Your krb5.conf looks ok, although you might want to add a second kdc
machine if you have one. Looks like that side of things is working if you
are getting a kerberos ticket ok.
Pretty certain you are going to need to get reverse DNS lookups functioning
properly to get kerberos connections working though.
Its worth doing as less than fully functional DNS just makes life difficult
for network users. Unfortunately its something I have no experience of
fixing so don't know how to help with that.
If you are just using hostnames in your inventory, check that the search
suffixes are set up correctly in your resolv.conf
Jon
On Monday, July 25, 2016 at 9:09:02 PM UTC+1, manoj kumar wrote:
>
> Host name is resolvable to an IP. But while resolving IP back for testing
> reverse DNS mapping it is not happening.
>
> In /etc/krb5.conf we have the correct configuration as below.
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
> default_realm = WEBSITE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> [realms]
> WEBSITE.COM = {
> kdc = WIN-SA2TXZOTVMV.website.com
> admin_server = WIN-SA2TXZOTVMV.website.com
> }
> [domain_realm]
> .website.com = WEBSITE.COM
> website.com = WEBSITE.COM
>
>
> Also I am getting connected to the domain using *kinit.*
>
> But the servers are not getting recognized. with the error "traceroute
> AMATLTDMSWEB00.RECALL.COM
> AMATLTDMSWEB00.RECALL.COM: Name or service not known
> Cannot handle "host" cmdline arg `AMATLTDMSWEB00.RECALL.COM' on position
> 1 (argc 1)
> "
>
> While using servername/ip in the hosts file and tries to getting conencted
> the below mentioned error comes up.
>
>
> On Friday, July 22, 2016 at 7:50:34 PM UTC+5:30, J Hawkesworth wrote:
>>
>> Not sure what is wrong but kerberos needs DNS to work fully (both forward
>> and reverse lookups).
>>
>> Check the hostname can be resolved to an ip from your ansible controller.
>>
>> Also check you have configured correct domain controllers in your
>> /etc/krb5.conf
>>
>> Hope this helps,
>>
>> Jon
>>
>> On Friday, July 22, 2016 at 1:43:48 PM UTC+1, manoj kumar wrote:
>>>
>>> Hi,
>>>
>>> I have ansible version
>>> *ansible 2.1.0.0*
>>> * config file = /etc/ansible/ansible.cfg*
>>> * configured module search path = Default w/o overrides*
>>>
>>> Kerberos is also installled along with request_kerberose and
>>> pywinrm0.2.0.
>>>
>>> I am getting the error while running a ping module as " *"changed":
>>> false,*
>>> * "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS
>>> failure. Minor code may provide more information', 851968), ('Server not
>>> found in Kerberos database', -1765328377))",*
>>> * "unreachable": true*
>>> "
>>> Host file is like
>>> *[server]*
>>> *BCDFPO91.PAL.COM <http://BCDFPO91.PAL.COM>*
>>>
>>> *[server:vars]*
>>> *[email protected]*
>>> *ansible_ssh_pass=0987*
>>> *ansible_connection=winrm*
>>> *ansible_port=5986*
>>> *ansible_winrm_transport=kerberos*
>>> *ansible_winrm_kerberos_delegation=yes*
>>>
>>>
>>> Can you guys please help out what needs to be done to resolve this.
>>>
>>> BR
>>> Manoj
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b5b696e6-6ce2-45fa-b33c-88f56c136b33%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
