There's not much more I can really say, Windows ACLs are based on SIDs so
it needs to be able to translate a human readable name to the actual SID.
If the module is complaining that it's unable to to translate an identity
that's just what Windows is returning as it's unable to translate the name
to an actual SID. You shouldn't need become or credential delegation
enabled for this as the host will talk to the DC to translate the names
under it's own account. The only thing I would suggest is to try
translating it yourself through a win_shell task and see if it errors out
- win_shell: |
$account = [System.Security.Principal.NTAccount]'[email protected]'
$account.Translate([System.Security.Principal.SecurityIdentifier])
If that works then I'm not sure why the win_acl task is failing, you could
try the Netlogon form 'DOMAIN\group' but the UPN should work just fine
here. If the win_shell task fails then there's a problem with your host
setup.
Thanks
Jordan
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8d42492c-6b7e-4fa6-b96d-a83f5795d0c5%40googlegroups.com.
