No Kerberos credentials available'

786 views
Skip to first unread message

ken.k...@gmail.com

unread,
Apr 23, 2015, 1:46:14 PM4/23/15
to ansible...@googlegroups.com
I'm running ansible against a windows host for testing purposes.  I can get pywinrm working against the host but when I attempt using either a domain account or an account local to the windows host specified in my ansible/hosts file I receive the error specified below.  Any help or explanation would be appreciated thank you in advance.  

Centos: 7
Version: ansible 1.9.0.1

 
/etc/ansible/hosts

[windows]
corpigs8471b
#ntdvwqwebpcp02b

[windows:vars]
ansible_connection=winrm
ansible_ssh_user=user...@domain.fqdn.net
ansible_ssh_pass=***************
ansible_ssh_port=5986

[root@corpigs8471b ansible]# ansible windows -m setup
corpigs8471b | FAILED => Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 582, in _executor
    exec_rc = self._executor_internal(host, new_stdin)
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 785, in _executor_internal
    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 960, in _executor_internal_inner
    conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host)
  File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, in connect
    self.active = conn.connect()
  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 147, in connect
    self.protocol = self._winrm_connect()
  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 101, in _winrm_connect
    protocol.send_message('')
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 173, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 195, in send_message
    krb_ticket = KerberosTicket(self.krb_service)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 147, in __init__
    kerberos.authGSSClientStep(krb_context, '')
GSSError: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('No Kerberos credentials available', -1765328243))




Jonathan Sabo

unread,
Apr 23, 2015, 2:18:11 PM4/23/15
to ansible...@googlegroups.com

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f4518e73-f551-45dc-86d2-77a547589c36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

ken.k...@gmail.com

unread,
Apr 27, 2015, 12:29:53 PM4/27/15
to ansible...@googlegroups.com

Thank you. How do I upgrade to this version?  
pip install -Iv ansible==10.6.6.4 --upgrade

Or is it best just to upgrade the two files specified in the release.

On Thursday, April 23, 2015 at 12:46:14 PM UTC-5, ken.k...@gmail.com wrote:
I'm running ansible against a windows host for testing purposes.  I can get pywinrm working against the host but when I attempt using either a domain account or an account local to the windows host specified in my ansible/hosts file I receive the error specified below.  Any help or explanation would be appreciated thank you in advance.  

Centos: 7
Version: ansible 1.9.0.1

 
/etc/ansible/hosts

[windows]
corpigs8471b
#ntdvwqwebpcp02b

[windows:vars]
ansible_connection=winrm
ansible_ssh_user=username@domain.fqdn.net
ansible_ssh_pass=***************
ansible_ssh_port=5986

ken.k...@gmail.com

unread,
Apr 27, 2015, 12:37:50 PM4/27/15
to ansible...@googlegroups.com

Think this has the correct version
1.9.1-0.1.rc1 has it is there a release candidate you recommend


On Thursday, April 23, 2015 at 12:46:14 PM UTC-5, ken.k...@gmail.com wrote:
I'm running ansible against a windows host for testing purposes.  I can get pywinrm working against the host but when I attempt using either a domain account or an account local to the windows host specified in my ansible/hosts file I receive the error specified below.  Any help or explanation would be appreciated thank you in advance.  

Centos: 7
Version: ansible 1.9.0.1

 
/etc/ansible/hosts

[windows]
corpigs8471b
#ntdvwqwebpcp02b

[windows:vars]
ansible_connection=winrm
ansible_ssh_user=username@domain.fqdn.net
ansible_ssh_pass=***************
ansible_ssh_port=5986

ken.k...@gmail.com

unread,
Apr 27, 2015, 1:22:49 PM4/27/15
to ansible...@googlegroups.com
As a note I grabbed just those 2 files and updated them and receive the same error.
Thanks.
I am going to try the full latest release today if I can but having an issue grabbing it from git. We are behind a proxy and git does not appear to work well with cntlm. Going to try pip instead.  

ken.k...@gmail.com

unread,
Apr 27, 2015, 2:55:45 PM4/27/15
to ansible...@googlegroups.com

I downloaded the lastest version and did a source./env-setup
Now when I run ansible --version I receive

ansible --version
ansible 2.0.0
  lib/ansible/modules/core:  not found - use git submodule update --init lib/ansible/modules/core
  lib/ansible/modules/extras:  not found - use git submodule update --init lib/ansible/modules/extras
  v2/ansible/modules/core:  not found - use git submodule update --init v2/ansible/modules/core
  v2/ansible/modules/extras:  not found - use git submodule update --init v2/ansible/modules/extras
  configured module search path = None


I still receive the kerberose error message.

