I’m trying to connect to my first windows client after fresh ansible install

win_ping from ansible contoller to windows 2016

ANSIBLE VERSION

ansible --version
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/nfs/site/home/sys_ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]

CONFIGURATION

Nothing was changed.

OS / ENVIRONMENT

Using Ubuntu 14.04 LTS
Linux hostname1 3.13.0-137-generic #186-Ubuntu SMP Mon Dec 4 19:09:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Trying to connect to windows 2016 server in domain GER.CORP.COMPANY.COM

SUMMARY

$ ansible windows -m win_ping -vvvvvvvvvvvvv
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/nfs/site/home/sys_ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/__init__.pyc
META: ran handlers
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_ping.ps1
<hasjrwts01.ger.corp.company.com> ESTABLISH WINRM CONNECTION FOR USER: GER\SYS_ANSIBLE on PORT 5986 TO hasjrwts01.ger.corp.company.com
<hasjrwts01.ger.corp.company.com> WINRM CONNECT: transport=ssl endpoint=https://hasjrwts01.ger.corp.company.com:5986/wsman
<hasjrwts01.ger.corp.company.com> WINRM CONNECTION ERROR: the specified credentials were rejected by the server
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/winrm.py", line 222, in _winrm_connect
    self.shell_id = protocol.open_shell(codepage=65001)  # UTF-8
  File "/usr/local/lib/python2.7/dist-packages/winrm/protocol.py", line 157, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/local/lib/python2.7/dist-packages/winrm/protocol.py", line 234, in send_message
    resp = self.transport.send_message(message)
  File "/usr/local/lib/python2.7/dist-packages/winrm/transport.py", line 256, in send_message
    response = self._send_message_request(prepared_request, message)
  File "/usr/local/lib/python2.7/dist-packages/winrm/transport.py", line 266, in _send_message_request
    raise InvalidCredentialsError("the specified credentials were rejected by the server")
InvalidCredentialsError: the specified credentials were rejected by the server

hasjrwts01.ger.corp.company.com | UNREACHABLE! => {
    "changed": false,
    "msg": "ssl: the specified credentials were rejected by the server",
    "unreachable": true
}

STEPS TO REPRODUCE

followed the instructions to install ansible
apt-add-repository ppa:ansible/ansible
apt-get install ansible
apt-get install python-dev libkrb5-dev krb5-user
apt-get install python-pip git libffi-dev libssl-dev -y
pip install ansible pywinrm
pip install ansible pywinrmapt-get install python-dev libkrb5-dev krb5-user
pip install cryptography
pip install kerberos
pip install ntlm-auth
pip install pykerberos
pip install "pywinrm>=0.2.2"
pip install "pywinrm>=0.2.2"--upgrade
pip install pywinrm[credssp]
pip install pywinrm[kerberos]
pip install requests
pip install requests-kerberos
pip install requests_kerberos --upgrade
pip install requests_ntlm
pip install requests_ntlm --upgrade
pip install --upgarde setuptools
pip install --upgrade setuptools
pip list
pip list | grep -i kerberos

# pip list
adium-theme-ubuntu (0.3.4)
ansible (2.4.2.0)
apt-xapian-index (0.45)
argparse (1.2.1)
asn1crypto (0.24.0)
certifi (2017.11.5)
chardet (3.0.4)
colorama (0.2.5)
command-not-found (0.3)
cryptography (2.1.4)
dblatex (0.3.4.post3)
debtagshw (0.1)
defer (1.0.6)
dirspec (13.10)
dnspython (1.11.1)
duplicity (0.6.23)
html5lib (0.999)
httplib2 (0.8)
idna (2.6)
Jinja2 (2.7.2)
kerberos (1.2.5)
lockfile (0.8)
lxml (3.3.3)
Mako (0.9.1)
Markdown (2.4)
MarkupSafe (0.18)
ntlm-auth (1.0.6)
oauthlib (0.6.1)
oneconf (0.3.7.14.4.1)
PAM (0.4.2)
paramiko (1.10.1)
pexpect (3.1)
Pillow (2.3.0)
pip (1.5.4)
piston-mini-client (0.7.5)
pyasn1 (0.2.3)
pycrypto (2.6.1)
pycups (1.9.66)
pycurl (7.19.3)
Pygments (1.6)
pygobject (3.12.0)
pykerberos (1.2.1)
pyOpenSSL (0.13)
pyserial (2.6)
pysmbc (1.0.14.1)
python-apt (0.9.3.5ubuntu2)
python-debian (0.1.21-nmu2ubuntu2)
pywinrm (0.3.0)
pyxdg (0.25)
PyYAML (3.10)
reportlab (3.0)
requests (2.18.4)
requests-kerberos (0.12.0)
requests-ntlm (1.1.0)
rsa (3.4.2)
sessioninstaller (0.0.0)
setuptools (38.2.5)
six (1.5.2)
software-center-aptd-plugins (0.0.0)
system-service (0.1.6)
Twisted-Core (13.2.0)
Twisted-Web (13.2.0)
unity-lens-photos (1.0)
urllib3 (1.22)
wheel (0.24.0)
wsgiref (0.1.2)
xdiagnose (3.6.3build2)
xmltodict (0.11.0)
zope.interface (4.0.5)

