There's a command line switch you have to use on the ConfigureRemotingForAnsible.ps1 if you want to use CredSSP I think.
Re your kerberos problem, has the windows box you are trying to hit actually been joined to the domain? On Thursday, June 8, 2017 at 8:41:40 PM UTC+1, Jim Heald wrote: > > I would love to use NTLM or CredSSP because Kerberos is a bit of a PITA it > seems. Do those transports require host configuration? If I simply change > the transport to ntlm I get: > > "msg": "ntlm: the specified credentials were rejected by the server" > > And with CredSSP I get: > > "msg": "credssp: The server did not respond with CredSSP as an available > auth method" > > On Thursday, June 8, 2017 at 9:49:53 AM UTC-7, [email protected] wrote: >> >> The domain status of the Ansible controller shouldn't matter. If DNS is >> working, the typical remaining causes of that error are not using the FQDN >> of the target host in your Ansible inventory, or that the host's HTTP SPN >> has been reassigned to another user. >> >> Also, if you don't absolutely need to use Kerberos, NTLM or CredSSP are >> much easier ways to do domain user auth... >> >> On Thursday, June 8, 2017 at 8:59:34 AM UTC-7, Jim Heald wrote: >>> >>> I'm trying to use Ansible to log into a Windows host, and I'm having >>> issues logging in. >>> >>> 1. My Ansible server is joined to the domain >>> 2. DNS lookup works, as well as in reverse >>> 3. I can log into the Windows hosts as a local user through Ansible >>> 4. Running something like "id <user>@<domain>" works on my Ansible >>> server >>> >>> The error I am getting is this: "msg": "kerberos: authGSSClientStep() >>> failed: (('Unspecified GSS failure. Minor code may provide more >>> information', 851968), ('Server not found in Kerberos database', >>> -1765328377))", >>> >>> I can ping the host, and like I said both DNS and Reverse DNS work. I >>> know for sure the host is joined to the domain, and I'm pretty certain the >>> Linux server is joined to the domain. Any suggestions? >>> >>> Thanks! >>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/27ad10f4-69b5-4d75-97d1-06d2c4abf5b7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
