Thanks, I have tried NTLM and basic, and they both work fine. However, I am
evaluating this for a 2+ node enterprise solution, and Kerberos is a
must-have requirement.
On Tuesday, April 4, 2017 at 7:37:03 PM UTC-5, Jarryd Took wrote:
>
> @william:
>
> The latest requests-ntlm in
@william:
The latest requests-ntlm in combination of Ansible 2.2.0 you can use NTLM
against Windows machines. If this floats your boat as an alternative to
kerberos tickets.
ansible_connection: winrm
ansible_winrm_transport: ntlm
On Tuesday, April 4, 2017 at 12:27:21 AM UTC+10, William
Bingo. I was suspecting some kind of isolation thing, because it was so
clear that the environment was different when running a playbook than at
the command line, even when sudo'd as awx. Many thanks. I'll never get that
week back, but I love a mystery solved.
~Bill
On Tue, Apr 4, 2017 at 3:59
Tower uses an isolation tech called proot that will often break shared
ticket caches. If you can't wait for Ansible 2.3 (should be released within
the next couple weeks), I'd suggest disabling proot (IIRC it's in
settings.py, but my Tower-fu is getting rusty).
On Tuesday, April 4, 2017 at
time is definitely good.
i run ntpdate in my vagrant provisioning script just to be sure.
On Tue, Apr 4, 2017 at 2:20 PM, cupcake wrote:
> sanity check; is time in sync? windows AD/kerb wont auth if the skew is
> more than 5 or 10 minutes off. I also saw some weirdness
sanity check; is time in sync? windows AD/kerb wont auth if the skew is
more than 5 or 10 minutes off. I also saw some weirdness like this recently
and a reboot and then kinit again made it work but i think due to another
config reason on my part.
On Tuesday, April 4, 2017 at 9:09:27 AM UTC-4,
I think that's what I'm doing.
I've tried doing the kinit from the console, doing the kinit in a cron job,
doing the kinit manually in a playbook before running the winrm play book,
and doing it as a local_action in the winrm playbook itself.
In all cases (except the last one), the kinit
Ansible doesn't manage the tickets for you until Ansible Core 2.3 (still in
release candidate). Anything earlier, you'll have to do the kinit on the
controller yourself (either via a cron job or as part of your playbook with
a local action).
On Monday, April 3, 2017 at 7:27:21 AM UTC-7,