"You should set your hostname to be your FQDN, uppercased."
Never had an issue with this.
"name: initialize Kerberos ticket"
What's the use case for this Ansible task. Never had a need to manually generate tickets.
edit: didn't read it through; this is part of their automation pipeline
--
We manage 1000+ Windows Servers with Ansible and it's been as simple as Linux SSH. Multiple SOCKS5 proxies to different AD forests, WinRM double hop works great when become:true, GPO works just fine on Linux, initial setup is very simple with realmd. Biggest manual task is setting up the service accounts for Ansible.
"You should set your hostname to be your FQDN, uppercased."
Never had an issue with this.
"name: initialize Kerberos ticket"
What's the use case for this Ansible task. Never had a need to manually generate tickets.
edit: didn't read it through; this is part of their automation pipeline
--
We manage 1000+ Windows Servers with Ansible and it's been as simple as Linux SSH. Multiple SOCKS5 proxies to different AD forests, WinRM double hop works great when become:true, GPO works just fine on Linux, initial setup is very simple with realmd. Biggest manual task is setting up the service accounts for Ansible.
It’s not required, but it is a long standing convention with the justification that it makes for easier troubleshooting.
https://web.mit.edu/kerberos/www/krb5-latest/doc/admin/realm...
I went through a similar journey recently for the local development environment of my team.
I couldn't figure out yet, whether there is a reasonable and safe way to authenticate at an AD inside a GitHub Action. Anyone done that?