Hi, I'm using ansible on Ubuntu 16.04 LTS and try to mange my win10 server.
But met trouble when I using Certificate authentication:
gary@gary-HP-Pavilion-Notebook:~$ ansible win_test -m win_ping
192.168.1.207 | UNREACHABLE! => {
"changed": false,
"msg": "certificate: the specified credentials were rejected by the
server",
"unreachable": true
}
I just follow the Ansible Document to setup environment step by step:
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#certificate
My WinRM setting:
PS C:\Users\Test> winrm get winrm/config/Service
Service
RootSDDL =
O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Host vars:
[win_test]
192.168.1.207
[win_test:vars]
ansible_connection="winrm"
ansible_port=5985
ansible_winrm_cert_pem="/home/gary/Documents/cert.pem"
ansible_winrm_cert_key_pem="/home/gary/Documents/cert_key.pem"
ansible_winrm_transport="certificate"
Anything wrong with my settings? Please help, thanks~
PS: It works when I use Basic anthentication.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/de2738f9-d224-4481-89f0-0642d9280b5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
