Thanks again, Jon. I actually did infer that that's what you meant by F.Q.D.N. but it does warrant explicit mention.
On Fri, Aug 14, 2015 at 11:24 AM, J Hawkesworth < [email protected]> wrote: > I should have perhaps made it clear that you'll need to know and use the > full domain name, rather than the netbios name so instead of user@MAIN > it probably needs to be something like [email protected] or such. > > Ask your administrators for the primary and secondary domain controller > names of the domain or domains you need to connect to. > > One other thing, you'll need to make sure your ansible controller clock is > pretty close to synchronised with your domain controllers, otherwise you'll > get 'clock skew too great' messages instead of authorising. > > Hope this helps. > > Jon > > > On Thursday, August 13, 2015 at 8:22:04 PM UTC+1, Dan Swartz wrote: >> >> In fact I did not have pykerberos installed! I had tried installing >> awhile ago via "pip install kerberos" (no "py") to no avail, and, at some >> point installed libkrb5-dev, thinking it would suffice. Well, TIL! >> Incidentally, now that I have that installed and have run the kinit >> command, I am at least getting more meaningful error messages like >> GSSError:...Cannot find KDC for realm "MAIN", which is much better. >> I think I can take it from here. Just need to get more info from my >> company about how to configure my machine to talk to its infrastructure. >> Thanks a bunch! >> >> On Thursday, August 13, 2015 at 1:13:06 PM UTC-4, J Hawkesworth wrote: >>> >>> I think you need to set up your ansible controller as a kerberos >>> client. Your ansible box needs to know how to talk to your windows domain >>> controllers. Assuming you have pykerberos installed, you probably already >>> have the command line kerberos tools installed. >>> >>> I suggest you configure your /etc/krb5.conf so that your domain is >>> listed and your domain controllers are listed too. Once that's done you can >>> probably test ansible connection again or try the command line like this >>> >>> kinit [email protected] >>> >>> Note that the domain name needs to be in upper case >>> >>> You can use klist to show if you have any kerberos credentials cached. >>> Hope that's enough to get you started >>> >>> Jon >>> >>> -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/qQWolj-MgDo/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/56c7111f-0834-454c-a7b6-e101a53d1029%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/56c7111f-0834-454c-a7b6-e101a53d1029%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALhZqx5qLywKAdmWOezzsW3-1QUJZWfcBRfRx3AOenEuqJyu_Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
