"You should set your hostname to be your FQDN, uppercased."
Never had an issue with this.
"name: initialize Kerberos ticket"
What's the use case for this Ansible task. Never had a need to manually generate tickets.
edit: didn't read it through; this is part of their automation pipeline
--
We manage 1000+ Windows Servers with Ansible and it's been as simple as Linux SSH. Multiple SOCKS5 proxies to different AD forests, WinRM double hop works great when become:true, GPO works just fine on Linux, initial setup is very simple with realmd. Biggest manual task is setting up the service accounts for Ansible.
mmh0000 2 hours ago [-]
It’s not required, but it is a long standing convention with the justification that it makes for easier troubleshooting.
Never had an issue with this.
"name: initialize Kerberos ticket"
What's the use case for this Ansible task. Never had a need to manually generate tickets.
edit: didn't read it through; this is part of their automation pipeline
--
We manage 1000+ Windows Servers with Ansible and it's been as simple as Linux SSH. Multiple SOCKS5 proxies to different AD forests, WinRM double hop works great when become:true, GPO works just fine on Linux, initial setup is very simple with realmd. Biggest manual task is setting up the service accounts for Ansible.
https://web.mit.edu/kerberos/www/krb5-latest/doc/admin/realm...
I couldn't figure out yet, whether there is a reasonable and safe way to authenticate at an AD inside a GitHub Action. Anyone done that?