I've checked the eventlog and it appears that ansible was trying to become
root instead of the username from the vars.
I've dig again here to find some examples of become and i found one of your
answers:
https://groups.google.com/forum/#!searchin/ansible-project/windows$20become%7Csort:date/ansi
Also Tried
---
- hosts: windows
gather_facts: no
vars:
- username: ansible@DOMAIN
- password: password
become_method: runas
tasks:
- name: Check Visual studio Code file
win_stat:
path: \\some\dfs\path\VSCodeSetup-1.8.1.exe
register: result
state: present
become: yes
And got:
ansible-playbook 2.5.
Win_package is working fine locally. I'm downloading all the SW i need and
install them locally
win_stat:
TASK [Check Visual studio Code file]
**
What I would try so that we can narrow down the issue
* Run win_package but set the path to a local path and see if that works
* Run a win_stat of the network path executable and see if it sees the file
(exists is True)
* Use the username/password options and set it to "{{ ansible_user }}" and
"
Of course
The inventory file is just hostnames so i don't think there is a need to
post it.
# cat group_vars/windows.yml
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml
ansible_user: ansible
#password goes here when you don't want to use
Can you share your playbook or tasks to reproduce this, the error message
here isn't enough on its own to work out what is needed?
Many thanks,
Jon
On Monday, February 5, 2018 at 1:00:24 PM UTC, Jeremie Levy wrote:
>
> Thanks Jordan
> So i have this option activated since the beginning but the
Thanks Jordan
So i have this option activated since the beginning but the double hop is
not resolved.
What extra configuration is needed here?
WINRM CLOSE SHELL: 22A19915-A7B0-4AFB-B840-263A9980023A
WINRM RESULT u''
WINRM STDOUT
WINRM S
By default, the Kerberos ticket does not have delegation enabled, you can
set
ansible_winrm_kerberos_delegation: True
in your host vars and Ansible will set the delegation flag required to get
a kerb ticket with delegation. If this doesn't work you may need to
configure your AD environment to
Thank you Jordan,
So i'm using Kerberos and i'm missing the "with delegation" part.
Can you point me to how and where to configure this option ?
Thank you!
On Wednesday, January 31, 2018 at 12:05:41 AM UTC+2, Jordan Borean wrote:
>
> TLDR: for Windows to authenticate with another server (double-h
TLDR: for Windows to authenticate with another server (double-hop), it will
either need a Kerberos ticket with the delegation flag or the user's actual
credentials (CredSSP/become) there is no way around that. If there is that
is a security issue with Windows and should be fixed by Microsoft.
C
I see this topic but it not answers to my querstion. Common scenarioo when
all servers are on windows server is covered in article.
вторник, 30 января 2018 г., 12:43:46 UTC+3 пользователь Павел Полушин
написал:
>
> Hello.
> I have security-related question.
> In our environment we use ansible
There was a recent post on Reddit about this...
Here it is:
https://www.reddit.com/r/PowerShell/comments/7qra9r/double_hop_solvers_and_resourcebased_kerberos/
CredSSP isn't really the best way to go about this. And I think this post
should go on Git as Ansible needs a better way to cover double
12 matches
Mail list logo
