Using an USA domain user instead of a EUR domain user move me to another issue
*"kerberos: Bad HTTP response returned from server. Code 400"* I found out this question here : https://groups.google.com/forum/#!topic/ansible-project/WJbhN3VYMmI but nothing could help me. I have to say, my first choice would be to use the same user eventually. Thanks Jordan / Jon ? :) On Monday, August 27, 2018 at 9:51:54 AM UTC+3, Jeremie Levy wrote: > > Hi > In my company we have a forest with multiple domains, EUR / USA ... > I can work without any issue with my domain (EUR) with a EUR user > > Now i'm trying to access a USA server with and got the following failure: > > # ansible-playbook agent.yml --limit tsthost67.usa.company.com -vvvv > ansible-playbook 2.6.2 > config file = /ansible/scripts/ansible.cfg > configured module search path = > [u'/usr/local/lib/python2.7/dist-packages/ara/plugins/modules'] > ansible python module location = /usr/lib/python2.7/dist-packages/ansible > executable location = /usr/bin/ansible-playbook > python version = 2.7.12 (default, Dec 4 2017, 14:50:18) [GCC 5.4.0 > 20160609] > Using /ansible/scripts/ansible.cfg as config file > setting up inventory plugins > Parsed /ansible/scripts/inventory/windows.yml inventory source with yaml > plugin > Loading callback plugin default of type stdout, v2.0 from > /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc > Loading callback plugin ara of type notification, v2.0 from > /usr/local/lib/python2.7/dist-packages/ara/plugins/callbacks/log_ara.pyc > > PLAYBOOK: agent.yml > ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** > 1 plays in agent.yml > > PLAY [fw] > ********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************* > Trying secret > FileVaultSecret(filename='/nfs/site/disks/home30/ansible/.ssh/ansible_vault.txt') > > for vault_id=default > > TASK [Gathering Facts] > ******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** > task path: /ansible/scripts/agent.yml:2 > Using module file > /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1 > <tsthost67.usa.company.com> ESTABLISH WINRM CONNECTION FOR USER: > [email protected] on PORT 5986 TO tsthost67.usa.company.com > checking if winrm_host tsthost67.usa.company.com is an IPv6 address > calling kinit with pexpect for principal [email protected] > fatal: [tsthost67.usa.company.com]: UNREACHABLE! => { > "changed": false, > * "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS > failure. Minor code may provide more information', 851968), ('Generic > error (see e-text)', -1765328324))",* > "unreachable": true > } > to retry, use: --limit @/ansible/scripts/qb-agent-fw.retry > > PLAY RECAP > ******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************** > tsthost67.usa.company.com : ok=0 changed=0 unreachable=1 failed=0 > > > > my kerberos file: > > # cat /etc/krb5.conf > > > > [libdefaults] > default_realm = EUR.COMPANY.COM > > ticket_lifetime = 36000 > > renew_lifetime = 2592000 > > default_keytab_name = /etc/krb5.keytab > > forwardable = true > > allow_weak_crypto = true > > dns_lookup_realm = false > > dns_lookup_kdc = false > > default_tgs_enctypes = des-cbc-crc arcfour-hmac-md5 > > default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc > > preferred_preauth_types = des-cbc-crc > > > > > [domain_realm] > .usa.company.com = USA.COMPANY.COM > .... > > [libvas] > use-dns-srv = true > use-server-referrals = true > > > > [realms] > > USA.COMPANY.COM = { > > default_domain = usa.company.com > ... > } > EUR.COMPANY.COM = { > default_domain = eur.company.com > ... > } > > > My group_vars file: > > ansible_user: [email protected] > ansible_password: SECURED_PASSWORD > ansible_port: 5986 > ansible_connection: winrm > ansible_winrm_transport: kerberos > ansible_winrm_scheme: https > ansible_winrm_server_cert_validation: ignore > ansible_winrm_kerberos_delegation: true > > > > How can i access a computer in the USA domain ? > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4e220cb8-d40b-4957-a416-1257bb69932f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