$ cat /etc/ansible/hosts
[windows]
hasjrwts01.ger.corp.company.com

$ cat /etc/ansible/group_vars/windows.yml
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml

ansible_winrm_realm: GER.CORP.COMPANY.COM
ansible_user: GER\SYS_ANSIBLE
ansible_password: "password"
ansible_port: 5986
ansible_connection: winrm
# The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates:
ansible_winrm_server_cert_validation: ignore
ansible_winrm_scheme: https

klist
Ticket cache: FILE:/tmp/krb5cc_30254
Default principal: sys_ansible @ GER.CORP.COMPANY.COM

Valid starting       Expires              Service principal
01/07/2018 14:43:28  01/08/2018 00:43:22  krbtgt/GER.CORP.COMPANY.COM @ GER.CORP.COMPANY.COM
        renew until 02/06/2018 14:43:22

EXPECTED RESULTS

I expect a success result.

ACTUAL RESULTS

As shown above.
Server output:

>winrm get winrm/config/Service
Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-2052111302-1275210071-1644491937-1181420)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true
    Auth
        Basic = true
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = false
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = * [Source="GPO"]
    IPv6Filter = * [Source="GPO"]
    EnableCompatibilityHttpListener = true
    EnableCompatibilityHttpsListener = true
    CertificateThumbprint
    AllowRemoteAccess = true [Source="GPO"]

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          1/7/2018 2:46:50 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      hasjrwts01.ger.corp.company.com
Description:
An account failed to log on.

Subject:
	Security ID:		NETWORK SERVICE
	Account Name:		HASJRWTS01$
	Account Domain:		GER
	Logon ID:		0x3E4

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		GER\sys_ansible
	Account Domain:		HASJRWTS01

Failure Information:
	Failure Reason:		Unknown user name or bad password.
	Status:			0xC000006D
	Sub Status:		0xC0000064

Process Information:
	Caller Process ID:	0x628
	Caller Process Name:	C:\Windows\System32\svchost.exe

Network Information:
	Workstation Name:	HASJRWTS01
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-07T12:46:50.957536400Z" />
    <EventRecordID>123034</EventRecordID>
    <Correlation ActivityID="{B11A9E20-82C6-0016-219E-1AB1C682D301}" />
    <Execution ProcessID="1032" ThreadID="25612" />
    <Channel>Security</Channel>
    <Computer>hasjrwts01.ger.corp.company.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-20</Data>
    <Data Name="SubjectUserName">HASJRWTS01$</Data>
    <Data Name="SubjectDomainName">GER</Data>
    <Data Name="SubjectLogonId">0x3e4</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">GER\sys_ansible</Data>
    <Data Name="TargetDomainName">HASJRWTS01</Data>
    <Data Name="Status">0xc000006d</Data>
    <Data Name="FailureReason">%%2313</Data>
    <Data Name="SubStatus">0xc0000064</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">Advapi  </Data>
    <Data Name="AuthenticationPackageName">Negotiate</Data>
    <Data Name="WorkstationName">HASJRWTS01</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x628</Data>
    <Data Name="ProcessName">C:\Windows\System32\svchost.exe</Data>
    <Data Name="IpAddress">-</Data>
    <Data Name="IpPort">-</Data>
  </EventData>
</Event>

NB1: It’s working with a local admin user and the user sys_ansible is admin on the windows machine.

NB2: The servers show the request id as :

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		GER\sys_ansible
	Account Domain:		HASJRWTS01

But a successfull login should be like

Subject:
	Security ID:		GER\sys_ansible
	Account Name:		sys_ansible
	Account Domain:		GER

That’s all for now
Where do i miss something?

Thanks.

I believe https://github.com/ansible/ansible/issues/34552 may be from yourself as well, I’ll post my response here to go into a bit more detail.

