Hi Jordan, On Thu, May 14, 2020 at 11:00 PM Jordan Borean <jborea...@gmail.com> wrote: > > It really depends on how the 'DB.Migrator.exe' binary is set to use > credentials over a network path. If it's trying to find a credential in the > user's DPAPI cred store then Kerberos with credential delegation is not > enough to unlock it. Your options for this case are either: > > Use become on the task with the connection user credentials > Use credssp as the transport > [cut]
I've used become, with become method runas, with kerberos and the result has been perfect, credential delegation has worked > I would also suggest you use win_command and not win_shell for this task. The > latter is only really useful if you want shell-isms, to run a binary > win_command is usually enough for you. My personal preference here is to use > become as that will do more than just fix credential delegation, it runs the > task in a similar security context as to how it is run interactively. [cut] > > A few things I've changed > > I've done away with the set_fact task as it shouldn't be needed > Used win_command instead of win_shell, the latter shouldn't be needed for > your task > Using a yaml multiline syntax '>' that turns newlines into spaces so the task > line isn't too long > Use a double quote for the executable argument. Because it's in a yaml > multilines string you don't need to escape that or backslashes making the > command line more representative of what will run > Use single quotes for quoting YAML values like you need for chdir, no need to > escape double quotes The changes you suggested have been precious, because solved also escaping issues i've been having! The task has been performed successfully, with the right user. Luca -- "E' assurdo impiegare gli uomini di intelligenza eccellente per fare calcoli che potrebbero essere affidati a chiunque se si usassero delle macchine" Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) "Internet è la più grande biblioteca del mondo. Ma il problema è che i libri sono tutti sparsi sul pavimento" John Allen Paulos, Matematico (1945-vivente) Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.l...@gmail.com> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKuX69r7pD_p_Av9UiuJqGh9Hmt10OhrkvkZs%2B%3DjVMtOmWWUSg%40mail.gmail.com.
