Trouble connecting to Windows remote node via Kerberos
466 views
Skip to first unread message
skinnedknuckles
May 27, 2016, 12:18:02 PM5/27/16
to Ansible Project
Control Node:
- CentOS 7
- Ansible 2.1
- pywinrm version from May 19th, 2016
Remote Node:
- Windows 7
- Powershell 3
I'm able to connect to my Windows remote node just fine with the powershell setting winrm/config/server/AllowUnencrypted=true. But when I change it to false I get the error below. I'm trying to use Kerberos. What am I doing wrong or how should I diagnose the problem?
No config file found; using defaults
Loaded callback minimal of type stdout, v2.0
<ADS-6999> ESTABLISH WINRM CONNECTION FOR USER: ansibleAdmin on PORT 5986 TO ADS-6999
<ADS-6999> WINRM CONNECT: transport=kerberos endpoint=https://ADS-6999:5986/wsman
<ADS-6999> WINRM CONNECTION ERROR: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('No Kerberos credentials available', -1765328243))
Traceback (most recent call last):
File "/etc/ansible/lib/ansible/plugins/connection/winrm.py", line 134, in _winrm_connect
protocol.send_message('')
File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 193, in send_message
return self.transport.send_message(message)
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 269, in send_message
krb_ticket = KerberosTicket(self.krb_service)
File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 205, in __init__
kerberos.authGSSClientStep(krb_context, '')
GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('No Kerberos credentials available', -1765328243))
ADS-6999 | FAILED! => {
"failed": true,
"msg": "kerberos: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('No Kerberos credentials available', -1765328243))"
}
here is my file from the group_vars direcctory
$ cat windows.yml
---
ansible_user: ansibleAdmin
ansible_password: ********
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_transport: kerberos
ansible_winrm_kerberos_delegation: yes
---
ansible_user: ansibleAdmin
ansible_password: ********
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_transport: kerberos
ansible_winrm_kerberos_delegation: yes
Mike Fennemore
May 31, 2016, 5:37:23 AM5/31/16
to Ansible Project
https://groups.google.com/forum/#!topic/ansible-project/vEl-mrvFkrY
I had a few similar issues, eventually switched from kerberos to ntlm. Using the newer pywinrm seems to work like a charm thus far.
I'm assuming you have configured the krb5.conf and installed the dependencies as per http://docs.ansible.com/ansible/intro_windows.html#active-directory-support .
skinnedknuckles
May 31, 2016, 9:50:57 AM5/31/16
to Ansible Project
Regarding the Ansible Docs page on Installing python-kerberos dependencies, it lists 6 different install procedures. As I understand I only need to run one of these based on my os, not all 6. Is that correct?
Mike Fennemore
May 31, 2016, 12:01:22 PM5/31/16
to Ansible Project
Well you are running Centos 7 so typically you would use yum as your package manager:
# Via Yum
yum -y install python-devel krb5-devel krb5-libs krb5-workstationJust remember to run it using sudo.
Reply all
Reply to author
Forward
0 new messages