I have setup my Ansible Tower and Windows Kerberos / Active Directory authentication as specified here. It is the same procedure explained in the official documentation too. For information here is what I did -
- Installed the suggested Kerberos packages in the Ubuntu server
- Edited the configuration files as suggested
I could verify that my configuration is working fine by running the kinit command as suggested -
kinit -C username@DOMAIN.COM
The klist command run after that showed the expected information
klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: username@DOMAIN.COM
Valid starting Expires Service principal
2016-05-03T10:59:04 2016-05-03T20:59:04 krbtgt/DOMAIN.COM@DOMAIN.COM
renew until 2016-05-04T10:58:59
My Ansible Tower inventory contains just one VM, where under the variables in host properties, I have specified the following details -
ansible_connection: winrm
ansible_port: "5986"
ansible_ssh_user: username@DOMAIN.COM
I suppose the password is not necessary since the ticket is obtained through the kinit command. I have tried adding the password above by specifying ansible_ssh_pass but that didn’t help.
Now when I run the ‘Job Template’ it fails instantly with this message.
TASK [setup] *******************************************************************
fatal: [VM-NAME]: FAILED! => {"failed": true, "msg": "kerberos: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('No Kerberos credentials available', -1765328243)), plaintext: 401 Unauthorized."}
How can I resolve this issue?