Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
CrazyKing2020-11-02 00:11:19
Ansible
CrazyKing, 2020-11-02 00:11:19

How to use domain accounts in ansible?

For example, I want to ping a Windows server.
There is a hosts file:

[servers]
tmagent24 ansible_host=10.22.41.220

[servers:vars]
ansible_user=ansible
[email protected]
ansible_connection=winrm
ansible_port=5986
ansible_winrm_server_cert_validation=ignore


and playbook (playbook.yml):
---
- name: Test connection
  hosts: servers

  tasks:  
  - name: Ping
    win_ping:


I do :
ansible-playbook playbook.yml
If you use the "ansible" account, it is locally on the server in the administrators group, then everything goes fine.
I'm trying to do the same with a domain account, it is also on the server in the administrators group, for example
ansible_user=corp\test

I get in response:
tmagent24 | UNREACHABLE! => {
    "changed": false,
    "msg": "ssl: the specified credentials were rejected by the server",
    "unreachable": true
}


Tell me, is it possible to use a domain account? Maybe I'm doing something wrong.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
CrazyKing, 2020-11-02
@CrazyKing

Naryl about kerberos, like what you need.
Added: ansible_winrm_transport= kerberos
Changed port: ansible_port=5985
Downloaded from repository, corrected krb2.conf config:

[realms]
   	CORP.LOC = {
        		kdc = dc.CORP.LOC
    kdc = dc.CORP.LOC
    default_domain = CORP.LOC
   	}

[domain_realm]
  .corp.loc = CORP.LOC
  corp.loc = CORP.LOC

But it didn't get much easier, I get the following error:
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
fatal: [tmagent24]: UNREACHABLE! => {"changed": false, "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))", "unreachable": true}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
tmagent24                  : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Similar questions
A
Anatoly Gruzdev2022-04-15 09:05:30
How to set a condition in a playbook (Ansible)? 1Reply
M
Mika Slepinin2016-10-31 16:16:33
Is there a playbook generator, or a set of templates for all cases for Ansible? 2Reply
M
Mika Slepinin2016-11-17 18:35:53
Ansible - how best to organize work with ssh keys? 1Reply
M
Mika Slepinin2016-11-22 18:33:42
How to run only one Ansible role? 4Reply
M
Mika Slepinin2016-11-29 15:36:42
How to make Ansible work with local ip - addresses when connected via VPN? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question