Hi In my company we have a forest with multiple domains, EUR / USA ... I can work without any issue with my domain (EUR) with a EUR user
Now i'm trying to access a USA server with and got the following failure: # ansible-playbook agent.yml --limit tsthost67.usa.company.com -vvvv ansible-playbook 2.6.2 config file = /ansible/scripts/ansible.cfg configured module search path = [u'/usr/local/lib/python2.7/dist-packages/ara/plugins/modules'] ansible python module location = /usr/lib/python2.7/dist-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.12 (default, Dec 4 2017, 14:50:18) [GCC 5.4.0 20160609] Using /ansible/scripts/ansible.cfg as config file setting up inventory plugins Parsed /ansible/scripts/inventory/windows.yml inventory source with yaml plugin Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc Loading callback plugin ara of type notification, v2.0 from /usr/local/lib/python2.7/dist-packages/ara/plugins/callbacks/log_ara.pyc PLAYBOOK: agent.yml ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** 1 plays in agent.yml PLAY [fw] ********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************* Trying secret FileVaultSecret(filename='/nfs/site/disks/home30/ansible/.ssh/ansible_vault.txt') for vault_id=default TASK [Gathering Facts] ******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** task path: /ansible/scripts/agent.yml:2 Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1 <tsthost67.usa.company.com> ESTABLISH WINRM CONNECTION FOR USER: [email protected] on PORT 5986 TO tsthost67.usa.company.com checking if winrm_host tsthost67.usa.company.com is an IPv6 address calling kinit with pexpect for principal [email protected] fatal: [tsthost67.usa.company.com]: UNREACHABLE! => { "changed": false, * "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Generic error (see e-text)', -1765328324))",* "unreachable": true } to retry, use: --limit @/ansible/scripts/qb-agent-fw.retry PLAY RECAP ******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** tsthost67.usa.company.com : ok=0 changed=0 unreachable=1 failed=0 my kerberos file: # cat /etc/krb5.conf [libdefaults] default_realm = EUR.COMPANY.COM ticket_lifetime = 36000 renew_lifetime = 2592000 default_keytab_name = /etc/krb5.keytab forwardable = true allow_weak_crypto = true dns_lookup_realm = false dns_lookup_kdc = false default_tgs_enctypes = des-cbc-crc arcfour-hmac-md5 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc preferred_preauth_types = des-cbc-crc [domain_realm] .usa.company.com = USA.COMPANY.COM .... [libvas] use-dns-srv = true use-server-referrals = true [realms] USA.COMPANY.COM = { default_domain = usa.company.com ... } EUR.COMPANY.COM = { default_domain = eur.company.com ... } My group_vars file: ansible_user: [email protected] ansible_password: SECURED_PASSWORD ansible_port: 5986 ansible_connection: winrm ansible_winrm_transport: kerberos ansible_winrm_scheme: https ansible_winrm_server_cert_validation: ignore ansible_winrm_kerberos_delegation: true How can i access a computer in the USA domain ? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7c0351de-9a01-4f4d-a2cc-f3dd23d1eb51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
