Member-only story

Active Directory Authentication for Ansible Simplified

Ripon Banik
1 min readApr 16, 2019

--

You can use your Active Directory Account to provision a Windows Domain Joined Instance

In an Enterprise environment, you may need to use Domain Credentials to access the resources since creation and maintenance local user account is an administrative overhead and security risk.

Installation and Configuration

  1. Configure WinRM on the server to be provisioned by Ansible

2. Install the required library on the Ansible server (e.g. Ansible Tower) -

3. Configure Realm on the Ansible Server — /etc/krb5.conf

4. Configure Inventory on the Ansible Server e.g. -

[windows_server]

1.2.3.4 ansible_host= host01.example.com

5. Configure Group Variable — either of http/https as below -

6. Run the Playbook -

ansible-playbook -i hosts.ini test.yaml -l “windows_server” -u x@EXAMPLE.COM -k -vvv

Troubleshooting

  • Verify the you can authenticate using your domain credential -

a. kinit x@EXAMPLE.COM

b. klist

  • GSSClient Error — kerberos: authGSSClientStep() failed: ((‘Unspecified GSS failure. Minor code may provide more information’, 851968), (‘Server not found in Kerberos database’, -1765328377))

Make sure the Windows Host is joined to the Domain and ansible_host in the inventory is setup using FQDN of the host.

3. Be sure to use latest version of Ansible — this was tested with Ansible 2.6.0

--

--

Ripon Banik
Ripon Banik

Written by Ripon Banik

A Cloud and DevSecOps Engineer and Consultant, passionate about simplification of technology and make it consumable. https://www.linkedin.com/in/riponbanik/

No responses yet

Write a response