Seems unlikely to be a firewall issue if eventvwr is showing a failed login.
Is the windows server 2008 machine joined to the domain? If it isn't it won't know how to check with the domain controller that the username/password are valid? On Friday, July 17, 2015 at 9:55:59 AM UTC+1, Guillaume Querso wrote: > > Pykerberos is installed on the server, i have already requested a ticket > for the user and domain expected with the right syntax. The server is > running powershell 4 and i have checked that the encryption for the ticket > and the key is the same on both sides. > what i can see on the eventvwr is that there is an "Unknown user name or > bad password" while they are right.. > > do you have anything else in mind that could help? or just ideas to > identify the problem? can it be a proxy/firewall issue? > > Le jeudi 16 juillet 2015 21:25:19 UTC+1, J Hawkesworth a écrit : >> >> Have you installed pykerberos? >> >> Also, use klist to check that the tgt ticket is for the user and domain >> you expect. >> >> be aware that the domain name seems to need to be in upper case so >> >> kinit [email protected] >> not >> >> kinit [email protected] >> >> Also, make sure you have patched windows server 2008 R2 - as per this >> advice on http://docs.ansible.com/intro_windows.html#windows-system-prep >> >> "On Windows 7 and Server 2008 R2 machines, due to a bug in Windows >> Management Framework 3.0, it may be necessary to install this hotfix >> http://support.microsoft.com/kb/2842230 to avoid receiving out of memory >> and stack overflow exceptions. Newly-installed Server 2008 R2 systems which >> are not fully up to date with windows updates are known to have this issue." >> >> I recommend running your ansible-playbook -vvvvv to see the connection >> debugging information if it still fails. >> Also running eventvwr on the windows machine and checking if there are >> any logon events in Windows Logs -> Security >> >> Hope this helps. >> >> If you discover anything that helps please reply so we can provide more >> information in the documentation. >> >> Jon >> >> >> On Thursday, July 16, 2015 at 4:54:58 PM UTC+1, Guillaume Querso wrote: >>> >>> hi all! >>> >>> I am currently using ansible 1.9.2 on a RHEL 6 server. what I would like >>> is to connect to a windows 2008 R2 server via kerberos to be able to use >>> domain accounts. >>> >>> - What i did: creating a ticket on the linux server for the >>> concerned domain account. Synchronized the clocks. >>> - What it is not working: i have a: 401 unauthorized access when i >>> try to run a playbook. >>> >>> Do you know what i am missing? >>> Thanks for your help on this! >>> >>> Guillaume Q >>> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0dd61b45-479a-4898-a676-d0d78cf1d1bf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
