未知的Kerberos名称或服务

时间:2019-05-17 23:03:12

标签: windows ansible

我已经遇到了有关在CentO(控制计算机)上设置Ansible以与Windows主机一起使用的问题,已有3天了。

我从here运行ConfigureRemotingForAnsible.ps1来配置Windows主机。为了确保WinRM正确设置,我还使用了另一个Windows来验证两件事:

  • 运行Test-NetConnection -ComputerName 'win1.domain.local' -Port 5985/5986
  • 运行Test-WsMan -ComputerName 'win1.domain.local' -Port 5985/5986

从基于Windows的控制计算机进行测试,一切看起来都很好。我设法创建了PSSession和远程执行的脚本。

在CentOs机器上,我使用telnet测试正在监听的端口5985和5986。

我的group_vars / win.yml如下:

ansible_user: user@domain.local
ansible_password: Password
ansible_connection: winrm
ansible_winrm_transport: kerberos
ansible_port: 5986
ansible_winrm_server_cert_validation: ignore

我的主机只是下面机器的FQDN 

[win]
win1.domain.local

我的测试命令

ansible-playbook -i hosts playbook.yml -vvvv

我的剧本非常简单。只是检查目标Windows主机上的C:目录。到目前为止,我总是遇到这个问题:

Using module file /usr/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1
Pipelining is enabled.
<win1.domain.local> ESTABLISH WINRM CONNECTION FOR USER: user@domain.local on PORT 5986 TO win1.domain.local
calling kinit with subprocess for principal user@domain.local
/usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg force_preemptive, check installed version with pip list
  % (str(function), name))
/usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg delegate, check installed version with pip list
  % (str(function), name))
/usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg send_cbt, check installed version with pip list
  % (str(function), name))
/usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg principal, check installed version with pip list
  % (str(function), name))
/usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg sanitize_mutual_error_response, check installed version with pip list
  % (str(function), name))
/usr/lib/python2.7/site-packages/winrm/transport.py:299: UserWarning: Function <unbound method HTTPKerberosAuth.__init__> does not contain optional arg hostname_override, check installed version with pip list
  % (str(function), name))
fatal: [win1.domain.local]: UNREACHABLE! => {
    "changed": false, 
    "msg": "kerberos: HTTPSConnectionPool(host='win01-wmy4anstz.daa.local', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f30681818d0>: Failed to establish a new connection: [Errno -2] Name or service not known',))", 
    "unreachable": true
}

我不确定我缺少什么。我确实使用我的帐户user@domain.local测试了kerberos票证,但没有发现任何问题。

以下是我的包裹的版本

  • Ansible:2.8.0
  • Pywinrm:0.3.0
  • pykerberos:1.2.1
  • requests-kerberos:0.12.0

1 个答案:

答案 0 :(得分:0)

我在一台Windows 2016服务器上遇到了相同的问题,并通过了故障排除指南,但没有成功。

最后,我发现这与服务器名称大小写有关。在我的清单文件中,它的格式为-

hosts:
  server-win01.domain.local

ping server-win01.domain.local很好。 当我进行反向查询时,返回的值为:Server-Win01.domain.local。我们的一位员工在Active Directory DNS中以大写字母命名。当我将主机名更改为

hosts:
  Server-Win01.domain.local

ansible可以找到主机,并且剧本执行得很好。

相关问题
最新问题