On Thursday, April 23, 2015 at 12:46:14 PM UTC-5, ken.k...@gmail.com wrote:
I'm running ansible against a windows host for testing purposes.  I can get pywinrm working against the host but when I attempt using either a domain account or an account local to the windows host specified in my ansible/hosts file I receive the error specified below.  Any help or explanation would be appreciated thank you in advance.  

Centos: 7
Version: ansible 1.9.0.1

 
/etc/ansible/hosts

[windows]
corpigs8471b
#ntdvwqwebpcp02b

[windows:vars]
ansible_connection=winrm
ansible_ssh_user=username@domain.fqdn.net
ansible_ssh_pass=***************
ansible_ssh_port=5986

ken.k...@gmail.com

unread,
Apr 29, 2015, 10:54:17 AM4/29/15
to ansible...@googlegroups.com

With the latest version I can get this to work with local machine credentials but not ldap.

Kenneth Krog

unread,
Apr 30, 2015, 9:34:08 PM4/30/15
to ansible...@googlegroups.com
As a note I've updated to version 2.0 and  I'm using local credentials now and avoiding the ldap issue. If I get it to work I'll post back here.

On Wed, Apr 29, 2015 at 9:54 AM, <ken.k...@gmail.com> wrote:

With the latest version I can get this to work with local machine credentials but not ldap.


On Monday, April 27, 2015 at 1:55:45 PM UTC-5, ken.k...@gmail.com wrote:

I downloaded the lastest version and did a source./env-setup
Now when I run ansible --version I receive

ansible --version
ansible 2.0.0
  lib/ansible/modules/core:  not found - use git submodule update --init lib/ansible/modules/core
  lib/ansible/modules/extras:  not found - use git submodule update --init lib/ansible/modules/extras
  v2/ansible/modules/core:  not found - use git submodule update --init v2/ansible/modules/core
  v2/ansible/modules/extras:  not found - use git submodule update --init v2/ansible/modules/extras
  configured module search path = None


I still receive the kerberose error message.

On Thursday, April 23, 2015 at 12:46:14 PM UTC-5, ken.k...@gmail.com wrote:
I'm running ansible against a windows host for testing purposes.  I can get pywinrm working against the host but when I attempt using either a domain account or an account local to the windows host specified in my ansible/hosts file I receive the error specified below.  Any help or explanation would be appreciated thank you in advance.  

Centos: 7
Version: ansible 1.9.0.1

 
/etc/ansible/hosts

[windows]
corpigs8471b
#ntdvwqwebpcp02b

[windows:vars]
ansible_connection=winrm
ansible_ssh_user=user...@domain.fqdn.net
ansible_ssh_pass=***************
ansible_ssh_port=5986

[root@corpigs8471b ansible]# ansible windows -m setup
corpigs8471b | FAILED => Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 582, in _executor
    exec_rc = self._executor_internal(host, new_stdin)
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 785, in _executor_internal
    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 960, in _executor_internal_inner
    conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host)
  File "/usr/lib/python2.7/site-packages/ansible/runner/connection.py", line 52, in connect
    self.active = conn.connect()
  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 147, in connect
    self.protocol = self._winrm_connect()
  File "/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py", line 101, in _winrm_connect
    protocol.send_message('')
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 173, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 195, in send_message
    krb_ticket = KerberosTicket(self.krb_service)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 147, in __init__
    kerberos.authGSSClientStep(krb_context, '')
GSSError: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('No Kerberos credentials available', -1765328243))




--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/nuBN0JvCJos/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.

To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/434ef3b5-7cc8-43f4-8a4d-7bbfc9c827f7%40googlegroups.com.

J Hawkesworth

unread,
May 1, 2015, 1:20:12 PM5/1/15
to ansible...@googlegroups.com
Hi,

If you want to use domain accounts, by the looks of things you probably need to set up your controller so it is a kerberos client and can acquire the credentials needed in order to connect via kerberos.

I suggest searching for 'kerberos client setup' for your controller platform.

Its probably a case of installing krb5-workstation and then configuring the /etc/krb5.conf file so kerberos knows where your domain controllers are.

Usually you can test by running 

kinit user@DOMAIN

(in my experience DOMAIN has to be in upper case).

Hope this helps,

Jon
Reply all
Reply to author
Forward
0 new messages