RDJDBC::dbConnect failing to connect to HiveServer2 (kerberos +sasl) - r

I am trying to connect to Hive2 using RJDBC but it failing with "GSS initiate failed". However same things working fine using beeline client. Any idea what may have caused different behavior when running both on same node with same credentials?
drv <- RJDBC::JDBC("org.apache.hive.jdbc.HiveDriver", cp, "`")
following is just for illustrative purpose as I wanted to show what all parameter I am using as JDBC url.
conn <- RJDBC::dbConnect(drv, "jdbc:hive2://node1:10000/default;principal=hive/hive_node#REALM;ssl=true;sslTrustStore=store_path;trustStorePassword=store_password", "user", "password")
log4j:WARN No appenders could be found for logger (org.apache.hive.jdbc.Utils).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Error in .jcall(drv#jdrv, "Ljava/sql/Connection;", "connect", as.character(url)[1], :
java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://:10000/default;principal=hive/hive_node#REALM;ssl=true;sslTrustStore=store_path;trustStorePassword=store_password: GSS initiate failed

A bit late for you, but... look at that post about the details of configuring Kerberos authentication for Hive/Impala JDBC (note also that "user" and "password" connection args are ignored by Kerberos auth)
The post assumes that you have the password stored in a "keytab" file, and use it to create a private Kerberos ticket. If you want to use the default, public ticket instead, then change the JAAS conf accordingly (i.e. useTicketCache=true useKeyTab=false and no keyTab entry)
And to pass the configuration to Java from your R code, the easiest way is to set the JAVA_TOOL_OPTIONS env variable before anything else bootstraps the RJava initialization
Sys.setenv("JAVA_TOOL_OPTIONS"="-Djava.security.auth.login.config=/Path/To/jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false")
PS: on Windows the path would look like C:/Path/To/jaas.conf (Java converts slashes to backslashes automatically; that's easier that escaping each and every backslash because of the way R Strings interpret \)
Final note: if any jerk tags this with "answers should not rely on links", since the aforementioned link points to another post of mine in S.O., then he/she is really a jerk, and I will gladly tell him/her to his/her face, loudly and with exotic words.

Related

How to use the resource_owner grant within Microsoft365R

I'm trying to implement an unattended script accessing files within OneDrive using Microsoft365R.
I've setup everything like in the docs using the default app registration.
The interactive flow with auth_type="device_code" works without issues:
odb <- Microsoft365R::get_business_onedrive(auth_type="device_code")
But when trying auth_type="resource_owner" like shown in the docs here, I get the following error:
odb <- Microsoft365R::get_business_onedrive(tenant=tenant, app=app, username=user, password=getPass(), auth_type="resource_owner")
Error in process_aad_response(res) :
Bad Request (HTTP 400). Failed to obtain Azure Active Directory token. Message:
AADSTS50126: Error validating credentials due to invalid username or password.
My guess is, that the default app is missing some privileges to use the "resource_owner" flow.
Can someone point me to the right direction on how to get the resource_owner flow working?
(Using Service Principles is not a solution for my setup, but I did also try it with a dedicated service account and it was not working either)

How to connect R to Clickhouse?

I am new to Clickhouse and am experiencing difficulties connecting R to Clickhouse.
con <- DBI::dbConnect(RClickhouse::clickhouse(),host="srv-clickhouse",username="user",
password="pw")
This returns the error
Error in connect(config[["host"]], strtoi(config[["port"]]), config[["db"]], :
DB::Exception: default: Authentication failed: password is incorrect or there is no user with such name
There definitely has to be a user by that name and password which leads me to believe that I've done something wrong while at the same time I'm not sure what I have to put into the host part of the address, nor the port nor in the beginning. Should I add the full URL to the host part? Right now I'm using RClickhouse but my database uses the port 8123. Is there any kind of proper documentation and how to solve this issue?
Thanks

