I should have perhaps made it clear that you'll need to know and use the full domain name, rather than the netbios name so instead of user@MAIN it probably needs to be something like u...@main.yourdomain.com or such.
Ask your administrators for the primary and secondary domain controller names of the domain or domains you need to connect to. One other thing, you'll need to make sure your ansible controller clock is pretty close to synchronised with your domain controllers, otherwise you'll get 'clock skew too great' messages instead of authorising. Hope this helps. Jon On Thursday, August 13, 2015 at 8:22:04 PM UTC+1, Dan Swartz wrote: > > In fact I did not have pykerberos installed! I had tried installing awhile > ago via "pip install kerberos" (no "py") to no avail, and, at some point > installed libkrb5-dev, thinking it would suffice. Well, TIL! > Incidentally, now that I have that installed and have run the kinit > command, I am at least getting more meaningful error messages like > GSSError:...Cannot find KDC for realm "MAIN", which is much better. > I think I can take it from here. Just need to get more info from my > company about how to configure my machine to talk to its infrastructure. > Thanks a bunch! > > On Thursday, August 13, 2015 at 1:13:06 PM UTC-4, J Hawkesworth wrote: >> >> I think you need to set up your ansible controller as a kerberos client. >> Your ansible box needs to know how to talk to your windows domain >> controllers. Assuming you have pykerberos installed, you probably already >> have the command line kerberos tools installed. >> >> I suggest you configure your /etc/krb5.conf so that your domain is listed >> and your domain controllers are listed too. Once that's done you can >> probably test ansible connection again or try the command line like this >> >> kinit domai...@fully.qualified.domain.name >> >> Note that the domain name needs to be in upper case >> >> You can use klist to show if you have any kerberos credentials cached. >> Hope that's enough to get you started >> >> Jon >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/56c7111f-0834-454c-a7b6-e101a53d1029%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
