So, for some reason it is trying to connect via ssl and not kerberos. I can think of two things for you to try:
1/ ensure you have install the python kerberos library as described here: http://docs.ansible.com/ansible/intro_windows.html#installing-python-kerberos Without this ansible will 'fall back' to attempting ssl connection, which will fail as you are using a domain user. This is also needed (it is *not *included the packages listed here): http://docs.ansible.com/ansible/intro_windows.html#installing-python-kerberos-dependencies 2/ Switch to hostnames instead of ip addresses in your inventory. Kerberos needs fully functioning DNS to work properly. Hope this helps, Jon On Sunday, July 10, 2016 at 8:02:02 PM UTC+1, Rajagopal Subramanian wrote: > > I have three 3 Windows computers. One is Windows server 2012, Other two > are Windows 7 Desktop. Through Ansible I can individually manage all 3 > windows machine through their local login account. Ansible Work Perfectly. > > > Now I configure AD in windows server 2012 and I joined two desktop > computer to AD. Through Active Directory's Administrator Account I can > login through all 3 Windows Machines. > > > To Manage AD Account in ansible I installed keberos as mentioned in this > documentaion. > <http://docs.ansible.com/ansible/intro_windows.html#installing-python-kerberos-dependencies> > > > My Configurations are as follow: > > > */etc/krb5.conf* > > > [libdefaults] > > default_realm = NAANAL.IN > > [realms] > NAANAL.IN = { > kdc = WIN2012.naanal.in > default_domain = naanal.in > } > > [domain_realm] > > .naanal.in = NAANAL.IN > > [login] > > krb4_convert = true > krb4_get_tickets = false > > > *Connection and Ticket Details:* > > > kinit [email protected] <javascript:> > Password for [email protected] <javascript:>: > > > > klist > Ticket cache: FILE:/tmp/krb5cc_1000 > Default principal: [email protected] <javascript:> > > Valid starting Expires Service principal > 2016-07-10T20:41:25 2016-07-11T06:41:25 krbtgt/[email protected] > <javascript:> > renew until 2016-07-11T20:40:33 > > > Now I just try to ping my all windows machines through the account > [email protected] <javascript:> > > > Here is my Configuration and output : > > > *hosts* > > > [windows] > 192.168.1.13 -> Windows 7 Desktop Attached to AD > 192.168.1.23 -> Windows 7 Desktop Attached to AD > 172.30.64.77 -> Windows 2012 with AD > > > *group_vars/windows.yaml* > > > ansible_user: [email protected] <javascript:> > ansible_password: p@ssw0rd1 > ansible_port: 5986 > ansible_connection: winrm > ansible_winrm_server_cert_validation: ignore > > > While I run ansible windows -i hosts -m win_ping > > > 192.168.1.13 | UNREACHABLE! => { > "changed": false, > "msg": "ssl: the specified credentials were rejected by the server", > "unreachable": true > } > 192.168.1.23 | UNREACHABLE! => { > "changed": false, > "msg": "ssl: the specified credentials were rejected by the server", > "unreachable": true > } > 172.30.64.77 | SUCCESS => { > "changed": false, > "ping": "pong" > } > > > i.e In Ansible, I can't login into computers attached to AD through AD > user account. Where I miss things ? > > > Note: I enabled Remote Connections in Desktops. Also tried with firewall > disabled. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9bb22809-8b78-41fd-8327-273a8b2f88c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
