Open ndelo opened 6 years ago
I was able to rectify my problems. It seems I was running into 2 issues. 1) The winrm gem wants to validate the user/password options -- https://github.com/WinRb/WinRM/issues/270 -- which were missing from winrmexe.rb 2) The rundeck user cannot access krb tickets for my winrm user
I created a workaround for this by changing the 'auth' section of winrmexe.rb to the following:
when 'kerberos' system "echo #{pass} | kinit #{user} > /dev/null" connections_opts[:user] = user connections_opts[:password] = 'not_needed_for_krb' connections_opts[:transport] = :kerberos connections_opts[:realm] = realm
This satisfies the reqs of the gem and caches a krb ticket for my winrm AD service account.
Not sure if this is the right or best way to do things, but it's working in my test environment.
I have RD setup on a RedHat server and have Kerberos authentication configured on that server for our AD domain.
When I change the plugin auth to 'kerberos' instead of 'negotiate', I fail to connect with the following error:
Why does the error output specify I'm missing a 'user' option? I see a valid 'user' listed in the 'variables' output in my debug. I have tested that this user can log into my RD server locally using kerberos, and it passes my kinit tests.
Am I missing something here?