Linux服务器上的Ansible可以';t ping Windows服务器
我正在尝试从已安装Ansible的Linux服务器ping Windows服务器:Linux服务器上的Ansible可以';t ping Windows服务器,ansible,kerberos,winrm,Ansible,Kerberos,Winrm,我正在尝试从已安装Ansible的Linux服务器ping Windows服务器: ansible windows -i etc/ansible/hosts -m win_ping -u user@REALM.NET -vvvv 我得到这个错误: <server.com> ESTABLISH WINRM CONNECTION FOR USER: on PORT 5985 TO server.com <server.com> WINRM CONNECT: trans
ansible windows -i etc/ansible/hosts -m win_ping -u user@REALM.NET -vvvv
我得到这个错误:
<server.com> ESTABLISH WINRM CONNECTION FOR USER: on PORT 5985 TO server.com
<server.com> WINRM CONNECT: transport=kerberos endpoint=http://server.com:5985/wsman
...
File "/usr/lib/python2.6/site-packages/winrm/transport.py", line 167, in __init__
kerberos.authGSSClientStep(krb_context, '')
GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968),
('Server not found in Kerberos database', -1765328377))
etc/ansible/group_vars/windows.yml
ansible_user: user@REALM.NET
ansible_pass: password
ansible_port: 5985
ansible_connection: winrm
etc/krb5.conf
[libdefaults]
dns_lookup_kdc = true
dns_lookup_realms = false
default_realm = REALM.NET
[realms]
REALM.NET = {
kdc = server.com
}
[domain_realm]
.server.com = REALM.NET
我还更新了中提到的transport.py
有什么办法解决这个问题吗?好的,所以我不知道这是否有帮助,但是从这篇文章来看,您需要确保Linux机器加入到域中才能使用Kerberos。这里有一个链接,解释如何您是否在域用户上进行了kinit@liviu costea是的,我负责kinituser@REALM.NET. 当我运行klist:Ticket cache:FILE:/tmp/krb5cc_0默认主体时:user@REALM.NET有效启动过期服务主体10/11/15 20:40:36 10/12/15 06:40:52 krbtgt/REALM。NET@REALM.NET更新至2015年12月10日20:40:36我在尝试这样做时遇到了另一个问题(见表1.9.2),GypHyVAR/WORDOWS.YML仍然在中间使用“SSH”的旧版本,所以有点像:ANSILBLYSSHSUSER,ANSIBLYSH SUPASS,ANSIBLYSH端口,ANSIBLYSH连接
[libdefaults]
dns_lookup_kdc = true
dns_lookup_realms = false
default_realm = REALM.NET
[realms]
REALM.NET = {
kdc = server.com
}
[domain_realm]
.server.com = REALM.NET