how to force ansible to use http + kerberos (error WINRM CONNECTION ERROR: 401 Unauthorized.)

ansible winrm
6,002

If you have installed the kerberos module and ansible_user contains @ (e.g. username@realm), Ansible will first attempt Kerberos authentication. This method uses the principal you are authenticated to Kerberos with on the control machine and not ansible_user. If that fails, either because you are not signed into Kerberos on the control machine or because the corresponding domain account on the remote host is not available, then Ansible will fall back to “plain” username/password authentication. ~Ansible Windows Introduction

$ cat ansible/group_vars/os-windows.yml
# <user>@<realm> means use principal in krb5cc, name here doesn't matter
ansible_ssh_user: use@KERBEROS
ansible_ssh_port: 5985
ansible_connection: winrm

$ ansible host.ad.example.com -m win_ping -o
host.ad.example.com | success >> {"changed": false, "ping": "pong"}
Share:
6,002

Related videos on Youtube

Jayan
Author by

Jayan

http://stackoverflow.com/search?q=user%3a54506&amp;tab=votes

Updated on September 18, 2022

Comments

  • Jayan
    Jayan over 1 year

    I am configuring ansible (CentOS 6.7) to connnect to windows machine using http, winRM and kerberos

    From the /etc/ansible/host file

    [training]
machinename:5985

    I have set host specific yaml file

    ansible_winrm_scheme: http
ansible_port: 5985
ansible_connection: winrm

    Then, following command 

     ansible machinename -m win_ping -vvvv

    errors with following

    <machinename > ESTABLISH WINRM CONNECTION FOR USER: jnambood on PORT 5985 TO machinename 
<machinename > WINRM CONNECT: transport=plaintext endpoint=http://machinename :5985/wsman
<machinename > WINRM CONNECTION ERROR: 401 Unauthorized.


<machinename > WINRM CONNECT: transport=plaintext endpoint=https://machinename :5985/wsman
<machinename > WINRM CONNECTION ERROR: 500 WinRMTransport. [Errno 1] _ssl.c:492: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
machinename  | FAILED => 500 WinRMTransport. [Errno 1] _ssl.c:492: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

    Ansible tried to http, got 401 error. How can I fix it?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Ansible WinRM: Bails out with "[Errno 111] Connection refused"
How to pass multiple values to "with_items" through ad-hoc command?
Is there a Ansible function to convert date string to epoch?
strip quotes from a variable in Ansible
Why does this ansible's conditional check keeps failing?
Create set_fact variables in one role and use them in an other
Ansible to generate random passwords automatically for users
Set forks for one task in ansible playbook
Ansible best practice do not repeat common role
Dealing with a password with special characters in Ansible