AnsweredAssumed Answered

ODBC can't to connect after adding impersonation and PAM authentication to Drill.

Question asked by hirohata on May 8, 2018
Latest reply on May 14, 2018 by aengelbrecht

An ODBC connection from a node outside the MapR cluster results in an error as follows.
And is made from a node outside the MapR cluster.
I was able to connect before setting up authentication.

--------------------------------------------------
[mapr@poc01 ~]$ isql -v "MapR Drill 64-bit" mapr mapr
[28000][unixODBC][MapR][Drill] (30) User authentication failed. Server message: [30024]Client needs a secure connection but server does not support any security mechanisms. Please contact an administrator. [Warn: This could be due to a bad configuration or a security attack is in progress.]
[ISQL]ERROR: Could not SQLConnect

 

[mapr@poc01 ~]$ isql -v "MapR Drill 64-bit"
[28000][unixODBC][MapR][Drill] (30) User authentication failed. Server message: [30024]Client needs a secure connection but server does not support any security mechanisms. Please contact an administrator. [Warn: This could be due to a bad configuration or a security attack is in progress.]
[ISQL]ERROR: Could not SQLConnect
--------------------------------------------------

 

However, connecting with sqline succeeds.

--------------------------------------------------
[mapr@poc01 ~]$ sqlline -u "jdbc:drill:drillbit=10.xxx.xxx.xxx;auth=Plain" -n mapr -p mapr
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=512M; support was removed in 8.0
apache drill 1.12.0
"a little sql for your nosql"
0: jdbc:drill:drillbit=10.xxx.xxx.xxx> !list
1 active connection:
#0 open jdbc:drill:drillbit=10.xxx.xxx.xxx;auth=Plain

0: jdbc:drill:drillbit=10.xxx.xxx.xxx> select version from sys.version;
+----------+
| version |
+----------+
| 1.10.0 |
+----------+
1 row selected (0.21 seconds)
--------------------------------------------------

 

Configurations are as follows.


- Drill version
-- Drillbit in the MapR Cluster : 1.10.0
-- Client node in Embedded Mode Drill : 1.12.0

- odbcinst
--------------------------------------------------
[mapr@poc01 ~]$ odbcinst -j
unixODBC 2.2.14
DRIVERS............: /etc/odbcinst.ini
SYSTEM DATA SOURCES: /etc/odbc.ini
FILE DATA SOURCES..: /etc/ODBCDataSources
USER DATA SOURCES..: /home/mapr/.odbc.ini
SQLULEN Size.......: 8
SQLLEN Size........: 8
SQLSETPOSIROW Size.: 8

 

[mapr@poc01 ~]$ odbcinst -q -s
[ODBC]
[MapR Drill 64-bit]
--------------------------------------------------


- odbc.ini
--------------------------------------------------
[root@poc01 ~]# cat /etc/odbc.ini
[ODBC]
Trace=yes

[ODBC Data Sources]
MapR Drill 64-bit=MapR Drill ODBC Driver 64-bit

[MapR Drill 64-bit]
# This key is not necessary and is only to give a description of the data source.
Description=MapR Drill ODBC Driver (64-bit) DSN

# Driver: The location where the ODBC driver is installed to.
Driver=/opt/mapr/drill/lib/64/libdrillodbc_sb64.so

# The DriverUnicodeEncoding setting is only used for SimbaDM
# When set to 1, SimbaDM runs in UTF-16 mode.
# When set to 2, SimbaDM runs in UTF-8 mode.
#DriverUnicodeEncoding=2
# Values for ConnectionType, AdvancedProperties, Catalog, Schema should be set here.
# If ConnectionType is Direct, include Host and Port. If ConnectionType is ZooKeeper, include ZKQuorum and ZKClusterID
# They can also be specified on the connection string.
# AuthenticationType: No authentication; Plain; Kerberos; MapRSASL;
ConnectionType=Direct
HOST=10.xxx.xxx.xxx
PORT=31010
AuthenticationType=Plain
UID=mapr
PWD=mapr
DelegationUID=
KrbServiceName=mapr
KrbServiceHost=
krbSpnConfigurationsRequired=1
#AdvancedProperties=CastAnyToVarchar=true;HandshakeTimeout=5;QueryTimeout=180;TimestampTZDisplayTimezone=utc;ExcludedSchemas=sys,INFORMATION_SCHEMA;NumberOfPrefetchBuffers=5;
AdvancedProperties=CastAnyToVarchar=true;HandshakeTimeout=5;QueryTimeout=1800;TimestampTZDisplayTimezone=utc;ExcludedSchemas=sys,INFORMATION_SCHEMA;NumberOfPrefetchBuffers=5;
Catalog=DRILL
Schema=
SSL=0
DisableHostVerification=0
DisableCertificateVerification=0
TrustedCerts=/opt/mapr/drill/lib/64/cacerts.pem
TLSProtocol=
UseSystemTrustStore=0
--------------------------------------------------


- drill-override.conf
--------------------------------------------------
[root@hadoop01 ~]# cat /opt/mapr/drill/drill-1.10.0/conf/drill-override.conf
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This file tells Drill to consider this module when class path scanning.
# This file can also include any supplementary configuration information.
# This file is in HOCON format, see https://github.com/typesafehub/config/blob/master/HOCON.md for more information.

# See 'drill-override-example.conf' for example configurations

drill.exec: {
cluster-id: "Poc1_com-drillbits",
zk.connect: "hadoop01:5181,hadoop02:5181,hadoop03:5181",
http.ssl_enabled: true,
impersonation: {
enabled: true,
max_chained_user_hops: 3
},
security: {
auth.mechanisms: ["PLAIN"],
},
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "login" ]
}
}
--------------------------------------------------

Could you show me the resolution.


Thanks in advance,

Outcomes