vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/umn/admin_guide_000246.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

29 lines
7.6 KiB
HTML
Raw Blame History

<a name="admin_guide_000246"></a><a name="admin_guide_000246"></a>
<h1 class="topictitle1">Internal an Internal System User</h1>
<div id="body1529658735916"><div class="section" id="admin_guide_000246__section8680100"><h4 class="sectiontitle">Scenario</h4><p id="admin_guide_000246__p593475414216">If the service is abnormal, the internal user of the system may be locked. Unlock the user promptly, or the cluster cannot run properly. For the list of system internal users, see <a href="admin_guide_000239.html">User Account ListUser Account ListSystem User Description</a> in <em id="admin_guide_000246__i202502017181713"><span id="admin_guide_000246__text732114244517"></span></em>. The internal user of the system cannot be unlocked using <span id="admin_guide_000246__text67509419010">MRS</span> Manager.</p>
</div>
<div class="section" id="admin_guide_000246__section854410144614"><h4 class="sectiontitle">Prerequisites</h4><p id="admin_guide_000246__p736514312463">Obtain the default password of the LDAP administrator <strong id="admin_guide_000246__b683713229312">cn=root,dc=hadoop,dc=com</strong> by referring to <a href="admin_guide_000239.html">User Account ListUser Account ListSystem User Description</a> in <em id="admin_guide_000246__i35708427412"><span id="admin_guide_000246__text11646203275119"></span></em>.</p>
</div>
<div class="section" id="admin_guide_000246__section38851641114111"><h4 class="sectiontitle">Procedure</h4><ol id="admin_guide_000246__ol92291241711"><li id="admin_guide_000246__li183221538124413"><span>Use the following method to confirm whether the internal system username is locked:</span><p><ol type="a" id="admin_guide_000246__ol1229642117"><li id="admin_guide_000246__li1063871454519">OLdap port number obtaining method:<ol class="substepthirdol" id="admin_guide_000246__ol14638914144510"><li id="admin_guide_000246__li166382014104512">Log in to <span id="admin_guide_000246__text1632018392310">MRS</span> Manager, choose <span class="menucascade" id="admin_guide_000246__menucascade150467259711332"><b><span class="uicontrol" id="admin_guide_000246__uicontrol192802306811332">System</span></b> &gt; <b><span class="uicontrol" id="admin_guide_000246__uicontrol85330775311332">OMS</span></b> &gt; <b><span class="uicontrol" id="admin_guide_000246__uicontrol108783298311332">oldap</span></b> &gt; <b><span class="uicontrol" id="admin_guide_000246__uicontrol165260417111332">Modify Configuration</span></b></span>.</li><li id="admin_guide_000246__li106384142452">The <strong id="admin_guide_000246__b10703125314710">LDAP Listening Port</strong> parameter value is <strong id="admin_guide_000246__b53093584710">oldap port</strong>.</li></ol>
</li><li id="admin_guide_000246__li179112774518">Domain name obtaining method:<ol class="substepthirdol" id="admin_guide_000246__ol13791142717450"><li id="admin_guide_000246__li107921527174511">Log in to <span id="admin_guide_000246__text8896204112312">MRS</span> Manager, choose <strong id="admin_guide_000246__b99535671011332">System</strong> &gt; <strong id="admin_guide_000246__b56343630211332">Permission</strong> &gt; <strong id="admin_guide_000246__b20859413011332">Domain and Mutual Trust</strong>.</li><li id="admin_guide_000246__li185118438012">The <strong id="admin_guide_000246__b24691485919">Local Domain</strong> parameter value is the domain name.<p id="admin_guide_000246__p191042443011">For example, the domain name of the current system is <strong id="admin_guide_000246__b17601016171014">9427068F-6EFA-4833-B43E-60CB641E5B6C.COM</strong>.</p>
</li></ol>