By default, the winrm connector inside Ansible uses basic auth as the transport authentication mechanism. You can see this happening as your error message says

"msg": "ssl: the specified credentials were rejected by the server",

Due to the way that pywinrm was originally written, “ssl” means that basic auth over HTTPS was done and we can’t change this without breaking various people’s playbooks that may rely on this behaviour. When specifying an ansible_user in the UPN format (username@REALM), the Ansible code picks this up as you want to authenticate with a domain account and will automatically change the selected auth mechanism from “ssl” to “kerberos” so theoretically all you need to do is change your username to use the UPN format, e.g. set ansible_user: sys_ansible@GER.CORP.COMPANY.COM in your inventory.

I prefer to take it a step further where you explicitly state what auth you want to use to avoid default behaviour like this from occuring, you can do this by setting ansible_winrm_transport: kerberos. When this is set you can keep the username in the current format and the underlying libraries will parse it for you. Ultimately what I would personally do is set your group_vars to be

ansible_user: sys_ansible@GER.CORP.COMPANY.COM ansible_password: "password" ansible_port: 5986 ansible_connection: winrm ansible_winrm_transport: kerberos ansible_winrm_scheme: https ansible_winrm_server_cert_validation: ignore

Thanks

Jordan

Hello Jordan,
Yes, it was me, I didn’t know I should post here (searching for help lead me to the github page multiple times)
So i did as you suggested (have to say i tried it before) but i have another error, which confused me even more:

ansible windows -m win_ping -vvvv
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/nfs/site/home/sys_ansible/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/init.pyc
META: ran handlers
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_ping.ps1
<hasjrwts01.ger.corp.company.com> ESTABLISH WINRM CONNECTION FOR USER: sys_ansible @ GER.CORP.COMPANY.COM on PORT 5986 TO hasjrwts01.ger.corp.company.com
hasjrwts01.ger.corp.company.com | UNREACHABLE! => {
“changed”: false,
“msg”: “kerberos: requested auth method is kerberos, but requests_kerberos is not installed”,
“unreachable”: true
}
$ klist
Ticket cache: FILE:/tmp/krb5cc_30254
Default principal: sys_ansible @ GER.CORP.COMPANY.COM

Valid starting Expires Service principal
01/07/2018 23:14:46 01/08/2018 09:14:41 krbtgt/GER.CORP.COMPANY.COM @ GER.CORP.COMPANY.COM
renew until 02/06/2018 23:14:41

while checking the pip list:

$pip install requests_kerberos
Requirement already satisfied (use --upgrade to upgrade): requests_kerberos in /usr/local/lib/python2.7/dist-packages
Cleaning up…

$ pip list |grep -i kerb

kerberos (1.2.5)
pykerberos (1.2.1)
requests-kerberos (0.12.0)

I’m not sure how i get there…

Any other advice?

Thank you for your time!

This (or IRC) would be the best place for user help, Github is mostly for bug reports but sometimes you can mix the 2 together. You may need to uninstall the kerberos library, requests-kerberos uses the pykerberos package but they both have the same name which can cause conflicts. Otherwise everything else seems fine. One other thing to note, if you are on Ansible 2.3 or above you don’t need to manually get the kerb ticket with kinit, Ansible will do that for you.

Thanks

Jordan

Hello Jordan
So I cleanup my environment, and restart from the begininng.
When installing everything according to http://docs.ansible.com/ansible/latest/intro_windows.html
(had to install setuptools before cryptography could be installed which is needed by pywinrm)

After installing i get this message:

`
ansible windows -m win_ping -vvvv

ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/nfs/site/home/sys_ansible/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/init.pyc
META: ran handlers
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_ping.ps1
<hasjrwts01.ger.corp.company.com> ESTABLISH WINRM CONNECTION FOR USER: sys_ansible @ GER.CORP.COMPANY.COM on PORT 5986 TO hasjrwts01.ger.corp.company.com
hasjrwts01.ger.corp.company.com | UNREACHABLE! => {
“changed”: false,
“msg”: “kerberos: the python kerberos library is not installed”,
“unreachable”: true
}

