failing while connecting to Windows using AD credentials

[Nergalgreed Es]

Hello all.

I am a ansible Rookie. I am trying to setup ansible to manage Windows machines. but i got some issues. here I will share some information about my system and my configuration.

I hope you can help me.

Thank you.

linux machine

Python 2.7.5

REDHAT_SUPPORT_PRODUCT_VERSION="7.1"

Red Hat Enterprise Linux Server release 7.1 (Maipo)

kerberos 1.14.1

ansible 2.2.1.0

kerberos configuration

/etc/krb5.conf.d/

[logging]

 default = FILE:/var/log/krb5libs.log

 kdc = FILE:/var/log/krb5kdc.log

 admin_server = FILE:/var/log/kadmind.log

[libdefaults]

 dns_lookup_realm = true

 ticket_lifetime = 24h

 renew_lifetime = 7d

 forwardable = true

 rdns = false

# default_realm = EXAMPLE.COM

 default_ccache_name = KEYRING:persistent:%{uid}

[realms]

STT.COM = {

kdc = myserver.stt.com

}

[domain_realm]

.stt.com = STT.COM

when I run kinit the folloing error appeard

# kinit -C myu...@STT.COM

kinit: Cannot contact any KDC for realm 'STT.COM' while getting initial credential

ansible files

group_vars/winndoes.yml

ansible_user: myu...@STT.COM

ansible_password: mypas

ansible_port: 5985

ansible_winrm_transport: kerberos

ansible_winrm_server_cert_validation: ignore

on my windows machine I executed the following command

@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://github.com/ansible/ansible/raw/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))"

when I run the following commnad ansible winnodes -i winhosts -m win_ping

I got this

ansible winnodes -i winhosts -m win_ping

[Jordan Borean]

I can't see the output of your execution with Ansible but your main issue is around the error message you get when running kinit with your domain account. It is unable to get the Kerberos ticket for your user as it can't connect to your domain/realm. You will need to solve this issue first if you want to use Kerberos auth with Ansible but that is outside the scope of Ansible.

Once you resolve that it would be highly recommended to change the ansible_port to 5986 so it is run over HTTPS and your messages are encrypted. If you don't change this Ansible will probably fail as Windows by default doesn't allow un-encrypted messages to be sent to it.