</li><li id="admin_guide_000246__li822994914">Run the following command on each node in the cluster as user <strong id="admin_guide_000246__b358271011436">omm</strong> to query the number of password authentication failures:<p id="admin_guide_000246__p19227174611"><strong id="admin_guide_000246__b1922712412113">ldapsearch -H ldaps://</strong><em id="admin_guide_000246__i83560104128">OMS Floating IP Address</em><strong id="admin_guide_000246__b17113655125916">:</strong><em id="admin_guide_000246__i104355457171">OLdap port</em><strong id="admin_guide_000246__b211365513598"> </strong><strong id="admin_guide_000246__b8227144511">-LLL -x -D cn=root,dc=hadoop,dc=com -b krbPrincipalName</strong><strong id="admin_guide_000246__b184051318011">=</strong><em id="admin_guide_000246__i136861336181">Internal system username</em><strong id="admin_guide_000246__b192273416115">@</strong><em id="admin_guide_000246__i158935191819">Domain name</em><strong id="admin_guide_000246__b112271441117">,cn=</strong><em id="admin_guide_000246__i178991131911">Domain name</em><strong id="admin_guide_000246__b622014207019">,</strong><strong id="admin_guide_000246__b522774315">cn=krbcontainer,dc=hadoop,dc=com -w</strong><strong id="admin_guide_000246__b2743529304"> </strong><em id="admin_guide_000246__i1568041313208">Password of LDAP administrator</em><strong id="admin_guide_000246__b167431298020"> </strong><strong id="admin_guide_000246__b32275419110">-e ppolicy | grep krbLoginFailedCount</strong></p>
<p id="admin_guide_000246__p1922913417111">For example, run the following command to check the number of password authentication failures for user <strong id="admin_guide_000246__b9672355122113">oms/manager</strong>:</p>
<p id="admin_guide_000246__p202299420117"><strong id="admin_guide_000246__b796354315103">ldapsearch -H ldaps://10.5.146.118:21750 -LLL -x -D cn=root,dc=hadoop,dc=com -b krbPrincipalName=oms/manager@9427068F-6EFA-4833-B43E-60CB641E5B6C.COM,cn=9427068F-6EFA-4833-B43E-60CB641E5B6C.COM,cn=krbcontainer,dc=hadoop,dc=com -w </strong><em id="admin_guide_000246__i1267015492310">Password of user cn=root,dc=hadoop,dc=com</em><strong id="admin_guide_000246__b13963144341019"> -e ppolicy | grep krbLoginFailedCount</strong></p>
<pre class="screen" id="admin_guide_000246__screen152291046114">krbLoginFailedCount: 5</pre>
</li><li id="admin_guide_000246__li522916415116">Log in to <span id="admin_guide_000246__text634506112313">MRS</span> Manager, choose <strong id="admin_guide_000246__b3434133192418">System</strong> &gt; <strong id="admin_guide_000246__b12402718249">Permission</strong> &gt; <strong id="admin_guide_000246__b2070491016248">Security Policy</strong> &gt; <strong id="admin_guide_000246__b1349671416245">Password Policy</strong>.</li><li id="admin_guide_000246__li12229541018">Check the value of the <strong id="admin_guide_000246__b6818385251">Password Retries</strong> parameter. If the value is less than or equal to the value of <strong id="admin_guide_000246__b41751142620">krbLoginFailedCount</strong>, the user is locked.<div class="note" id="admin_guide_000246__note50966358"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="admin_guide_000246__p56044044">You can also check whether internal users are locked by viewing operations logs.</p>
</div></div>
</li></ol>
</p></li><li id="admin_guide_000246__li1229141019"><span>Log in to the active management node as user <strong id="admin_guide_000246__b141917121223">omm</strong> and run the following command to unlock the user:</span><p><p id="admin_guide_000246__p18229341112"><strong id="admin_guide_000246__b72290411113">sh ${BIGDATA_HOME}/om-server/om/share/om/acs/config/unlockuser.sh --userName </strong><em id="admin_guide_000246__i294913542285">Internal system username</em></p>
<p id="admin_guide_000246__p13229341016">Example: <strong id="admin_guide_000246__b7229847113">sh ${BIGDATA_HOME}/om-server/om/share/om/acs/config/unlockuser.sh --userName oms/manager</strong></p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000243.html">Account Security Settings</a></div>
</div>
</div>
View Git Blame Copy Permalink