Windows domain account using Kerberos

Hi,

I want to access my windows machine using the domain account. I installed kerberos on my control node (centos) . And configured the krb5.conf as follows :

`
[realms]
MYDOMAIN.COM = {
kdc = my-domain-controller.com
}

[domain_realm]
.mydomain.com = MYDOMAIN.COM
`

In my windows.yml file i have the following details :

ansible_ssh_user: '[Administrator@MYDOMAIN.COM](mailto:Administrator@ETBDENVER.COM)' ansible_ssh_pass: 'mypassword' ansible_ssh_port: '5986' ansible_connection: 'winrm'

When i run the command kinit Administrator@MYDOMAIN.COM it prompts for the password but does nothing after i enter it. It just accepts it and moves on.
When i tried to ping my windows machine it returns the following error

Loaded callback minimal of type stdout, v2.0
ESTABLISH WINRM CONNECTION FOR USER: Administrator@MYDOMAIN.COM on PORT 5986 TO windowsip
windowsip | FAILED! => {
“failed”: true,
“msg”: “ERROR! plaintext: 401 Unauthorized. basic auth failed”
}

What is the issue here? Is there some more configuration that i need to do ? Like a certificate or sumthing on the windows machine?

Regards
Jugal Porwal

I think you probably just need to acquire a kerberos ticket.

Unless you have things set up so that you can log in to your ansible controller as a user on your domain, you won’t have a kerberos ticket (which is what lets you access the machines on your domain as a specific user).

I suggest you attempt to test that you can acquire a kerberos ticket as described here: http://docs.ansible.com/ansible/intro_windows.html#testing-a-kerberos-connection

If you have further problems, try the troubleshooting tips here: http://docs.ansible.com/ansible/intro_windows.html#troubleshooting-kerberos-connections

Jon