I have a ansible control box and have configured it to manage windows servers.
Using NTLM it seems to work fine and can join servers to the domain and also can change local group membership, all using NTLM, but my group_vars file contains the domain account and password to join to the domain.
If I move away from NTLM auth and rely solely on kerberos, I have configured my /etc/krb5.conf file with domain details and DC.
When I try to do a basic test using win_ping, I get the below
“msg”: “Kerberos auth failure for principal user@domain.local with subprocess: kinit: Cannot contact any KDC for realm ‘domain.local’ while getting initial credentials”,
“unreachable”: true
So my question is
I am wondering if my ansible box is trying to auth against the DC. As I thought it would pass the creds to the windows box and have it auth off the DC.