[ansible-project] Re: Swapping credentials

[Dave York]

Thanks Jordan, I think you kicked me in the right direction, but still 
missing something.  I'm following your guidance somewhat, but I'm adding 
the inventory within the playbook instead of in the inventory:

  - name: add new host staging_domain to inventory
    add_host: 
      name: staging_domain
      ansible_host: serverA.internal.domain
      ansible_user: '{{ ansible_user }}'
      ansible_password: '{{ ansible_password }}'
      ansible_connection: winrm
      ansible_port: 5985

  - name: add new host staging_localadmin to inventory
    add_host: 
      name: staging_localadmin
      ansible_host: serverA.internal.domain
      ansible_user: Administrator
      ansible_password: '{{ randopass }}'
      ansible_connection: winrm
      ansible_port: 5985

The above works when I connect to staging_localadmin, but does NOT when I 
connect to staging_domain.  

When connecting to staging_domain, I get:

plaintext: the specified credentials were rejected by the server

I'm running this from tower, so the {{ ansible_user }} and {{ 
ansible_password }} I'm passing staging_domain should be the machine 
credentials.  I verified this with some debug statements.  


On Friday, February 28, 2020 at 4:48:20 PM UTC-8, Jordan Borean wrote:
>
> What you have there is one way but by default WinRM only allows local 
> administrators to connect to the host so you need to make sure you either 
> the domain user is also a local admin or adjust the WinRM security to allow 
> non-admins to connect.
>
> Another option is to define the host twice in your inventory like so
>
> [windows]
> serverA_local  ansible_host=serverA.internal.domain 
> ansible_user=administrator 
> ansible_password=pass
> serverA_domain  ansible_host=serverA.internal.domain ansible_user=DOMAIN\user 
> ansible_password=pass
>
> [windows:vars]
> ansible_connection=winrm
> ansible_port=5985
>
> In your play you would set hosts: serverA_local for the local inventory 
> entry and hosts: serverA_domain for the domain inventory.
>
> Thanks
>
> Jordan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a1032a8c-b24d-455b-8162-58948bc3b7cc%40googlegroups.com.