Hi.
Am facing some authentication issues when i run ansible all -m win_ping. Response - 10.67.104.45 | UNREACHABLE! => {
“changed”: false,
“msg”: “basic: the specified credentials were rejected by the server”,
“unreachable”: true
}
The user which am trying to connect is administrator user. I followed some steps to add user and change the permissions using
winrm configSDDL default, but no luck.
Am using basic authentication.
Am new to Linux , i would appreciate if i get any help on this.
This basically means server rejecting the login. If you have firewall at windows server then allow Linux server to communicate.
With Regards,
Dinesh Singh
Email - dineshpmv06@gmail.com
Also enable remote execution policy on your windows server.
With Regards,
Dinesh Singh
Email - dineshpmv06@gmail.com
which option should i enable? winrm is allowed and no such specific options for linux.
Follow this once and see if it works
https://www.ansible.com/blog/connecting-to-a-windows-host
With Regards,
Dinesh Singh
Email - dineshpmv06@gmail.com
Execution policy has set to Unrestricted (Using Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force), still the same.
I followed this article and also ansible windows doc.
There is a PS script which will set required winrm settings (auth to basic). You need to run that script on windows host.
Setting the execution policy or firewall is unrelated to authentication failures. If you really want to use Basic auth make sure you have run the following to enable it on the WIndows host;
`
Set-Item -Path WSMan:\localhost\Service\Auth\Basic -Value True
`
You can verify what have been enabled and disabled by running ‘winrm get winrm/config/service’. By default Basic auth is not enabled for security reasons.
Thanks
Jordan
I forgot to mention that running over http (like you are) for basic auth will only work if you have disabled message encryption on the Windows host. Do not do this, do something sane like running over https or use an authentication option that supports message encryption like Kerberos or NTLM.
I did that. Am getting some certificate related errors.
I just checked the connection with other windows power shell as follows.
PS C:\Users\sindhu.p> winrs -r:https://ipaddress:5986/wsman -u:username -p:password ipconfig
Error :
Winrs error:The server certificate on the destination computer (10.67.104.45:5986) has the following errors:
The SSL certificate is signed by an unknown certificate authority.
The SSL certificate contains a common name (CN) that does not match the hostname.
Am trying for https.
Power shell basic script as follows
$url = “https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1”
$file = “$env:temp\ConfigureRemotingForAnsible.ps1”
$username = “username”
$password = "password "
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force
$browser = New-Object System.Net.WebClient
$browser.Proxy.Credentials =[System.Net.CredentialCache]::DefaultNetworkCredentials
$browser.DownloadFile($url, $file)
#&$file -Version 3.0 -Username $username -Password $password -Verbose
#(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file
Setting up a listener :
$selector_set = @{
Address = “*”
Transport = “HTTPS”
}
$value_set = @{
CertificateThumbprint = “EF39ECD8A40F83ACC2BE85D95303EED2EB7DCE5C”
}
New-WSManInstance -ResourceURI “winrm/config/Listener” -SelectorSet $selector_set -ValueSet $value_set
And i followed the steps mention here :
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#host-requirements.
I did that. Am getting some certificate related errors.
I just checked the connection with other windows power shell as follows.
PS C:\Users\sindhu.p> winrs -r:https://ipaddress:5986/wsman -u:username -p:password ipconfig
Error :
Winrs error:The server certificate on the destination computer (10.67.104.45:5986) has the following errors:
The SSL certificate is signed by an unknown certificate authority.
The SSL certificate contains a common name (CN) that does not match the hostname.
How to connect windows client without using user name and password, in linux we can have certificate for password less authentication. How can i achieve the same with windows client?
After seeing your suggestion, tried with Kerberos and NTLM
This is what i see
10.67.104.45 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 51: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/root/.ansible/cp/966bc611a0" does not exist\r\ndebug2: resolving "10.67.104.45" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to 10.67.104.45 [10.67.104.45] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: connect to address 10.67.104.45 port 22: Connection timed out\r\nssh: connect to host 10.67.104.45 port 22: Connection timed out\r\n”,
“unreachable”: true
}
I must be missing something, please guide me where exactly going wrong.