If you try to connect with Ansible on a Windows machine with your active directory account you will get the error -> the specified credentials were rejected by the server
In order to connect through a domain account you should add some inventory variables and also install some additional components.
If you do not have the appropriate libraries installed, you should get the error shown on the below screenshot.
By trying to install kerberos and requests-kerberos through pip3 I got the error that is listed below.
sudo pip3 install requests-kerberos
Command "/usr/bin/python3.6 -u -c "import setuptools, tokenize;file='/tmp/pip-build-2v_1srr8/pykerberos/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-nkj0fa0v-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-2v_1srr8/pykerberos/
In order to resolve, first upgrade your pip3 setup tools
pip3 install --upgrade setuptools
Install python3-devel package and other required packages
yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation
Run setup with pip3 once again. The result should be successful.
Your inventory file should contain the below variables:
ansible_user = admin@DOMAIN.COM (capital letters) ansible_connection = winrm ansible_winrm_server_cert_validation = ignore ansible_password = ansible_become_user= admin@DOMAIN.COM ansible_become_method= runas ansible_winrm_transport = kerberos
You should also edit Kerberos config file:
vi /etc/krb5.conf
Adjust
[logging] // nothing to edit here [libdefaults] default_realm = DOMAIN.COM (capital letters) [realms] DOMAIN.COM (capital letters) = { kdc = dc1.domain.com kdc = dc2.domain.com admin_server = dc1.domain.com } [domain_realm] .domain.com = DOMAIN.COM
Grap a session for your user:
kinit -C admin@EXAMPLE.COM
And you finally can communicate with your Windows machines through an Active Directory account.
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html