I changed a few things, and now I see this:
TASK [windowsupdates : Check If Windows Updates are Available]
******************************************************************************************************************************************************************
task path: /etc/ansible/roles/windowsupdates/tasks/main.yml:1
fatal: [ansible_host=x.x.x.x]: UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure for principal [email protected] with pexpect:
Cannot find KDC for realm \" XX.LOCAL \" while getting initial
credentials",
"unreachable": true
}
fatal: [ansible_host=x.x.x.x]: UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure for principal [email protected] with pexpect:
Cannot find KDC for realm \" XX.LOCAL \" while getting initial
credentials",
"unreachable": true
}
My vars look like this :
ansible_connection=winrm
[email protected]
ansible_password=xx
ansible_winrm_kerberos_hostname_override
ansible_port=5986
ansible_ssh_port=5986
ansible_winrm_transport=kerberos
ansible_connection=local
ansible_winrm_scheme=https
ansible_winrm_server_cert_validation=ignore
domain_server=xx.local
domain_username=xx.local\xx
domain_password=xx
Host file looks like this:
ansible_host=Ip add of the server
The ansible box isnt domain joined, and we have multiple domains.
On Tuesday, August 16, 2022 at 11:12:02 AM UTC-5 Igor Turovsky wrote:
> It sounds like your ansible host does not have Krb5 library installed -
> https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#installing-the-kerberos-library
> .
> Also, Kerberos uses FQDNs vs ip addresses, so you will need to have dns
> names set as hostnames in inventory (or to use
> ansible_winrm_kerberos_hostname_override
> variable.)
>
> вт, 16 авг. 2022 г. в 18:14, Nitrous <[email protected]>:
>
>> Our ansible box isnt domain joined, and we build alot of VMs from a
>> template, that has an account part of the image, that is local admin.
>>
>> I was reading more into kerboros authentication, and setup my var file as
>> this:
>>
>> [xx:vars]
>> ansible_connection=winrm
>> ansible_user=xx
>> ansible_password=xx
>> ansible_port=5986
>> ansible_ssh_port=5986
>> ansible_winrm_transport=kerberos
>> ansible_winrm_scheme=https
>> ansible_winrm_server_cert_validation=ignore
>> domain_server=test.local
>> domain_username=cc
>> domain_password=cc
>> wsus_server=cc
>>
>> When I run my playbook, I get:
>> fatal: [x.x.x.x]: UNREACHABLE! => {
>> "changed": false,
>> "msg": "Kerberos auth failure when calling kinit cmd 'kinit': The
>> command was not found or was not executable: kinit.",
>> "unreachable": true
>> }
>>
>> My host file has the sever entry as below:
>>
>> hostname ansible_host=IP address of host
>>
>> Changing the ansible_winrm_transport to basic works, with no issue.
>>
>> How can I use my existing config to work with kerberos?
>>
>> Please help/Suggest?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/03d44202-d21d-41e1-b01a-8960faab6c07n%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/03d44202-d21d-41e1-b01a-8960faab6c07n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0f0d5824-4a50-40ad-b2b8-972b85861733n%40googlegroups.com.
