Hello, I've configured a Windows 2016 Server using ConfigureRemotingForAnsible.ps1 and am able to do a simple ping test using basic auth.
Command I'm using is: ansible all -i myinventory -m win_ping I get a pong back. When trying to use Kerberos, authentication ... different story: My inventory looks like: xjaxd11133app.csxt.ad.csx.com [email protected] ansible_password=secret ansible_port=5986 ansible_winrm_transport=kerberos ansible_connection=winrm ansible_winrm_server_cert_validation=ignore Instead, I'm seeing: ansible all -i kerbauth -m win_ping /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg force_preemptive, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg delegate, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg send_cbt, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg principal, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg sanitize_mutual_error_response, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg hostname_override, check installed version with pip list % (str(function), name)) An exception occurred during task execution. To see the full traceback, use -vvv. The error was: MutualAuthenticationError: Unable to authenticate <Response [200]> xjaxd11133app.csxt.ad.csx.com | FAILED! => { "msg": "Unexpected failure during module execution.", "stdout": "" } For more verbose: [j8683@lnx30137 /home/j8683]$ ansible all -i kerbauth -m win_ping -vvvvv ansible 2.6.2 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/j8683/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)] Using /etc/ansible/ansible.cfg as config file setting up inventory plugins Parsed /home/j8683/kerbauth inventory source with ini plugin Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/minimal.pyc META: ran handlers Using module file /usr/lib/python2.7/site-packages/ansible/modules/windows/win_ping.ps1 <xjaxd11133app.csxt.ad.csx.com> ESTABLISH WINRM CONNECTION FOR USER: [email protected] on PORT 5986 TO xjaxd11133app.csxt.ad.csx.com checking if winrm_host xjaxd11133app.csxt.ad.csx.com is an IPv6 address creating Kerberos CC at /tmp/tmp8tVXsJ calling kinit with subprocess for principal [email protected] kinit succeeded for principal [email protected] <xjaxd11133app.csxt.ad.csx.com> WINRM CONNECT: transport=kerberos endpoint=https://xjaxd11133app.csxt.ad.csx.com:5986/wsman /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg force_preemptive, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg delegate, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg send_cbt, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg principal, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg sanitize_mutual_error_response, check installed version with pip list % (str(function), name)) /usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg hostname_override, check installed version with pip list % (str(function), name)) <xjaxd11133app.csxt.ad.csx.com> WINRM OPEN SHELL: 175244FF-08BF-4463-A577-1B800748F4B5 EXEC (via pipeline wrapper) <xjaxd11133app.csxt.ad.csx.com> WINRM EXEC 'PowerShell' ['-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-'] <xjaxd11133app.csxt.ad.csx.com> WINRM CLOSE SHELL: 175244FF-08BF-4463-A577-1B800748F4B5 The full traceback is: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 138, in run res = self._execute() File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 576, in _execute result = self._handler.run(task_vars=variables) File "/usr/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 46, in run result = merge_hash(result, self._execute_module(task_vars=task_vars, wrap_async=wrap_async)) File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 853, in _execute_module res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data) File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 960, in _low_level_execute_command rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 524, in exec_command result = self._winrm_exec(cmd_parts[0], cmd_parts[1:], from_exec=True, stdin_iterator=stdin_iterator) File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 433, in _winrm_exec command_id = self.protocol.run_command(self.shell_id, to_bytes(command), map(to_bytes, args), console_mode_stdin=(stdin_iterator is None)) File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 341, in run_command res = self.send_message(xmltodict.unparse(req)) File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 234, in send_message resp = self.transport.send_message(message) File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 256, in send_message response = self._send_message_request(prepared_request, message) File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 261, in _send_message_request response = self.session.send(prepared_request, timeout=self.read_timeout_sec) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 582, in send r = dispatch_hook('response', hooks, r, **kwargs) File "/usr/lib/python2.7/site-packages/requests/hooks.py", line 41, in dispatch_hook _hook_data = hook(hook_data, **kwargs) File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 267, in handle_response _r = self.handle_other(response) File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 212, in handle_other "{0}".format(response)) MutualAuthenticationError: Unable to authenticate <Response [200]> xjaxd11133app.csxt.ad.csx.com | FAILED! => { "msg": "Unexpected failure during module execution.", "stdout": "" } I've got the following winrm, requests, and kerberos software installed... pip list | grep -e winrm -e kerb kerberos 1.3.0 pykerberos 1.2.1 pywinrm 0.3.0 requests-kerberos 0.12.0 Has anyone seen this? Thanks, Radesh -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/12c56033-65f9-4da6-8c63-9e8e357ce73e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
