Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 5986 default ssl;
- server_name localhost;
- ssl_certificate ssl/nginx.crt;
- ssl_certificate_key ssl/nginx.key;
- location /host-c {
- proxy_pass https://host-c-address:5986/wsman;
- }
- }
- [windows]
- host-c ansible_host=host-b ansible_winrm_path=host-c
- ansible_user: myuser
- ansible_pass: andmypass
- ansible_port: 5986
- ansible_connection: winrm
- ansible_winrm_realm: HOSTCDOMAIN.LOCAL
- ansible_winrm_scheme: https
- ansible_winrm_transport: kerberos
- ansible_winrm_server_cert_validation: ignore
- fatal: [host-c]: FAILED! => {"failed": true, "msg": "ssl: 401 Unauthorized."}
- [logging]
- default = FILE:/var/log/krb5libs.log
- kdc = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
- [libdefaults]
- default_realm = HOSTCDOMAIN.LOCAL
- dns_lookup_realm = false
- dns_lookup_kdc = false
- ticket_lifetime = 24h
- renew_lifetime = 7d
- forwardable = false
- [realms]
- AEBEL.LOCAL = {
- kdc = host-b
- }
- [domain_realm]
- .hostcdomain.local = HOSTCDOMAIN.LOCAL
- # kinit myuser@HOSTCDOMAIN.LOCAL
- Password for myuser@HOSTCDOMAIN.LOCAL:
- # klist
- Ticket cache: FILE:/tmp/krb5cc_0
- Default principal: myuser@HOSTCDOMAIN.LOCAL
- Valid starting Expires Service principal
- 03/12/2016 20:23:35 03/13/2016 06:23:35 krbtgt/HOSTCDOMAIN.LOCAL@HOSTCDOMAIN.LOCAL
- renew until 03/19/2016 20:23:31
- e# ansible-playbook test_win.yml -vvv
- Using /etc/ansible/ansible.cfg as config file
- 1 plays in test_win.yml
- PLAY [Ping windows] ************************************************************
- TASK [ping] ********************************************************************
- task path: /etc/ansible/test_win.yml:5
- <aebel-worker> ESTABLISH WINRM CONNECTION FOR USER: myuser on PORT 5986 TO host-b
- fatal: [host-c]: FAILED! => {"failed": true, "msg": "kerberos: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377))"}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement