Use kerberos error

[Tong Le]

error:

<10.10.11.48> ESTABLISH WINRM CONNECTION FOR USER:  on PORT 5986 TO 10.10.11.48

<10.10.11.48> WINRM CONNECT: transport=kerberos endpoint=https://10.10.11.48:5986/wsman

10.10.11.48 | FAILED => Traceback (most recent call last):

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 582, in _executor

    exec_rc = self._executor_internal(host, new_stdin)

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 785, in _executor_internal

    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)

  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 964, in _executor_internal_inner

    conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host)

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, in connect

    self.active = conn.connect()

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 140, in connect

    self.protocol = self._winrm_connect()

  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 96, in _winrm_connect

    protocol.send_message('')

  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 190, in send_message

    return self.transport.send_message(message)

  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 219, in send_message

    krb_ticket = KerberosTicket(self.krb_service)

  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 166, in __init__

    kerberos.authGSSClientStep(krb_context, '')

GSSError: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))

--

kinit Success.

[root@localhost home]# klist

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: x...@LETO.ME

Valid starting       Expires              Service principal

08/15/2015 00:54:21  08/15/2015 10:54:21  krbtgt/LET...@LETO.ME

renew until 08/16/2015 00:54:19

--

ansible_ssh_user: x...@LETO.ME

ansible_ssh_pass: ********

ansible_ssh_port: 5986

ansible_connection: winrm

--

#/etc/krb5.conf

[libdefaults]

 dns_lookup_realm = false

 dns_lookup_kdc = false

 forwardable = true

 default_realm = LETO.ME

[realms]

 LETO.ME = {

  kdc = 10.10.11.21:88

  default_domain = LETO.ME

 }

[domain_realm]

 .leto.me = LETO.ME

---

I went wrong? thanks

[J Hawkesworth]

I think you need to use machine and domain names, rather than just using ip addresses.

Kerberos depends on both forward and reverse dns lookups to work.

You can check using ping to find ip of a host name and nslookup to find host name using ip.

Hope this helps