This issue is due to the double hop problem typically seen with WinRM. Any
further outbound authentications from the Windows host (Ansible -> Windows
host -> AD controller) will appear as an anonymous user and results in
either access is denied or resource not found type errors. You have 3
options
1. Use become on your task with the same credentials as the connection
user
- name: run win_domain_group with become
win_domain_group:
...
become: yes
become_method: runas
vars:
ansible_become_user: '{{ ansible_user }}' # The module will run as
this user and have it's credentials enabled for further network
authentication.
ansible_become_pass: '{{ ansible_password }}'
1. Use explicit credentials with win_domain_group, i.e. set
domain_username and domain_password
2. Use CredSSP or Kerberos with credential delegation set as your WinRM
transport
All 3 options allow the requests to AD to be backed by a set of credentials
so it doesn't appear as an anonymous user they are just done in different
ways.
Thaks
Jordan
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7498bbde-d23d-4125-b942-8042483fa23b%40googlegroups.com.
