Hi, I'm using ansible on Ubuntu 16.04 LTS and try to mange my win10 server.
But met trouble when I using Certificate authentication:
gary@gary-HP-Pavilion-Notebook:~$ ansible win_test -m win_ping
192.168.1.207 | UNREACHABLE! => {
"changed": false,
"msg": "certificate: the specified credentials were rejected by the
server",
"unreachable": true
}
I just follow the Ansible Document to setup environment step by step:
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#certificate
My WinRM setting:
PS C:\Users\Test> winrm get winrm/config/Service
Service
RootSDDL =
O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Host vars:
[win_test]
192.168.1.207
[win_test:vars]
ansible_connection="winrm"
ansible_port=5985
ansible_winrm_cert_pem="/home/gary/Documents/cert.pem"
ansible_winrm_cert_key_pem="/home/gary/Documents/cert_key.pem"
ansible_winrm_transport="certificate"
Anything wrong with my settings? Please help, thanks~
PS: It works when I use Basic anthentication.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/de2738f9-d224-4481-89f0-0642d9280b5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
