Login Credentials were rejected for Computers Attached to Active Directory

Archives Ansible Project
1

I have three 3 Windows computers. One is Windows server 2012, Other two are Windows 7 Desktop. Through Ansible I can individually manage all 3 windows machine through their local login account. Ansible Work Perfectly.

Now I configure AD in windows server 2012 and I joined two desktop computer to AD. Through Active Directory’s Administrator Account I can login through all 3 Windows Machines.

To Manage AD Account in ansible I installed keberos as mentioned in this documentaion.

My Configurations are as follow:

/etc/krb5.conf

[libdefaults]

default_realm = NAANAL.IN

[realms]

NAANAL.IN = {
    kdc = WIN2012.naanal.in
    default_domain = naanal.in
}

[domain_realm]

.naanal.in = NAANAL.IN

[login]

krb4_convert = true
krb4_get_tickets = false

Connection and Ticket Details:

kinit Administrator@NAANAL.IN
Password for Administrator@NAANAL.IN:

klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: Administrator@NAANAL.IN

Valid starting       Expires              Service principal
2016-07-10T20:41:25  2016-07-11T06:41:25  krbtgt/NAANAL.IN@NAANAL.IN
    renew until 2016-07-11T20:40:33

Now I just try to ping my all windows machines through the account Administrator@NAANAL.IN

Here is my Configuration and output :

hosts

[windows]
192.168.1.13  -> Windows 7 Desktop Attached to AD
192.168.1.23  -> Windows 7 Desktop Attached to AD
172.30.64.77  -> Windows 2012 with AD

group_vars/windows.yaml

ansible_user: Administrator@NAANAL.IN
ansible_password: p@ssw0rd1
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore

While I run ansible windows -i hosts -m win_ping

192.168.1.13 | UNREACHABLE! => {
"changed": false,
"msg": "ssl: the specified credentials were rejected by the server",
"unreachable": true
}
192.168.1.23 | UNREACHABLE! => {
"changed": false,
"msg": "ssl: the specified credentials were rejected by the server",
"unreachable": true
}
172.30.64.77 | SUCCESS => {
"changed": false,
"ping": "pong"
}

i.e In Ansible, I can’t login into computers attached to AD through AD user account. Where I miss things ?

Note: I enabled Remote Connections in Desktops. Also tried with firewall disabled.

2

So, for some reason it is trying to connect via ssl and not kerberos.

I can think of two things for you to try:

1/ ensure you have install the python kerberos library as described here: http://docs.ansible.com/ansible/intro_windows.html#installing-python-kerberos

Without this ansible will ‘fall back’ to attempting ssl connection, which will fail as you are using a domain user. This is also needed (it is not included the packages listed here): http://docs.ansible.com/ansible/intro_windows.html#installing-python-kerberos-dependencies

2/ Switch to hostnames instead of ip addresses in your inventory. Kerberos needs fully functioning DNS to work properly.

Hope this helps,

Jon