I can't see the output of your execution with Ansible but your main issue
is around the error message you get when running kinit with your domain
account. It is unable to get the Kerberos ticket for your user as it can't
connect to your domain/realm. You will need to solve this issue first if
you want to use Kerberos auth with Ansible but that is outside the scope of
Ansible.
Once you resolve that it would be highly recommended to change the
ansible_port to 5986 so it is run over HTTPS and your messages are
encrypted. If you don't change this Ansible will probably fail as Windows
by default doesn't allow un-encrypted messages to be sent to it.
On Monday, April 24, 2017 at 10:12:35 AM UTC+10, Nergalgreed Es wrote:
>
> Hello all.
>
> I am a ansible Rookie. I am trying to setup ansible to manage Windows
> machines. but i got some issues. here I will share some information about
> my system and my configuration.
>
> I hope you can help me.
>
> Thank you.
>
> linux machine
>
> Python 2.7.5
> REDHAT_SUPPORT_PRODUCT_VERSION="7.1"
> Red Hat Enterprise Linux Server release 7.1 (Maipo)
> kerberos 1.14.1
> ansible 2.2.1.0
>
>
> kerberos configuration
>
> /etc/krb5.conf.d/
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> dns_lookup_realm = true
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> rdns = false
> # default_realm = EXAMPLE.COM
> default_ccache_name = KEYRING:persistent:%{uid}
>
> [realms]
> STT.COM = {
> kdc = myserver.stt.com
>
> }
>
> [domain_realm]
> .stt.com = STT.COM
>
> when I run kinit the folloing error appeard
> # kinit -C myu...@stt.com <javascript:>
> kinit: Cannot contact any KDC for realm 'STT.COM' while getting initial
> credential
>
> ansible files
> group_vars/winndoes.yml
> ansible_user: myu...@stt.com <javascript:>
> ansible_password: mypas
> ansible_port: 5985
> ansible_winrm_transport: kerberos
> ansible_winrm_server_cert_validation: ignore
>
> on my windows machine I executed the following command
>
> @powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object
> net.webclient).DownloadString('
> https://github.com/ansible/ansible/raw/devel/examples/scripts/ConfigureRemotingForAnsible.ps1')
> )"
>
>
> when I run the following commnad ansible winnodes -i winhosts -m win_ping
>
> I got this
> ansible winnodes -i winhosts -m win_ping
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1b3c2cae-014c-43be-bdbd-347f9e3e872f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
