Ansible kerberos auth : user account is failing to connect node

Question

Auth has been changed from basics to kerberos and config changes has been made but in the controller. But while executing ping module the command is failing with below error.

Made necessary changes in /etc/krb5.conf controller machine. kinit works with user name

testwinim.NORTHERNGATES.INTERNAL | UNREACHABLE! => {
    "changed": false,
    "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))",
    "unreachable": true
}

ansible -i /home/ansible/hosts win -m win_ping -e="ansible_ssh_port=5986, ansible_connection=winrm" command should give pass response rather getting failed

score 0 · Answer 1 · answered Jul 30 '19 at 12:01

0

Can you try passing the below one also as argument
ansible_winrm_kerberos_delegation: true

answered Jul 30 '19 at 12:01

Smily

2,308
2
17
41

`[win:vars] ansible_user= Ansibleservice@NORTHERNGATES.INTERNAL ansible_password= '27B#$$*(^%' ansible_connection= winrm ansible_winrm_transport= kerberos #ansible_winrm_realm= NORTHERNGATES.INTERNAL ansible_winrm_scheme= http ansible_winrm_server_cert_validation= ignore ansible_port= 5985 #ansible_winrm_kerberos_delegation= yes `--- Tried all the parameters in hosts file still the same error. We`re using **2.7 Ansible version** – Sushena Jul 30 '19 at 12:06

score 0 · Answer 2 · answered Nov 15 '19 at 12:19

0

Solved, Issue was with NTP server where Ansible controller and Domain controller wasnt in sync. Post setting ntpd on the controller and changed to UTC format, Service account and playbooks were working as expected,

answered Nov 15 '19 at 12:19

Sushena

107
3
8

Ansible kerberos auth : user account is failing to connect node

2 Answers2