以下是我根据ansible设置kerberos之后的情况: http://docs.ansible.com/ansible/intro_windows.html
[libdefaults]
default_realm = MY.DOMAIN.COM
…
[realms]
MY.DOMAIN.COM = {
default_domain = my.domain.com
kdc = <domain-controller-server>.my.domain.com
kpasswd_server = <domain-controller-server>.my.domain.com
}
…
[domain_realm]
.my.domain.com = MY.DOMAIN.COM
…
我能够创建一个kerberos票,这是我的输出:
root@alex-VirtualBox:/etc/ansible# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <user_name>@MY.DOMAIN.COM
Valid starting Expires Service principal
04/07/2016 13:58:52 04/07/2016 23:58:52 krbtgt/MY.DOMAIN.COM@MY.DOMAIN.COM
renew until 04/08/2016 13:58:48
04/07/2016 14:02:20 04/07/2016 23:58:52 HTTP/<windows-target-server>.my.domain.com@MY.DOMAIN.COM
renew until 04/08/2016 13:58:48
所以我要做的就是运行ansible playbook甚至是一个简单的命令。但我收到这个错误,我很确定与ansible无关:
root@alex-VirtualBox:/etc/ansible# ansible windows -m win_ping --ask-vault-pass
Vault password:
<windows-target-server>.my.domain.com | FAILED! => {
"failed": true,
"msg": "kerberos: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)), plaintext: 401 Unauthorized."
}
我甚至继续创建了keytab文件:
> ktutil
ktutil: addent -password -p <user_name>@MY.DOMAIN.COM -k 1 -e rc4-hmac
provide password
ktutil: wkt <user_name>.keytab
ktutil: quit
但后来我得到了不同的错误:
root@alex-VirtualBox:/etc/ansible# ansible windows -m win_ping --ask-vault-pass
n2-2wbp-wbsvr01.na.msds.rhi.com | FAILED! => {
"failed": true,
"msg": "kerberos: (('An invalid name was supplied', 131072), ('Success', 100001)), plaintext: 401 Unauthorized."
}
答案 0 :(得分:1)
尝试将Windows主机条目的IP和主机名放在/ etc / hosts文件中,然后尝试:https://github.com/diyan/pywinrm/issues/21#issuecomment-58958732,https://github.com/diyan/pywinrm/issues/21#issuecomment-59084178
PS:
“在Kerberos数据库中找不到服务器” - 这通常意味着您运行kinit的Linux主机未加入域(即,域中没有正确配置的计算机帐户)。现有的文档无益于省略该要求......