Kerberos is highly dependent on DNS from working. With Kerberos the client builds an SPN in the format 'HTTP/<connection name>, in your case that will be 'HTTP/10.50.1.231'. Active directory only creates automatic SPNs using the DNS name of a host, i.e. 'HTTP/hostname.domain.com' so that's the SPN that needs to be specified by the Ansible client for Kerberos auth to work.
TLDR you can do on of the following in order of preference - Connect to Ansible using the FQDN of the host and not the IP. This will construct the proper SPN - Continue connecting using the IP but set 'ansible_winrm_kerberos_hostname_override: <FQDN>' - Create the SPN in AD for 'HTTP/<ip address>' for the host you are connecting to The first option is really the only sane way going forward as you don't need to maintain 2 sets of data for the Windows host. If you have Kerberos set up correctly in your org then DNS should work just fine and you don't have to worry about IP addresses at all. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5d3223f4-729b-42d6-b221-f3bfb8baeae8%40googlegroups.com.
