how to force ansible to use http + kerberos (error WINRM CONNECTION ERROR: 401 Unauthorized.)
If you have installed the kerberos module and ansible_user contains @ (e.g. username@realm), Ansible will first attempt Kerberos authentication. This method uses the principal you are authenticated to Kerberos with on the control machine and not
ansible_user
. If that fails, either because you are not signed into Kerberos on the control machine or because the corresponding domain account on the remote host is not available, then Ansible will fall back to “plain” username/password authentication. ~Ansible Windows Introduction
$ cat ansible/group_vars/os-windows.yml
# <user>@<realm> means use principal in krb5cc, name here doesn't matter
ansible_ssh_user: use@KERBEROS
ansible_ssh_port: 5985
ansible_connection: winrm
$ ansible host.ad.example.com -m win_ping -o
host.ad.example.com | success >> {"changed": false, "ping": "pong"}
Related videos on Youtube
Jayan
http://stackoverflow.com/search?q=user%3a54506&tab=votes
Updated on September 18, 2022Comments
-
Jayan over 1 year
I am configuring ansible (CentOS 6.7) to connnect to windows machine using http, winRM and kerberos
From the
/etc/ansible/host
file[training] machinename:5985
I have set host specific yaml file
ansible_winrm_scheme: http ansible_port: 5985 ansible_connection: winrm
Then, following command
ansible machinename -m win_ping -vvvv
errors with following
<machinename > ESTABLISH WINRM CONNECTION FOR USER: jnambood on PORT 5985 TO machinename <machinename > WINRM CONNECT: transport=plaintext endpoint=http://machinename :5985/wsman <machinename > WINRM CONNECTION ERROR: 401 Unauthorized. <machinename > WINRM CONNECT: transport=plaintext endpoint=https://machinename :5985/wsman <machinename > WINRM CONNECTION ERROR: 500 WinRMTransport. [Errno 1] _ssl.c:492: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol machinename | FAILED => 500 WinRMTransport. [Errno 1] _ssl.c:492: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Ansible tried to http, got 401 error. How can I fix it?