Probably not. First, make sure you specify ansible_user: ads-6999 including the realm, so ansible_user: [email protected]. Not sure if that has any effect, but still. If that fails, I'd create a new user with a different name from the node to see if that helps.
On Thursday, June 2, 2016 at 8:56:54 PM UTC+2, skinnedknuckles wrote: > > Yes, they are the same. Is that a problem? I could make a new account > local or domain. > > On Wednesday, June 1, 2016 at 5:40:48 PM UTC-5, skinnedknuckles wrote: >> >> Control Node: >> >> - CentOS 7 >> - Ansible 2.1 >> - pywinrm version from May 19th, 2016 >> >> Remote Node: >> >> - Windows 7 >> - Powershell 3 >> >> >> I'm having trouble connecting to my remote node with kerberos. I have >> carefully followed all the instructions from the Ansible Docs website >> <http://docs.ansible.com/ansible/intro_windows.html#active-directory-support>. >> >> When I run "klist" it shows a kerberos-ticket-getting-ticket so I know it >> is working that far. But then when I run win_ping, I get the error message >> below. Can I assume all AD accounts are in the Kerberos Database or do >> they need to be added somehow? Otherwise how can I fix this? >> >> >> *$ cat windows.yml* >> *---* >> *ansible_user: ads-6999* >> *ansible_password: ******* >> *ansible_port: 5985* >> *ansible_connection: winrm* >> *ansible_winrm_realm: ACME.COM <http://ACME.COM>* >> *ansible_winrm_transport: kerberos* >> *ansible_winrm_kerberos_delegation: yes* >> >> >> *$ klist* >> *Ticket cache: KEYRING:persistent:1000:1000* >> *Default principal: [email protected] <javascript:>* >> >> *Valid starting Expires Service principal* >> *06/01/2016 17:00:46 06/02/2016 03:00:46 krbtgt/[email protected] >> <javascript:>* >> * renew until 06/08/2016 17:00:19* >> *$ ansible windows -m win_ping* >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *No config file found; using defaultsLoaded callback minimal of type >> stdout, v2.0<ADS-6999> ESTABLISH WINRM CONNECTION FOR USER: ads-6999 on >> PORT 5985 TO ADS-6999<ADS-6999> WINRM CONNECT: transport=kerberos >> endpoint=http://ADS-6999:5985/wsman <http://ADS-6999:5985/wsman><ADS-6999> >> WINRM CONNECTION ERROR: (('Unspecified GSS failure. Minor code may provide >> more information', 851968), ('Server not found in Kerberos database', >> -1765328377))Traceback (most recent call last): File >> "/etc/ansible/lib/ansible/plugins/connection/winrm.py", line 134, in >> _winrm_connect protocol.send_message('') File >> "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in >> send_message return self.transport.send_message(message) File >> "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in >> send_message krb_ticket = KerberosTicket(self.krb_service) File >> "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in >> __init__ kerberos.authGSSClientStep(krb_context, '')GSSError: >> (('Unspecified GSS failure. Minor code may provide more information', >> 851968), ('Server not found in Kerberos database', -1765328377))ADS-6999 | >> FAILED! => { "failed": true, "msg": "kerberos: (('Unspecified GSS >> failure. Minor code may provide more information', 851968), ('Server not >> found in Kerberos database', -1765328377))"}* >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a197b016-822b-4ea1-b83e-2b73decd169f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
