Member-only story
Active Directory Authentication for Ansible Simplified
You can use your Active Directory Account to provision a Windows Domain Joined Instance
In an Enterprise environment, you may need to use Domain Credentials to access the resources since creation and maintenance local user account is an administrative overhead and security risk.
Installation and Configuration
- Configure WinRM on the server to be provisioned by Ansible
2. Install the required library on the Ansible server (e.g. Ansible Tower) -
3. Configure Realm on the Ansible Server — /etc/krb5.conf
4. Configure Inventory on the Ansible Server e.g. -
[windows_server]
1.2.3.4 ansible_host= host01.example.com
5. Configure Group Variable — either of http/https as below -
6. Run the Playbook -
ansible-playbook -i hosts.ini test.yaml -l “windows_server” -u x@EXAMPLE.COM -k -vvv
Troubleshooting
- Verify the you can authenticate using your domain credential -
a. kinit x@EXAMPLE.COM
b. klist
- GSSClient Error — kerberos: authGSSClientStep() failed: ((‘Unspecified GSS failure. Minor code may provide more information’, 851968), (‘Server not found in Kerberos database’, -1765328377))
Make sure the Windows Host is joined to the Domain and ansible_host in the inventory is setup using FQDN of the host.
3. Be sure to use latest version of Ansible — this was tested with Ansible 2.6.0
