microsoft dynamic inventory
57 views
Skip to first unread message
Andy Magana
Feb 2, 2024, 12:30:15 PM2/2/24
to Ansible Development
Trying to this to work any help would be great, I just can't understand where the yaml file ( microsoft.ad.ldap.yaml file ) needs to be at and the python script that comes with the collection as well where does it go ?
What is supposed to be inside my inventory file ?
I have tried to run ansible-inventory -i microsoft.ad.ldap.yaml and I just errors that this is not a yaml file.
Thanks for any help
Andy Magana
Feb 2, 2024, 12:53:33 PM2/2/24
to Ansible Development
I just added an active directory and tested it from my ansible controller using ldapsearch and that works so now i know ldap can be reached from the controller to the active directory.
I just tried to run the yaml file according to what I understand ( i have a comprehension problem ) I get this output.
[ansible@ct01 ~]$ ansible-inventory -i inventories/microsoft.ad.ldap.yml --list
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with script plugin: problem running /home/ansible/inventories/microsoft.ad.ldap.yml --list ([Errno 8] Exec
format error: '/home/ansible/inventories/microsoft.ad.ldap.yml')
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with auto plugin: Configuration file does not specify default realm -1765328160
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with yaml plugin: Plugin configuration YAML file, not YAML inventory
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with ini plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not allowed, this character is
reserved to provide a port.
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with ansible_collections.microsoft.ad.plugins.inventory.ldap plugin: Configuration file does not specify
default realm -1765328160
[WARNING]: Unable to parse /home/ansible/inventories/microsoft.ad.ldap.yml as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
{
"_meta": {
"hostvars": {}
},
"all": {
"children": [
"ungrouped"
]
}
}
[ansible@ct01 ~]$
[ansible@ct01 ~]$ ansible-inventory -i inventories/microsoft.ad.ldap.yml --list
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with script plugin: problem running /home/ansible/inventories/microsoft.ad.ldap.yml --list ([Errno 8] Exec
format error: '/home/ansible/inventories/microsoft.ad.ldap.yml')
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with auto plugin: Configuration file does not specify default realm -1765328160
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with yaml plugin: Plugin configuration YAML file, not YAML inventory
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with ini plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not allowed, this character is
reserved to provide a port.
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with ansible_collections.microsoft.ad.plugins.inventory.ldap plugin: Configuration file does not specify
default realm -1765328160
[WARNING]: Unable to parse /home/ansible/inventories/microsoft.ad.ldap.yml as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
{
"_meta": {
"hostvars": {}
},
"all": {
"children": [
"ungrouped"
]
}
}
[ansible@ct01 ~]$
Mark Chappell
Feb 5, 2024, 2:37:22 AM2/5/24
to Andy Magana, Ansible Development
Hi Andy,
This isn't really the right group for general help using Ansible. This group is intended for questions related to developing Ansible or plugins. There's a separate group ansible-project, which you also seem to have posted to, which is better suited to these kinds of questions. Additionally, there is also the forum: https://forum.ansible.com/
That said, while I'm not familiar with the AD plugin, it looks like the "auto" plugin has attempted to use your inventory file and successfully passed it onto the AD inventory plugin. The problem appears to be in the error/warning message:
On Fri, 2 Feb 2024 at 18:53, Andy Magana <andy....@gmail.com> wrote:
[WARNING]: * Failed to parse /home/ansible/inventories/microsoft.ad.ldap.yml with auto plugin: Configuration file does not specify default realm -1765328160
"Configuration file does not specify default realm -1765328160" is a Kerberos error message, and likely means that the plugin tried to authenticate to the LDAP server using GSSAPI (Kerberos), but failed due to an authentication issue. It's been a long time since I had much to do with AD, but from what I recall AD generally doesn't like unauthenticated access to the LDAP service component of AD, instead it expects kerberos based authentication. Your controller is likely looking for the kerberos configuration in /etc/krb5.conf. There's an example of someone trying to configure the configuration for AD on the Red Hat access.redhat.com forums which may be of help: https://access.redhat.com/discussions/3479491 . I don't expect you to need to join the controller to the domain, but you do need to tell it enough information for it to contact the KDC service, so that it can authenticate and obtain a TGT.
Mark
-- Mark Chappell
Senior Principal Systems Engineer, Red Hat GmbH
Senior Principal Systems Engineer, Red Hat GmbH
Sitz: Werner von Siemens Ring 12, D-85630 Grasbrunn
Handelsregister: Amtsgericht München, HRB 153243,
Geschäftsführer: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
Reply all
Reply to author
Forward
0 new messages