I have long maintained that Ansible’s documentation is some of the best, if not best out there. However it is impossible to cover every single corner case in documentation which brings me to setting up Ansible to manage Windows, and authenticate via WinRM using Kerberos.
I wanted to work more with the Ansible Windows modules, so set out to build a new clean Ansible control machine. I set this up on CentOS 7 following the official documentation.
For CentOS 7, which I was using for my control machine, I needed an additinal python dependency in order to support Kerberos. When following the documentation, and told to run:
yum -y install python-devel krb5-devel krb5-libs krb5-workstation
You need to also add python-requests-kerberos, so your yum command would be:
yum -y install python-devel krb5-devel krb5-libs krb5-workstation python-requests-kerberos
This should allow you to authenticate to Windows machines with domain accounts, as opposed to local user accounts by following the remaining Ansible docs.
If you are unfamiliar with how to join Linux to Active Directory, check out this blog post, specifically the Joining Active Directory portion since you aren’t looking to create shares in Linux.
Here you can see the win_ping module successfully running
One quick additional note, the documentation also states you need to add
In your group_vars file if you have Python 2.7.9+ - but I have confirmed on my test machine that this is also required for 2.7.5, so be sure to include that. I have a pull request in to make that change.