You definitely can allow a non admin account to run through WinRM but it is
definitely not something that is enabled by default and would require some
fiddling with the SSDL and endpoint ACLs. This issue has most of the
information that is required to add a non
admin https://github.com/ansible/ansible/issues/16478. Trond is right
though usually you require admin priviledges to do anything in Windows like
install applications or change config so I don't see there being a large
case for this in Ansible. Happy to be proven otherwise though.
On Monday, March 27, 2017 at 7:17:59 AM UTC+10, Trond Hindenes wrote:
>
> I think it's possible to tweak the winrm service to allow non-admin logins
> but still - lots of the operations you perform against the server requires
> administrator proveliges anyways so I don't see the point in spending time
> on it.
>
> On Tuesday, February 28, 2017 at 3:02:41 PM UTC+1, J Hawkesworth wrote:
>>
>> Winrm is intended for system administration, so using with a regular, non
>> administrator user might not have sufficient grants/permissions.
>>
>> Can you make your local user a local administrator perhaps?
>>
>> On Thursday, February 16, 2017 at 10:12:20 AM UTC, Hmdi Bz wrote:
>>>
>>> no I'm not using a domain login, just a normal user (not an admin) , the
>>> User Account Control is disabled.
>>>
>>> update:
>>> I've tried to win_ping to the admin account and it work, the thing is I
>>> need it to work with just a normal account
>>>
>>> On Wednesday, February 15, 2017 at 12:56:52 PM UTC+1, J Hawkesworth
>>> wrote:
>>>>
>>>> "the specified credentials were rejected by the server" can often mean
>>>> the password doesn't match what's expected for the user name.
>>>>
>>>> Are you using a domain login? If so you'll need to set up the kerberos
>>>> support. If not check the windows event log to see which user it reckons
>>>> you are logging in as.
>>>>
>>>> Hope this helps,
>>>>
>>>> Jon
>>>>
>>>> On Tuesday, February 14, 2017 at 6:20:28 PM UTC, Hmdi Bz wrote:
>>>>>
>>>>> Hi,
>>>>> I'm using ansible on centos 7 guest on virtualBox using a bridged
>>>>> network with a windows host
>>>>> they can both ping each other. (windows address: 192.168.1.2, centos7
>>>>> address: 192.168.1.3)
>>>>> I'm using a basic winrm connection and I've already executed
>>>>> configureRemotingForAnsible.ps1 successfuly on the host along with these
>>>>> two commands:
>>>>>
>>>>> winrm set winrm/config/service/auth '@{Basic="true"}'
>>>>> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
>>>>>
>>>>> I've also disabled firewall on both sides.
>>>>> My windows account is not part of any Domain.
>>>>>
>>>>>
>>>>> ansible version is 2.2.1.0
>>>>> the inventory file: inv.ini
>>>>>
>>>>> [windowsTest]
>>>>> 192.168.1.2
>>>>> [windowsTest:vars]
>>>>> ansible_username=myUsername
>>>>> ansible_password=myPassword
>>>>> ansible_port=5985
>>>>> ansible_connection=winrm
>>>>> ansible_winrm_scheme=http
>>>>> ansible_winrm_server_cert_validation=ignore
>>>>> ansible_winrm_transport=basic
>>>>>
>>>>>
>>>>> when I execute :
>>>>>
>>>>> $ ansible windowsTest -i inv.ini -m win_ping
>>>>>
>>>>> I get this error:
>>>>>
>>>>> 192.168.1.2 |Unreachable! => {
>>>>> "changed": false,
>>>>> "msg": "basic: the specified credentials were rejected by the
>>>>> server",
>>>>> "unreachable": true
>>>>> }
>>>>>
>>>>> any Help?
>>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/cc50b4dc-8938-41e9-9d59-b62c4659151f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
