Hi Mark, I've not tried the NTLM support yet but I think you might need to set
ansible_winrm_server_cert_validation: ignore ... in your inventory/ group_vars. Otherwise python will attempt to validate the certificate presented by your windows vm, which is (very likely) self signed one. Give that a go and see how you get on. All the best, Jon On Thursday, June 23, 2016 at 11:38:28 AM UTC+1, Mark Matthews wrote: > > Hi > > > > I am trying to authenticated to server using domain credentials. > > > > I watch the following video with Matt Davis, > https://www.ansible.com/webinars-training/ask-an-expert-ansible-and-windows, > and he mentions that with Ansible 2.1 you are now able to use ‘ntlm’ to > authenticate with domain credentials. > > > > I am testing this in the console first before applying these setting to > Tower, but I am having issues. > > > > I have change the host file entries to the following: > > > > [win] > > uk-ansible-util > > > > [win:vars] > > ansible_connection=winrm > > ansible_user=wintech.local\sa_Ansible > > ansible_password=password > > > > ansible_winrm_transport=ntlm > > > > And then when I try run the following task: ansible win -i hosts -m raw > -a ipconfig > > > > I am getting the following error: > > > > uk-ansible-util | UNREACHABLE! => { > > "changed": false, > > "msg": "ntlm: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify > failed (_ssl.c:765)", > > "unreachable": true > > } > > > > > > I have updated pywinrm to the latest version on the Ansible server. > > > > > > Any ideas what could be causing this, as I cant find anything on the > Internet. > > > > Cheers > > Mark > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d82920ac-06ec-4c97-a23d-3e6006e25685%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
