Hello Jordan,
Yes, it was me, I didn't know I should post here (searching for help lead
me to the github page multiple times)
So i did as you suggested (have to say i tried it before) but i have
another error, which confused me even more:
ansible windows -m win_ping -vvvv
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path =
[u'/nfs/site/home/sys_ansible/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from
/usr/lib/python2.7/dist-packages/ansible/plugins/callback/__init__.pyc
META: ran handlers
Using module file
/usr/lib/python2.7/dist-packages/ansible/modules/windows/win_ping.ps1
<hasjrwts01.ger.corp.company.com> ESTABLISH WINRM CONNECTION FOR USER:
sys_ansible @ GER.CORP.COMPANY.COM on PORT 5986 TO
hasjrwts01.ger.corp.company.com
hasjrwts01.ger.corp.company.com | UNREACHABLE! => {
"changed": false,
"msg": "kerberos: requested auth method is kerberos, but
requests_kerberos is not installed",
"unreachable": true
}
$ klist
Ticket cache: FILE:/tmp/krb5cc_30254
Default principal: sys_ansible @ GER.CORP.COMPANY.COM
Valid starting Expires Service principal
01/07/2018 23:14:46 01/08/2018 09:14:41 krbtgt/GER.CORP.COMPANY.COM @
GER.CORP.COMPANY.COM
renew until 02/06/2018 23:14:41
while checking the pip list:
$pip install requests_kerberos
Requirement already satisfied (use --upgrade to upgrade): requests_kerberos
in /usr/local/lib/python2.7/dist-packages
Cleaning up...
$ pip list |grep -i kerb
kerberos (1.2.5)
pykerberos (1.2.1)
*requests-kerberos (0.12.0)*
I'm not sure how i get there...
Any other advice?
Thank you for your time!
On Sunday, January 7, 2018 at 10:58:30 PM UTC+2, Jordan Borean wrote:
>
> I believe https://github.com/ansible/ansible/issues/34552 may be from
> yourself as well, I'll post my response here to go into a bit more detail.
>
> By default, the winrm connector inside Ansible uses basic auth as the
> transport authentication mechanism. You can see this happening as your
> error message says
>
> "msg": "ssl: the specified credentials were rejected by the server",
>
>
> Due to the way that pywinrm was originally written, "ssl" means that basic
> auth over HTTPS was done and we can't change this without breaking various
> people's playbooks that may rely on this behaviour. When specifying an
> ansible_user in the UPN format (username@REALM), the Ansible code picks
> this up as you want to authenticate with a domain account and will
> automatically change the selected auth mechanism from "ssl" to "kerberos"
> so theoretically all you need to do is change your username to use the UPN
> format, e.g. set *ansible_user: sys_a...@ger.corp.company.com
> <javascript:> *in your inventory.
>
> I prefer to take it a step further where you explicitly state what auth
> you want to use to avoid default behaviour like this from occuring, you can
> do this by setting *ansible_winrm_transport: kerberos*. When this is set
> you can keep the username in the current format and the underlying
> libraries will parse it for you. Ultimately what I would personally do is
> set your group_vars to be
>
> ansible_user: sys_ansi...@ger.corp.company.com
> ansible_password: "password"
> ansible_port: 5986
> ansible_connection: winrm
> ansible_winrm_transport: kerberos
> ansible_winrm_scheme: https
> ansible_winrm_server_cert_validation: ignore
>
>
> Thanks
>
> Jordan
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/34f23d01-128d-4538-8603-58bc36b12cba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
