I never got Kerberos to work. I ended up using SSL instead. On Wednesday, June 1, 2016 at 5:40:48 PM UTC-5, skinnedknuckles wrote: > > Control Node: > > - CentOS 7 > - Ansible 2.1 > - pywinrm version from May 19th, 2016 > > Remote Node: > > - Windows 7 > - Powershell 3 > > > I'm having trouble connecting to my remote node with kerberos. I have > carefully followed all the instructions from the Ansible Docs website > <http://docs.ansible.com/ansible/intro_windows.html#active-directory-support>. > > When I run "klist" it shows a kerberos-ticket-getting-ticket so I know it > is working that far. But then when I run win_ping, I get the error message > below. Can I assume all AD accounts are in the Kerberos Database or do > they need to be added somehow? Otherwise how can I fix this? > > > *$ cat windows.yml* > *---* > *ansible_user: ads-6999* > *ansible_password: ******* > *ansible_port: 5985* > *ansible_connection: winrm* > *ansible_winrm_realm: ACME.COM <http://ACME.COM>* > *ansible_winrm_transport: kerberos* > *ansible_winrm_kerberos_delegation: yes* > > > *$ klist* > *Ticket cache: KEYRING:persistent:1000:1000* > *Default principal: [email protected] <[email protected]>* > > *Valid starting Expires Service principal* > *06/01/2016 17:00:46 06/02/2016 03:00:46 krbtgt/[email protected] > <[email protected]>* > * renew until 06/08/2016 17:00:19* > *$ ansible windows -m win_ping* > > > > > > > > > > > > > > > > > > > > *No config file found; using defaultsLoaded callback minimal of type > stdout, v2.0<ADS-6999> ESTABLISH WINRM CONNECTION FOR USER: ads-6999 on > PORT 5985 TO ADS-6999<ADS-6999> WINRM CONNECT: transport=kerberos > endpoint=http://ADS-6999:5985/wsman <http://ADS-6999:5985/wsman><ADS-6999> > WINRM CONNECTION ERROR: (('Unspecified GSS failure. Minor code may provide > more information', 851968), ('Server not found in Kerberos database', > -1765328377))Traceback (most recent call last): File > "/etc/ansible/lib/ansible/plugins/connection/winrm.py", line 134, in > _winrm_connect protocol.send_message('') File > "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in > send_message return self.transport.send_message(message) File > "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in > send_message krb_ticket = KerberosTicket(self.krb_service) File > "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in > __init__ kerberos.authGSSClientStep(krb_context, '')GSSError: > (('Unspecified GSS failure. Minor code may provide more information', > 851968), ('Server not found in Kerberos database', -1765328377))ADS-6999 | > FAILED! => { "failed": true, "msg": "kerberos: (('Unspecified GSS > failure. Minor code may provide more information', 851968), ('Server not > found in Kerberos database', -1765328377))"}* >
-- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/57295e10-3313-46aa-874a-85fe0ec1286e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
