It sounds like your ansible host does not have Krb5 library installed - https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#installing-the-kerberos-library . Also, Kerberos uses FQDNs vs ip addresses, so you will need to have dns names set as hostnames in inventory (or to use ansible_winrm_kerberos_hostname_override variable.)
вт, 16 авг. 2022 г. в 18:14, Nitrous <[email protected]>: > Our ansible box isnt domain joined, and we build alot of VMs from a > template, that has an account part of the image, that is local admin. > > I was reading more into kerboros authentication, and setup my var file as > this: > > [xx:vars] > ansible_connection=winrm > ansible_user=xx > ansible_password=xx > ansible_port=5986 > ansible_ssh_port=5986 > ansible_winrm_transport=kerberos > ansible_winrm_scheme=https > ansible_winrm_server_cert_validation=ignore > domain_server=test.local > domain_username=cc > domain_password=cc > wsus_server=cc > > When I run my playbook, I get: > fatal: [x.x.x.x]: UNREACHABLE! => { > "changed": false, > "msg": "Kerberos auth failure when calling kinit cmd 'kinit': The > command was not found or was not executable: kinit.", > "unreachable": true > } > > My host file has the sever entry as below: > > hostname ansible_host=IP address of host > > Changing the ansible_winrm_transport to basic works, with no issue. > > How can I use my existing config to work with kerberos? > > Please help/Suggest? > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/03d44202-d21d-41e1-b01a-8960faab6c07n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/03d44202-d21d-41e1-b01a-8960faab6c07n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAM1nFkHjJW63B7m7WruHOBP_qMRt8CU9we_h%3DHikUxBOvKc7tw%40mail.gmail.com.
