Hello Jordan, Yes, it was me, I didn't know I should post here (searching for help lead me to the github page multiple times) So i did as you suggested (have to say i tried it before) but i have another error, which confused me even more:
ansible windows -m win_ping -vvvv ansible 2.4.2.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/nfs/site/home/sys_ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/dist-packages/ansible executable location = /usr/bin/ansible python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4] Using /etc/ansible/ansible.cfg as config file setting up inventory plugins Parsed /etc/ansible/hosts inventory source with ini plugin Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/__init__.pyc META: ran handlers Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_ping.ps1 <hasjrwts01.ger.corp.company.com> ESTABLISH WINRM CONNECTION FOR USER: sys_ansible @ GER.CORP.COMPANY.COM on PORT 5986 TO hasjrwts01.ger.corp.company.com hasjrwts01.ger.corp.company.com | UNREACHABLE! => { "changed": false, "msg": "kerberos: requested auth method is kerberos, but requests_kerberos is not installed", "unreachable": true } $ klist Ticket cache: FILE:/tmp/krb5cc_30254 Default principal: sys_ansible @ GER.CORP.COMPANY.COM Valid starting Expires Service principal 01/07/2018 23:14:46 01/08/2018 09:14:41 krbtgt/GER.CORP.COMPANY.COM @ GER.CORP.COMPANY.COM renew until 02/06/2018 23:14:41 while checking the pip list: $pip install requests_kerberos Requirement already satisfied (use --upgrade to upgrade): requests_kerberos in /usr/local/lib/python2.7/dist-packages Cleaning up... $ pip list |grep -i kerb kerberos (1.2.5) pykerberos (1.2.1) *requests-kerberos (0.12.0)* I'm not sure how i get there... Any other advice? Thank you for your time! On Sunday, January 7, 2018 at 10:58:30 PM UTC+2, Jordan Borean wrote: > > I believe https://github.com/ansible/ansible/issues/34552 may be from > yourself as well, I'll post my response here to go into a bit more detail. > > By default, the winrm connector inside Ansible uses basic auth as the > transport authentication mechanism. You can see this happening as your > error message says > > "msg": "ssl: the specified credentials were rejected by the server", > > > Due to the way that pywinrm was originally written, "ssl" means that basic > auth over HTTPS was done and we can't change this without breaking various > people's playbooks that may rely on this behaviour. When specifying an > ansible_user in the UPN format (username@REALM), the Ansible code picks > this up as you want to authenticate with a domain account and will > automatically change the selected auth mechanism from "ssl" to "kerberos" > so theoretically all you need to do is change your username to use the UPN > format, e.g. set *ansible_user: sys_a...@ger.corp.company.com > <javascript:> *in your inventory. > > I prefer to take it a step further where you explicitly state what auth > you want to use to avoid default behaviour like this from occuring, you can > do this by setting *ansible_winrm_transport: kerberos*. When this is set > you can keep the username in the current format and the underlying > libraries will parse it for you. Ultimately what I would personally do is > set your group_vars to be > > ansible_user: sys_ansi...@ger.corp.company.com > ansible_password: "password" > ansible_port: 5986 > ansible_connection: winrm > ansible_winrm_transport: kerberos > ansible_winrm_scheme: https > ansible_winrm_server_cert_validation: ignore > > > Thanks > > Jordan > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/34f23d01-128d-4538-8603-58bc36b12cba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.