`

Then i installed

`

pip install pykerberos

Downloading/unpacking pykerberos
Downloading pykerberos-1.2.1.tar.gz
Running setup.py (path:/tmp/pip_build_root/pykerberos/setup.py) egg_info for package pykerberos
Installing collected packages: pykerberos
Running setup.py install for pykerberos
building ‘kerberos’ extension
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.7 -c src/kerberos.c -o build/temp.linux-x86_64-2.7/src/kerberos.o -DGSSAPI_EXT
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.7 -c src/kerberosbasic.c -o build/temp.linux-x86_64-2.7/src/kerberosbasic.o -DGSSAPI_EXT
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.7 -c src/kerberosgss.c -o build/temp.linux-x86_64-2.7/src/kerberosgss.o -DGSSAPI_EXT
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.7 -c src/kerberospw.c -o build/temp.linux-x86_64-2.7/src/kerberospw.o -DGSSAPI_EXT
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.7 -c src/base64.c -o build/temp.linux-x86_64-2.7/src/base64.o -DGSSAPI_EXT
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -D_FORTIFY_SOURCE=2 -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/src/kerberos.o build/temp.linux-x86_64-2.7/src/kerberosbasic.o build/temp.linux-x86_64-2.7/src/kerberosgss.o build/temp.linux-x86_64-2.7/src/kerberospw.o build/temp.linux-x86_64-2.7/src/base64.o -o build/lib.linux-x86_64-2.7/kerberos.so -Wl,-Bsymbolic-functions -Wl,-z,relro -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
Could not find .egg-info directory in install record for pykerberos
Successfully installed pykerberos
Cleaning up…

`

And now another error message

`

ansible windows -m win_ping -vvvv
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/nfs/site/home/sys_ansible/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/init.pyc
META: ran handlers
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_ping.ps1
<hasjrwts01.ger.corp.company.com> ESTABLISH WINRM CONNECTION FOR USER: sys_ansible @ GER.CORP.COMPANY.COM on PORT 5986 TO hasjrwts01.ger.corp.company.com
hasjrwts01.ger.corp.company.com | UNREACHABLE! => {
“changed”: false,
“msg”: “kerberos: requested auth method is kerberos, but requests_kerberos is not installed”,
“unreachable”: true
}

`

So i continue with my installations

pip install requests_kerberos

Downloading/unpacking requests_kerberos
Downloading requests_kerberos-0.12.0-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): cryptography>=1.3; python_version != “3.3” in /usr/local/lib/python2.7/dist-packages (from requests_kerberos)
Requirement already satisfied (use --upgrade to upgrade): pykerberos<2.0.0,>=1.1.8; sys_platform != “win32” in /usr/local/lib/python2.7/dist-packages (from requests_kerberos)
Requirement already satisfied (use --upgrade to upgrade): requests>=1.1.0 in /usr/local/lib/python2.7/dist-packages (from requests_kerberos)
Requirement already satisfied (use --upgrade to upgrade): idna>=2.1 in /usr/local/lib/python2.7/dist-packages (from cryptography>=1.3; python_version != “3.3”->requests_kerberos)
Requirement already satisfied (use --upgrade to upgrade): asn1crypto>=0.21.0 in /usr/local/lib/python2.7/dist-packages (from cryptography>=1.3; python_version != “3.3”->requests_kerberos)
Requirement already satisfied (use --upgrade to upgrade): six>=1.4.1 in /usr/lib/python2.7/dist-packages (from cryptography>=1.3; python_version != “3.3”->requests_kerberos)
Installing collected packages: requests-kerberos
Successfully installed requests-kerberos
Cleaning up…

And same error… seems we are back to what i had in the first place.

ansible windows -m win_ping -vvvv

ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/nfs/site/home/sys_ansible/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/init.pyc
META: ran handlers
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_ping.ps1
<hasjrwts01.ger.corp.company.com> ESTABLISH WINRM CONNECTION FOR USER: sys_ansible @ GER.CORP.COMPANY.COM on PORT 5986 TO hasjrwts01.ger.corp.company.com
hasjrwts01.ger.corp.company.com | UNREACHABLE! => {
“changed”: false,
“msg”: “kerberos: requested auth method is kerberos, but requests_kerberos is not installed”,
“unreachable”: true
}

Any more idea ?

Hi
I’ve reinstall it on Ubuntu 16.04 and the install was much more straight forward. And it works now!
Are you aware of any issue with ubuntu 14.04 or it may be my company build?

Thank you!

Good that you were able to get it working, I don’t know of any incompatibilities with Ubuntu 14.04 that could cause this but I think the issue is that requests_kerberos is failing to import a dependency which is being swallowed. If you wanted to try again you could run python manually and run

from requests_kerberos import HTTPKerberosAuth, REQUIRED, OPTIONAL, DISABLED

and see what happens. If it works I’m out of ideas but if it doesn’t it should tell you what dependency failed to load. Nevertheless you’ve got it working on a newer version which is great.

Thanks

Jordan