I've tested kerberos following http://docs.ansible.com/ansible/intro_windows.html#id9. I ran
kinit [email protected] and it doesn't come back with anything but it also doesn't come back with a failure. I also try inputting the wrong password on purpose and it throws a "kinit: Preauthentication failed while getting initial credentials" leading me to believe kerberos auth is working fine...I don't understand why its not using kerberos and using "root" and plaintext. I even tried to set the ansible_user/password/host/port in the hosts file for that inventory group. On Wednesday, February 3, 2016 at 8:45:49 AM UTC-5, J Hawkesworth wrote: > > You have > > ansible_user: [email protected] > > set, implying that you want to use a domain user. > > When you run, the following is shown: > > transport=plaintext endpoint=https://XXXXX:5986/wsman > <https://xxxxx:5986/wsman> > > The transport needs to be kerberos to connect with a domain user. > > I suspect you are missing the python kerberos library. > > If this can't be loaded then ansible will attempt a plaintext connection > which I am fairly certain won't work with a domain user. > > You don't mention which OS you are running ansible on but you probably > need to install > > python-kerberos from yum > or > pykerberos from pip > > Hope this helps > > Jon > > > On Tuesday, 2 February 2016 23:00:01 UTC, Nikhil Shah wrote: >> >> maybe this might be a bit more insight: >> >> ansible windows -m win_ping -vvvv >> >> <10.40.1.31> ESTABLISH WINRM CONNECTION FOR USER: *root* on PORT 5986 TO >> XXXXXXX >> >> <10.40.1.31> WINRM CONNECT: transport=plaintext endpoint= >> https://XXXXX:5986/wsman >> >> <10.40.1.31> WINRM CONNECTION ERROR: 500 WinRMTransport. [Errno 111] >> Connection refused >> >> 10.40.1.31 | FAILED => 500 WinRMTransport. [Errno 111] Connection refused >> >> >> >> I've got a group_var/windows.yml: >> >> >> >> ansible_user: [email protected] >> >> ansible_password: XXXXXXXX >> >> ansible_port: 5986 >> >> ansible_connection: winrm >> >> # The following is necessary for Python 2.7.9+ when using default WinRM >> self-signed certificates: >> >> ansible_winrm_server_cert_validation: ignore >> >> On Tuesday, February 2, 2016 at 4:01:55 PM UTC-5, Nikhil Shah wrote: >>> >>> >>> >>> Feb 2, 12:42 >>> >>> Hello, >>> >>> I followed the guidelines in setting up a windows node. >>> http://docs.ansible.com/ansible/intro_windows.html#windows-system-prep >>> >>> I am using Windows 2008 R2, which had PowerShell 2.0 installed; I >>> upgraded to PowerShell 4.0 (since the requirements said PowerShell 3.0).... >>> >>> When trying to run ansible, I am running the following and getting the >>> below listed error message: >>> >>> ansible-playbook -i hosts ipconfig.yml --ask-vault >>> Vault password: >>> >>> PLAY [test raw module] >>> ******************************************************** >>> >>> TASK: [run ipconfig] >>> ********************************************************** >>> fatal: [qa-codegen01.theorchard.local] => 500 WinRMTransport. [Errno >>> 111] Connection refused >>> >>> FATAL: all hosts have already failed -- aborting >>> >>> >>> >>> Note - I went ahead and enabled winRM and configured with the following >>> settings: >>> >>> winrm quickconfig -q >>> >>> winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}' >>> >>> winrm set winrm/config '@{MaxTimeoutms="1800000"}' >>> >>> winrm set winrm/config/service '@{AllowUnencrypted="true"}' >>> >>> winrm set winrm/config/service/auth '@{Basic="true"}' >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/298d648c-b212-4752-936b-484d5e5062c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
