This helped me as well, thanks :-)
Am Freitag, 21. April 2017 21:10:48 UTC+2 schrieb Siva Subramaniyan:
>
> *Thank you so much Jordan and Matt.* Issue has been resolved now. I
> really appreciate your help on this, i was struggling to fix this for long
> time..!! Happy week end...!
>
> I just followed both of your steps to fix the issue:-
>
> Changed the hosts file as below:-
>
>
> ansible_user=ans...@uat.intra.com <javascript:>
> ansible_password=password
> ansible_port=5986
> ansible_connection=winrm
> ansible_winrm_transport=kerberos
> ansible_winrm_server_cert_validation = ignore
>
>
> *after that updated the pywinrm[kerberos] :-*
>
> [root@liuatasans01 windows]# pip install pywinrm[kerberos]
> Requirement already satisfied: pywinrm[kerberos] in
> /usr/lib/python2.7/site-packages
> Requirement already satisfied: xmltodict in
> /usr/lib/python2.7/site-packages (from pywinrm[kerberos])
> Requirement already satisfied: requests>=2.9.1 in
> /usr/lib/python2.7/site-packages (from pywinrm[kerberos])
> Requirement already satisfied: requests_ntlm>=0.3.0 in
> /usr/lib/python2.7/site-packages (from pywinrm[kerberos])
> Requirement already satisfied: six in /usr/lib/python2.7/site-packages
> (from pywinrm[kerberos])
> Collecting requests-kerberos>=0.10.0 (from pywinrm[kerberos])
> Downloading requests_kerberos-0.11.0-py2.py3-none-any.whl
> Requirement already satisfied: python-ntlm3 in
> /usr/lib/python2.7/site-packages (from
> requests_ntlm>=0.3.0->pywinrm[kerberos])
> Requirement already satisfied: pykerberos<2.0.0,>=1.1.8; sys_platform !=
> "win32" in /usr/lib64/python2.7/site-packages (from
> requests-kerberos>=0.10.0->pywinrm[kerberos])
> Installing collected packages: requests-kerberos
> Found existing installation: requests-kerberos 0.7.0
> Uninstalling requests-kerberos-0.7.0:
> Successfully uninstalled requests-kerberos-0.7.0
> *Successfully installed requests-kerberos-0.11.0*
>
> *[root@liuatasans01 ~]# ansible windows -m win_ping172.45.17.182 | SUCCESS
> => { "changed": false, "ping": "pong"}*
>
>
> Thanks
> Siva Subramaniyan
>
> On Thursday, April 20, 2017 at 5:13:45 PM UTC-6, Siva-Ansile wrote:
>>
>> HI Team,
>>
>> I have a new requirement to install an agant in 1500 windows machines,
>> all these machine are Domain managed VMs. When i try to connect using local
>> user, i am able to connect the windows box, But when i use AD credentials
>> its not working. Let me share my current Setup here. Please help.
>>
>> Windows VM settings:-
>>
>>
>> 1. Enabled WINRM
>> 2. Ran the script in the remote Windows VM
>>
>> ConfigureRemotingForAnsible.ps1
>>
>> <https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1>
>>
>>
>>
>> Ansible Host:(Linux RHEL 7.2)
>> Installed packages:
>>
>> 1. Ansible 2.2.1.0
>> 2. Python 2.7.5
>> 3. krb5-workstation-1.14.1-27.el7_3.x86_64
>> 4. krb5-devel-1.14.1-27.el7_3.x86_64
>> 5. krb5-libs-1.14.1-27.el7_3.x86_64
>> 6. kerberos
>>
>> Krb5.conf entry as below:
>>
>> [logging]
>> default = FILE:/var/log/krb5libs.log
>> kdc = FILE:/var/log/krb5kdc.log
>> admin_server = FILE:/var/log/kadmind.log
>>
>> [realms]
>> UAT.INTRA.COM = {
>> kdc = winad23987.uat.intra.com
>> admin_server = winad23987.uat.intra.com
>> }
>>
>> [domain_realm]
>> .uat.intra.com = UAT.INTRA.COM
>>
>> ==============
>> Kinit and Klist as below:-
>>
>>
>> [root@liuatasans01 ~]# kinit ans...@uat.intra.com <javascript:>
>> Password for ans...@uat.intra.com <javascript:>:
>>
>> [root@liuatasans01 ~]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: ans...@uat.intra.com <javascript:>
>>
>> Valid starting Expires Service principal
>> 04/20/2017 18:31:59 04/21/2017 04:31:59 krbtgt/uat.in...@uat.intra.com
>> <javascript:>
>> renew until 04/21/2017 18:31:55
>> [root@liuatasans01 ~]#
>>
>> ============================
>> Inventory file as below:-
>>
>> /etc/ansible/hosts
>>
>> [windows]
>> 172.45.17.182
>>
>> [windows:vars]
>>
>> ansible_ssh_user=ans...@uat.intra.com <javascript:>
>> ansible_password="P@$$wo6d"
>> ansible_port=5985
>> ansible_connection=winrm
>>
>> =====================================
>> Error as below:-(while trying to connect the AD user)
>>
>> [root@liuatasans01 ~]# ansible windows -m win_ping
>> 172.45.17.182 | UNREACHABLE! => {
>> "changed": false,
>> "msg": "kerberos: __init__() got an unexpected keyword argument
>> 'hostname_override', plaintext: auth method plaintext requires a password",
>> "unreachable": true
>> }
>>
>> ====================================
>>
>> Working when connecting as windows local user:-
>>
>> [root@liuatasans01 ~]# ansible windows -m win_ping
>>
>> 172.45.17.182 | SUCCESS => {
>> "changed": false,
>> "ping": "pong"
>> }
>>
>> =================================
>>
>>
>> Please help to fix the issue:
>>
>> While connecting as AD user, getting the below error in the windows Audit
>> log
>>
>>
>> The computer attempted to validate the credentials for an account.
>>
>> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>> Logon Account: ans...@uat.intra.com <javascript:>
>> Source Workstation: winvmuatiis7202
>> Error Code: 0xC0000064
>> ================================
>>
>> Appreciate your help on this
>>
>>
>>
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8b69a853-5edd-4f47-a25a-9b769266feb9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
