Managing windows using an domain admin user

[Michele Viviani]

Hi,

I was able to setup ansible to manage a Windows host, following the docs and using the local admin user "Administrator".

All Windows are managed by AD and I would like to use a Service account that exists in all my Windows VM.

Which is the correct settings to put into the groups_var\windows.yml file?

I've tried several combinations, with no luck. 

Here my file and the error I got 

----------

[root@ansible_control group_vars]# cat windows.yml

ansible_ssh_user: UGFIDOMAIN\alladmin

ansible_ssh_pass: dummy_for_test

ansible_ssh_port: 5986

ansible_connection: winrm

[root@ansible_control group_vars]#

-----------

[root@ansible_control group_vars]# ansible windows -m win_ping -vvvv

 [WARNING]: The version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. If possible, you should update

it (i.e. yum update gmp).

<10.229.212.242> ESTABLISH WINRM CONNECTION FOR USER: UGFIDOMAIN\alladmin on PORT 5986 TO 10.10.212.242

<10.229.212.242> WINRM CONNECT: transport=plaintext endpoint=https://10.10.212.242:5986/wsman

<10.229.212.242> WINRM CONNECTION ERROR: 401 Unauthorized. basic auth failed

<10.229.212.242> WINRM CONNECT: transport=plaintext endpoint=http://10.10.212.242:5986/wsman

<10.229.212.242> WINRM CONNECTION ERROR: 500 WinRMTransport. [Errno 104] Connection reset by peer

10.229.212.242 | FAILED => 500 WinRMTransport. [Errno 104] Connection reset by peer

[ro

Thanks,

Mike

[J Hawkesworth]

Hello,

You need to use

user...@FULL.DOMAIN.NAME

Also make sure you have installed kerberos and configured your ansible controller as a kerberos client.

Depending on how you set things up, you may need to acquire a kerberos ticket by running

kinit user...@FULL.DOMAIN.NAME

before running your playbook.

You can test if you have got a kerberos ticket by running

klist

Hope this helps,

Jon