hey guys,
so we have an ansible control machine on CentOS 6. it is trying to connect to and windows machine to do win_ping
the issue is that i keep receiving “FAILED => 401 Unauthorized. basic auth failed” when we use a user from the domain. it will only succeed once i creat a local user on the machine and add it to the Admin group.
any ideas on how to allow ansible to use a user from the active directory to access this machine?
Hosts file:
[windows]
HOST_NAME
[windows:vars]
ansible_ssh_user=[DomainUser]
ansible_ssh_pass=[Pass]
ansible_connection=winrm
Command & result:
ansible windows -m win_ping -i environments/…
HOST_NAME | FAILED => 401 Unauthorized. basic auth failed
thanks,
Hi,
First of all, use ansible 1.9.1 or latest development.
You need to install python kerberos module, as mentioned here.
http://docs.ansible.com/intro_windows.html#installing-on-the-control-machine
Then you need to configure your Ansible controller as a kerberos client so that it can authenticate against your domain controller. Search for ‘centos 6 kerberos client’ and you will find advice on how to set this up, but for centos the main steps are 1/ yum install krb5-workstation and 2/ configure your /etc/krb5.conf to point at your active directory domain controller.
Finally, before running Ansible, ensure that you have got a kerberos ticket to allow you to connect as a domain user. You can use the command
klist
to show this (once installed, it is part of krb5-workstation).
Probably a question better suited to Ansible Project mailing list in future too.
Hope that’s enough to get you started.
Jon