Ansible - Setting up kerberos authentication
Рет қаралды 9,835
Күн бұрынHere is the counterpart of the previous video about setting up winrm. In this video we setup kerberos authentication to allow ansible to manage windows hosts which are joined to a specific domain with the help of a domain account. The setup is a bit tricky but once you get the feeling it comes natural.
Patreon: / r3ap3rpy
@Arun-vq8bs 2 жыл бұрын
Thanks for the video. I have a doubt. What is the domain controller actually ? Is the windows server we try to connect to?? Any documents or videos on it will be helpful.
@frankguan1111 3 жыл бұрын
Thanks much, this is what i am seeking for. It works in my lab !!
@karthika393 Жыл бұрын
Thanks for the explanation, I tried everything just like you did, but I am getting this error msg": "kerberos: requested auth method is kerberos, but requests_kerberos is not installed" verified everything as suggested by other stackoverflow pages.
@r3ap3rpy Жыл бұрын
You have to install the "requests_kerberos" package.
@karthika393 Жыл бұрын
@R3ap3rPy I did But it worked when I used another Linux host as master and followed your steps. It worked I am able to ping and run some win-packages on windows
@ValhallenExile 3 жыл бұрын
Of note for anyone trying to get Kerberos and HTTP 5985 winrm going with ansible on a debian based platform: The group variable called "ansible_winrm_message_encryption" needs to be set to "always" otherwise winrm requests will be denied with error 500 because they will be sent unencrypted. This is now apart of the ansible documentation aswell. Figured I would share as I spent nearly a day trying to figure this out lol. If after setting this variable you get an error message saying "ansible_winrm_message_encryption is set to always and isnt supported" then you are on the right track and just need to update pywinrm[kerberos] to the latest version.
@kevinserafin1466 5 жыл бұрын
Nice guide. Although I cant seem to get this working. Do we need to make changes in winrm config of target machines for kerberos as outlined in previous video for basic auth?
@r3ap3rpy 5 жыл бұрын
Well this is a more complex question. is xour machine domain joined? Did you edit your krb5.config file? Did you setup configuration in either the inventory or groupvara to make this work?
@suryagunisetti 4 жыл бұрын
Many thanks for the video, I have a doubt that cant we create a single inventory file in /etc/ansible/hosts by mentioning both Windows VMs FQDNs in a host group called Win VMs and variables such as username,pwd,connection etc in Win VMs:vars instead of creating 2 host inventories ?
@r3ap3rpy 4 жыл бұрын
Surya Gunisetti inwould have only one inventory.
@ronp8319 4 жыл бұрын
Great demo! Got it working all the way. But is there a way we can do this without adding the domain user to local admin group? Please suggest the solution or do a video.
@r3ap3rpy 4 жыл бұрын
Hi, you dont have to add the user to the admins. However certain commands will fail due to the lack of privilege.
@ronp8319 4 жыл бұрын
R3ap3rPy i tried removing the user from local admin group but creds are getting rejecting that time
@cloudmalayaz7923 3 жыл бұрын
Hi thanks for the tutor. I'm facing HTTPS Tunnel error. Can you help me with this?
@r3ap3rpy 3 жыл бұрын
Whats the exact error message?
@cloudmalayaz7923 3 жыл бұрын
@@r3ap3rpy the tunnel error already gone but new error prompt out which is Kerberos Unable to authenticate response
@venkateshd1480 4 жыл бұрын
Do we need to generate keytab using ktpass command from windows machine as a first step?? ktpass princ host/fully_qualified_Vector_host_name@DOMAIN.COM mapuser user -pass password out krb5-1.keytab
@r3ap3rpy 4 жыл бұрын
Nope
@venkateshd1480 4 жыл бұрын
@@r3ap3rpy Why i asked this question is my windows machine is not the domain controller and i don't have access to active directory to create a user in that .. If i use the login credentials as the ansible user/password it doesn't work. I am getting 'kinit: KDC reply did not match expectations while getting initial credentials'
@r3ap3rpy 4 жыл бұрын
Well you need to distinguish between domain and local users and ubderstand the difference.
@venkateshd1480 4 жыл бұрын
@@r3ap3rpy I have a local user added to the administration group. Can i use that as ansible_user/password for kerberos? P.S: I am able to connect to manage windows using that user via basic authentication.
@r3ap3rpy 4 жыл бұрын
As I said you need to clear things up regarding topics of ansible authentication... you cannot use local users for kerberos authentication...
@88whitetiger 5 жыл бұрын
audio too soft.
@r3ap3rpy 5 жыл бұрын
Never thought that would be a problem 😅
НТК Show
Рет қаралды 584 М.
AnythingAlexia
Рет қаралды 22 МЛН
Funny daughter's daily life
Рет қаралды 19 МЛН
VirtualizationHowto
Рет қаралды 11 М.