Hi Team,
In our environment , basic , ntlm ,credssp is disabled by default in
windows2012 machines and I tried it out with last option that is kerberos .
Scenario -
centos machine has ansible controller
new domain has been created and it has few servers with it
I added the domain fqdn in etc/hosts to make it reachable because initially
only IP is reachable from ansible
I installed all kerberos libraries uisng pip and configured krb.conf file
accordingly
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = OPS68.ISYNTAX.NET
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
OPS68.ISYNTAX.NET = {
kdc = OPS68.isyntax.net
default_domain = OPS68.ISYNTAX.NET
}
[domain_realm]
OPS68.ISYNTAX.NET = OPS68.ISYNTAX.NET
.OPS68.ISYNTAX.NET = OPS68.ISYNTAX.NET
But still if i try to run playbooks , it says "Cannot find
KDC for realm \"ops68.isyntax.net\" while getting initial credentials",
Any help is appreciated?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/12419e23-5c43-4fbf-b915-b19b563d6938%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