SFTP connection with apache vfs fails but is successful with WinSCP

I can successfully connect with WinSCP, using given credentials, to SFTP server. But when doing it from java using apache vfs I get error:
Caused by: org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server at "sftp://username:***#server_addres/".
at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:170)
at org.apache.commons.vfs2.provider.sftp.SftpFileProvider.doCreateFileSystem(SftpFileProvider.java:97)
... 22 more
Caused by: com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:512)
at com.jcraft.jsch.Session.connect(Session.java:183)
at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:166)
I have checked credentials and they are exactly same as those when I try to connect with WinSCP. WinSCP can connect successfully, but my java code gets the above error (Auth fail).
Does anybody has some clue what could be the issue?
Public IP range of the machine I am connecting from has been added to firewall exceptions as trusted IP on the other side.
Please help, any ideas are very much appreciated.
Kind regards,
misamas
The problem was in the password. It contained % sign which is a special character when passed in URI (like pass%word).
So the solution was doing UriParser.encode(sftpUri) before passing it to manager.resolveFile() method like this (in order to replace % sign of password in URI with its hex code %25):
import org.apache.commons.vfs2.provider.UriParser;
...
String sftpUri = String.format("sftp://%s:%s#%s/%s/%s", configData.getUserId(), configData.getPassword(), configData.getServerAddress(),
configData.getRemoteDirectory(), configData.getFileName());
String sftpUriEncoded = UriParser.encode(sftpUri);
FileObject remoteFile = manager.resolveFile(sftpUriEncoded, options);

Not able to get nJupiter.DataAccess.Ldap work with our Internal LDAP (Lotus Domino)

I've tried everything possible, to setup nJupiter.DataAccess.Ldap as the membership provider on our intranet based web application built using asp.net 3.5.
Challenges I am facing:
Not able to authenticate the user using the default login webpart (says Your login attempt was not successful. Please try again)
I tried this code and I receive a COMException : "There is no such object on the server."
var ldapMembershipUser = System.Web.Security.Membership.GetUser("username") as LdapMembershipUser;
if (ldapMembershipUser != null)
{
var givenName = ldapMembershipUser.Attributes["givenName"];
}
I have placed my web.config and the nJupiter.DataAccess.Ldap.config here:
web.config : http://pastebin.com/9XdDnhUH
nJupiter.DataAccess.Ldap.config : http://pastebin.com/WsSEhi98
I have tried all possible permutations and combinations for different values in the XML and i am not able to take it forward. Please guide. I just am not able to connec to the LDAP and authenticate the user or even search for users.
Just looking at your config is unlikely to be enough since I don't know your Domino server's confguration, so my answer isn't an attempt to fix your problem. It's an attempt to teach you how I would approach it if it were my problem. Here's what I do to troubleshoot connections and queries from code to Domino LDAP:
Configure the Domino LDAP server for logging the highest level of debug information with the notes.ini setting LDAPDEBUG=7. See this IBM technote for more info.
Use an LDAP client and figure out how to successfully connect to the Domino LDAP server. I like the free Softerra client for this. Check the logs and save off the info from your successful connection.
Now run your code and compare what you see in the logs against the successful connection.
If the code is making it past authentication but failing on the query, then find the actual query in the log, go back to your LDAP client, figure out what the query should have been, and adjust your code's configuration appropriately.

Cannot access CloudBees WebDAV at all

Using Mac (Mountain Lion) to attempt to connect to my CloudBees WebDAV repository, using my account name (drcadmin) using the server address "https://repository-drcadmin.forge.cloudbees.com/private/"
When I'm challenged to enter my account user name and password, I'm getting an error message: "There was a problem connecting to the server 'repository-drcadmin.forge.cloudbees.com'. \ Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.". I'm just having no luck at all connecting to our private WebDAV repo. My understanding is that this should work... but it doesn't.
I currently have a Free account -- do I need a paid account to get this feature "turned on"? Or am I just doing something wrong? (And if I am doing something wrong, any clue what I would eed to do to fix it?)
No it works with free.
The canonical article on how to set this up is here: http://developer.cloudbees.com/bin/view/DEV/CloudBees+Maven+Repository+-+Mounting
I found these links to be helpful:
http://developer.cloudbees.com/bin/view/DEV/Accessing+under+an+external+Maven+repository
http://wiki.cloudbees.com/bin/view/DEV/Sharing+Files+with+Build+Executors
Specifically:
Check that you can access Repositories > Maven repositories > Private - https://forge.cloudbees.com/a/{yourid}/repositories/private
Check the config under Details and Security are correct.

Resources