Error kerberos auth failure for principal when you run win_ping from Ansible to Windows

Problem Description: When you run win_ping from Ansible tower against Windows server and use domain credentials you get “Kerberos auth failure for principal” error.

when you run win_ping from Ansible to Windows
Error Kerberos auth failure for principal when you run win_ping from Ansible to Windows

There could be multiple reasons behind the issue, please see the solution section for all possible cause and solutions.

Solution:

  1. Make sure you have installed Kerberos on the Ansible machine and krb5.conf file is configured. Please note it is krb5.conf  and not krb.conf.  The file is /etc/krb5.conf

Please make sure the domain name you enter in config file is capitalized.

Cannot find KDC for realm

2. Please make sure you are using FQDN of the target machine of windows server and not IP address of machine, also make sure you are able to resolve the target machine FQDN from the Ansible server.

3. In the credentials section, the domain account that you are using should be in the format of [email protected]

As we have entered domain name in CAPITAL letters in krb5.conf file, in the credentials section the domain name must be entered in CAPITAL letters.

entered domain name in CAPITAL letters in krb5.conf file

Leave a Reply

Your email address will not be published. Required fields are marked *