Windows domain account using Kerberos

[Jugal Porwal]

Hi,

I want to access my windows machine using the domain account. I installed kerberos on my control node (centos) . And configured the krb5.conf as follows :

[realms]
    MYDOMAIN.COM = {
        kdc = my-domain-controller.com
    }

[domain_realm]
    .mydomain.com = MYDOMAIN.COM

In my windows.yml file i have the following details :

ansible_ssh_user: 'Admini...@MYDOMAIN.COM'
ansible_ssh_pass: 'mypassword'
ansible_ssh_port: '5986'
ansible_connection: 'winrm'

When i run the command kinit Admini...@MYDOMAIN.COM it prompts for the password but does nothing after i enter it. It just accepts it and moves on.
When i tried to ping my windows machine it returns the following error

Loaded callback minimal of type stdout, v2.0
<windowsip> ESTABLISH WINRM CONNECTION FOR USER: Admini...@MYDOMAIN.COM on PORT 5986 TO windowsip
windowsip | FAILED! => {
    "failed": true, 
    "msg": "ERROR! plaintext: 401 Unauthorized. basic auth failed"
}

What is the issue here? Is there some more configuration that i  need to do ? Like a certificate or sumthing on the windows machine?

Regards
Jugal Porwal

[J Hawkesworth]

I think you probably just need to acquire a kerberos ticket.  

Unless you have things set up so that you can log in to your ansible controller as a user on your domain, you won't have a kerberos ticket (which is what lets you access the machines on your domain as a specific user).

I suggest you attempt to test that you can acquire a kerberos ticket as described here: http://docs.ansible.com/ansible/intro_windows.html#testing-a-kerberos-connection

If you have further problems, try the troubleshooting tips here: http://docs.ansible.com/ansible/intro_windows.html#troubleshooting-kerberos-connections

Jon