No Kerberos credentials available'

ken.krog82 · April 23, 2015, 5:32pm

I’m running ansible against a windows host for testing purposes. I can get pywinrm working against the host but when I attempt using either a domain account or an account local to the windows host specified in my ansible/hosts file I receive the error specified below. Any help or explanation would be appreciated thank you in advance.

Centos: 7Version: ansible 1.9.0.1

/etc/ansible/hosts

[windows]
corpigs8471b
#ntdvwqwebpcp02b

[windows:vars]
ansible_connection=winrm
ansible_ssh_user=username@domain.fqdn.net
ansible_ssh_pass=***************
ansible_ssh_port=5986

[root@corpigs8471b ansible]# ansible windows -m setup
corpigs8471b | FAILED => Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/ansible/runner/init.py”, line 582, in _executor
exec_rc = self._executor_internal(host, new_stdin)
File “/usr/lib/python2.7/site-packages/ansible/runner/init.py”, line 785, in _executor_internal
return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
File “/usr/lib/python2.7/site-packages/ansible/runner/init.py”, line 960, in _executor_internal_inner
conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file, delegate_host)
File “/usr/lib/python2.7/site-packages/ansible/runner/connection.py”, line 52, in connect
self.active = conn.connect()
File “/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py”, line 147, in connect
self.protocol = self._winrm_connect()
File “/usr/lib/python2.7/site-packages/ansible/runner/connection_plugins/winrm.py”, line 101, in _winrm_connect
protocol.send_message(‘’)
File “/usr/lib/python2.7/site-packages/winrm/protocol.py”, line 173, in send_message
return self.transport.send_message(message)
File “/usr/lib/python2.7/site-packages/winrm/transport.py”, line 195, in send_message
krb_ticket = KerberosTicket(self.krb_service)
File “/usr/lib/python2.7/site-packages/winrm/transport.py”, line 147, in init
kerberos.authGSSClientStep(krb_context, ‘’)
GSSError: ((‘Unspecified GSS failure. Minor code may provide more information’, 851968), (‘No Kerberos credentials available’, -1765328243))

Jonathan_Sabo · April 23, 2015, 6:17pm

It’s fixed in devel.

https://github.com/ansible/ansible/pull/10664

ken.krog82 · April 27, 2015, 4:29pm

Thank you. How do I upgrade to this version?
pip install -Iv ansible==10.6.6.4 --upgrade

Or is it best just to upgrade the two files specified in the release.

ken.krog82 · April 27, 2015, 4:37pm

Think this has the correct version1.9.1-0.1.rc1 has it is there a release candidate you recommend

ken.krog82 · April 27, 2015, 5:22pm

As a note I grabbed just those 2 files and updated them and receive the same error.
Thanks.
I am going to try the full latest release today if I can but having an issue grabbing it from git. We are behind a proxy and git does not appear to work well with cntlm. Going to try pip instead.

ken.krog82 · April 27, 2015, 6:55pm

I downloaded the lastest version and did a source./env-setupNow when I run ansible --version I receive

ansible --version
ansible 2.0.0
lib/ansible/modules/core: not found - use git submodule update --init lib/ansible/modules/core
lib/ansible/modules/extras: not found - use git submodule update --init lib/ansible/modules/extras
v2/ansible/modules/core: not found - use git submodule update --init v2/ansible/modules/core
v2/ansible/modules/extras: not found - use git submodule update --init v2/ansible/modules/extras
configured module search path = None

I still receive the kerberose error message.

ken.krog82 · April 29, 2015, 2:54pm

With the latest version I can get this to work with local machine credentials but not ldap.

ken.krog82 · May 1, 2015, 1:34am

As a note I’ve updated to version 2.0 and I’m using local credentials now and avoiding the ldap issue. If I get it to work I’ll post back here.

j.r.hawkesworth · May 1, 2015, 5:20pm

Hi,

If you want to use domain accounts, by the looks of things you probably need to set up your controller so it is a kerberos client and can acquire the credentials needed in order to connect via kerberos.

I suggest searching for ‘kerberos client setup’ for your controller platform.

Its probably a case of installing krb5-workstation and then configuring the /etc/krb5.conf file so kerberos knows where your domain controllers are.

Usually you can test by running

kinit user@DOMAIN

(in my experience DOMAIN has to be in upper case).

Hope this helps,

Jon

Topic		Replies	Views
pywinrm GSSError: No Kerberos credentials available Ansible Project windows	4	0	August 14, 2015
Ansible windows kerberos issue Ansible Project windows	4	0	January 23, 2016
Kerberos Auth - the specified credentials were rejected by the server Ansible Project windows	6	2	April 6, 2017
Ansible connecting to Windows host using pywinrm module over HTTP Ansible Project windows	3	0	June 19, 2020
Enable Kerberos Authentication for WinRM and Powershell exection on Windows Hosts Ansible Project windows	6	0	July 31, 2014

No Kerberos credentials available'

Related topics