Even a simple playbook for ping fails, but using basic authentication,
works:
TASK [ping]
*********************************************************************************************************************************************************************************************************************
task path: /etc/ansible/playbooks/multiple.yml:8
fatal: [ansible_host=x.x.x.x]: FAILED! => {
"changed": false,
"module_stderr": "/bin/sh: 1: powershell: not found\n",
"module_stdout": "",
"msg": "The module failed to execute correctly, you probably need to
set the interpreter.\nSee stdout/stderr for the exact error",
"rc": 127
}
On Tuesday, August 16, 2022 at 11:34:16 AM UTC-5 Nitrous wrote:
> I changed a few things, and now I see this:
>
> TASK [windowsupdates : Check If Windows Updates are Available]
> ******************************************************************************************************************************************************************
> task path: /etc/ansible/roles/windowsupdates/tasks/main.yml:1
> fatal: [ansible_host=x.x.x.x]: UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure for principal [email protected] with
> pexpect: Cannot find KDC for realm \" XX.LOCAL \" while getting initial
> credentials",
> "unreachable": true
> }
> fatal: [ansible_host=x.x.x.x]: UNREACHABLE! => {
> "changed": false,
> "msg": "Kerberos auth failure for principal [email protected] with
> pexpect: Cannot find KDC for realm \" XX.LOCAL \" while getting initial
> credentials",
> "unreachable": true
> }
>
> My vars look like this :
>
> ansible_connection=winrm
> [email protected]
> ansible_password=xx
> ansible_winrm_kerberos_hostname_override
> ansible_port=5986
> ansible_ssh_port=5986
> ansible_winrm_transport=kerberos
> ansible_connection=local
> ansible_winrm_scheme=https
> ansible_winrm_server_cert_validation=ignore
> domain_server=xx.local
> domain_username=xx.local\xx
> domain_password=xx
>
> Host file looks like this:
>
> ansible_host=Ip add of the server
>
> The ansible box isnt domain joined, and we have multiple domains.
> On Tuesday, August 16, 2022 at 11:12:02 AM UTC-5 Igor Turovsky wrote:
>
>> It sounds like your ansible host does not have Krb5 library installed -
>> https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#installing-the-kerberos-library
>> .
>> Also, Kerberos uses FQDNs vs ip addresses, so you will need to have dns
>> names set as hostnames in inventory (or to use
>> ansible_winrm_kerberos_hostname_override
>> variable.)
>>
>> вт, 16 авг. 2022 г. в 18:14, Nitrous <[email protected]>:
>>
>>> Our ansible box isnt domain joined, and we build alot of VMs from a
>>> template, that has an account part of the image, that is local admin.
>>>
>>> I was reading more into kerboros authentication, and setup my var file
>>> as this:
>>>
>>> [xx:vars]
>>> ansible_connection=winrm
>>> ansible_user=xx
>>> ansible_password=xx
>>> ansible_port=5986
>>> ansible_ssh_port=5986
>>> ansible_winrm_transport=kerberos
>>> ansible_winrm_scheme=https
>>> ansible_winrm_server_cert_validation=ignore
>>> domain_server=test.local
>>> domain_username=cc
>>> domain_password=cc
>>> wsus_server=cc
>>>
>>> When I run my playbook, I get:
>>> fatal: [x.x.x.x]: UNREACHABLE! => {
>>> "changed": false,
>>> "msg": "Kerberos auth failure when calling kinit cmd 'kinit': The
>>> command was not found or was not executable: kinit.",
>>> "unreachable": true
>>> }
>>>
>>> My host file has the sever entry as below:
>>>
>>> hostname ansible_host=IP address of host
>>>
>>> Changing the ansible_winrm_transport to basic works, with no issue.
>>>
>>> How can I use my existing config to work with kerberos?
>>>
>>> Please help/Suggest?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/03d44202-d21d-41e1-b01a-8960faab6c07n%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/ansible-project/03d44202-d21d-41e1-b01a-8960faab6c07n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/00ee0f2f-6117-4d71-9af0-ef37749f0783n%40googlegroups.com.
