Hi Jordan, On Thu, May 14, 2020 at 11:00 PM Jordan Borean <[email protected]> wrote: > > It really depends on how the 'DB.Migrator.exe' binary is set to use > credentials over a network path. If it's trying to find a credential in the > user's DPAPI cred store then Kerberos with credential delegation is not > enough to unlock it. Your options for this case are either: > > Use become on the task with the connection user credentials > Use credssp as the transport > [cut]
I've used become, with become method runas, with kerberos and the result has been perfect, credential delegation has worked > I would also suggest you use win_command and not win_shell for this task. The > latter is only really useful if you want shell-isms, to run a binary > win_command is usually enough for you. My personal preference here is to use > become as that will do more than just fix credential delegation, it runs the > task in a similar security context as to how it is run interactively. [cut] > > A few things I've changed > > I've done away with the set_fact task as it shouldn't be needed > Used win_command instead of win_shell, the latter shouldn't be needed for > your task > Using a yaml multiline syntax '>' that turns newlines into spaces so the task > line isn't too long > Use a double quote for the executable argument. Because it's in a yaml > multilines string you don't need to escape that or backslashes making the > command line more representative of what will run > Use single quotes for quoting YAML values like you need for chdir, no need to > escape double quotes The changes you suggested have been precious, because solved also escaping issues i've been having! The task has been performed successfully, with the right user. Luca -- "E' assurdo impiegare gli uomini di intelligenza eccellente per fare calcoli che potrebbero essere affidati a chiunque se si usassero delle macchine" Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) "Internet è la più grande biblioteca del mondo. Ma il problema è che i libri sono tutti sparsi sul pavimento" John Allen Paulos, Matematico (1945-vivente) Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <[email protected]> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKuX69r7pD_p_Av9UiuJqGh9Hmt10OhrkvkZs%2B%3DjVMtOmWWUSg%40mail.gmail.com.
