I would love to use NTLM or CredSSP because Kerberos is a bit of a PITA it seems. Do those transports require host configuration? If I simply change the transport to ntlm I get:
"msg": "ntlm: the specified credentials were rejected by the server" And with CredSSP I get: "msg": "credssp: The server did not respond with CredSSP as an available auth method" On Thursday, June 8, 2017 at 9:49:53 AM UTC-7, [email protected] wrote: > > The domain status of the Ansible controller shouldn't matter. If DNS is > working, the typical remaining causes of that error are not using the FQDN > of the target host in your Ansible inventory, or that the host's HTTP SPN > has been reassigned to another user. > > Also, if you don't absolutely need to use Kerberos, NTLM or CredSSP are > much easier ways to do domain user auth... > > On Thursday, June 8, 2017 at 8:59:34 AM UTC-7, Jim Heald wrote: >> >> I'm trying to use Ansible to log into a Windows host, and I'm having >> issues logging in. >> >> 1. My Ansible server is joined to the domain >> 2. DNS lookup works, as well as in reverse >> 3. I can log into the Windows hosts as a local user through Ansible >> 4. Running something like "id <user>@<domain>" works on my Ansible >> server >> >> The error I am getting is this: "msg": "kerberos: authGSSClientStep() >> failed: (('Unspecified GSS failure. Minor code may provide more >> information', 851968), ('Server not found in Kerberos database', >> -1765328377))", >> >> I can ping the host, and like I said both DNS and Reverse DNS work. I >> know for sure the host is joined to the domain, and I'm pretty certain the >> Linux server is joined to the domain. Any suggestions? >> >> Thanks! >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/be699cd6-1383-4274-bb2e-2936995c3707%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
