Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
CrazyKing2020-11-02 00:11:19
Ansible
CrazyKing, 2020-11-02 00:11:19

How to use domain accounts in ansible?

For example, I want to ping a Windows server.
There is a hosts file:

[servers]
tmagent24 ansible_host=10.22.41.220

[servers:vars]
ansible_user=ansible
[email protected]
ansible_connection=winrm
ansible_port=5986
ansible_winrm_server_cert_validation=ignore


and playbook (playbook.yml):
---
- name: Test connection
  hosts: servers

  tasks:  
  - name: Ping
    win_ping:


I do :
ansible-playbook playbook.yml
If you use the "ansible" account, it is locally on the server in the administrators group, then everything goes fine.
I'm trying to do the same with a domain account, it is also on the server in the administrators group, for example
ansible_user=corp\test

I get in response:
tmagent24 | UNREACHABLE! => {
    "changed": false,
    "msg": "ssl: the specified credentials were rejected by the server",
    "unreachable": true
}


Tell me, is it possible to use a domain account? Maybe I'm doing something wrong.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
CrazyKing, 2020-11-02
@CrazyKing

Naryl about kerberos, like what you need.
Added: ansible_winrm_transport= kerberos
Changed port: ansible_port=5985
Downloaded from repository, corrected krb2.conf config:

[realms]
   	CORP.LOC = {
        		kdc = dc.CORP.LOC
    kdc = dc.CORP.LOC
    default_domain = CORP.LOC
   	}

[domain_realm]
  .corp.loc = CORP.LOC
  corp.loc = CORP.LOC

But it didn't get much easier, I get the following error:
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
fatal: [tmagent24]: UNREACHABLE! => {"changed": false, "msg": "kerberos: authGSSClientStep() failed: (('Unspecified GSS failure.  Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))", "unreachable": true}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
tmagent24                  : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Similar questions
L
linux0id172018-03-08 20:34:25
How to add users to make it convenient to transfer files between servers? 4Reply
U
Username2021-07-31 21:16:53
How to replace or paste text into a file in Ansible? 3Reply
X
xp1eo2020-05-26 19:35:24
Checking a filename for a timestamp and what to do next? 3Reply
K
karibskii_koks2018-06-20 13:29:46
How to increase Ansible's sh run output timeout? 1Reply
R
Roman Sokolov2021-09-28 09:54:27
How to install dependencies in AWX project? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question