = benohdc61e.eua.solvay.com
	 admin_server = eua.solvay.com
	 default_domain = eua.solvay.com
	}

	[domain_realm]
	 .eua.solvay.com = EUA.SOLVAY.COM
	 eua.solvay.com = EUA.SOLVAY.COM

4. Test if it works. It should successfully create a kerberos ticket (no error).

kinit CAbundo@EUA.SOLVAY.COM


Enter your Solvay AD acct password



  • No labels