Do you have kerberos delegation? This seems like the classic second hop
authentication problem.
On Wednesday, July 5, 2017 at 5:53:13 PM UTC+2, anil kumar wrote:
>
> I am trying to invoke AD commands( I put this into powershellscript) from
> ansible server. I am using Kerberos in the ansible server for auth. Can you
> guys help in this issue?
>
> Below is my powershell script runs on windows server(windows server 2008
> r2 standard), which is in domain. I am able to run this powershell script
> fine when I RDP into this machine. But fails when i run this script from
> powershell.
>
> ==============================================================================================================================================================================
> param (
> [string]$vm_name
> )
> $grp= -join($vm_name,"_login")
> Import-Module -Name ActiveDirectory
> Set-ADGroup -Identity $grp -GroupScope Universal -GroupCategory Security
> Add-ADGroupMember -Identity $grp -Members eoinf-sysadmin
>
> Below is error message when I run above script from ansible:
> =============================================
> ansible-playbook winAD.yml --extra-vars "vm_name=marx5075" -vv
> Using /home/athangal/playbooks/ansible.cfg as config file
> PLAYBOOK: winAD.yml
> ************************************************************
> 1 plays in winAD.yml
> PLAY [win]
> *********************************************************************
> TASK [raw]
> *********************************************************************
> task path: /home/athangal/playbooks/winAD.yml:8
> changed: [WINDOWS.my.corp] => {"changed": true, "rc": 0, "stderr":
> "Set-ADGroup : Unable to contact the server. This may be because this
> server \r\ndoes not exist, it is currently down, or it does not have the
> Active Directory \r\nWeb Services running.\r\nAt
> C:\\scripts\\setUnvGp.ps1:6 char:1\r\n+ Set-ADGroup -Identity $grp
> –GroupScope Universal -GroupCategory Security\r\n+
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+
> CategoryInfo : ResourceUnavailable: (marx5075_login:ADGroup) [S
> \r\net-ADGroup], ADServerDownException\r\n+ FullyQualifiedErrorId : Unable
> to contact the server. This may be becaus \r\ne this server does not exist,
> it is currently down, or it does not have th \r\ne Active Directory Web
> Services running.,Microsoft.ActiveDirectory.Managem
> \r\nent.Commands.SetADGroup\r\n\r\nAdd-ADGroupMember : Unable to contact
> the server. This may be because this \r\nserver does not exist, it is
> currently down, or it does not have the Active \r\nDirectory Web Services
> running.\r\nAt C:\\scripts\\setUnvGp.ps1:7 char:1\r\n+ Add-ADGroupMember
> -Identity $grp -Members eoinf-sysadmin\r\n+
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+
> CategoryInfo : ResourceUnavailable: (marx5075_login:ADGroup) [A
> \r\ndd-ADGroupMember], ADServerDownException\r\n+ FullyQualifiedErrorId :
> Unable to contact the server. This may be becaus \r\ne this server does not
> exist, it is currently down, or it does not have th \r\ne Active Directory
> Web Services running.,Microsoft.ActiveDirectory.Managem
> \r\nent.Commands.AddADGroupMember\r\n", "stdout": "", "stdout_lines": []}
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7b5eb9c3-8233-4f0d-8992-ab821d914595%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
