Hello,
i'm hitting an issue with windows authentication and credential delegation.
That's the piece of playbook that has problem with privileges:
- name: define migrator command
set_fact:
migratore_command: "{{ backup_path }}\\Migrator\\DB.Migrator.exe
-s -connstring \"Server=application-listener.dev\\applications,64000;
Database=USERAPPDB; User Id=USERAPP; Integrated Security=True;\""
- name: Execute migrator
win_shell: "{{ migrator_command }}"
args:
chdir: "{{ backup_path }}\\Migrator"
register: migrator
failed_when: migrator.rc != 6
run_once: true
I'm connecting to the windows machine where DB.Migrator.exe is via winrm
authenticated through kerberos. Authentication works fine, because tasks
before this are working perfectly (copy, remove file, other win_shell,
unarchive, etc).
this DB.Migrator is a tool that uses my own credentials to connect to a
remote MSSQL application listener via integrated security and then updates
some data on that DB.
I'm hitting this error (returned by stdout of execution):
System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT
AUTHORITY\\ANONYMOUS LOGON'
On my inventory file i've set this parameters:
ansible_port=5986
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_winrm_transport=kerberos
ansible_winrm_kerberos_delegation=true
What i'm expecting is that with kerberos_delegation, the application will
connect using the ansible_user, not anonymous logon.
What is wrong?
Is possible to use become: to use a given user to run this task, using the
right permissions?
Thanks,
Luca
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/35124e9b-76fe-4e89-829b-e6bfe5de6916%40googlegroups.com.
