[chef-dev] Re: Re: Re: Knife-windows: Can't authenticate


Chronological Thread 
  • From: Tim Green < >
  • To: Peter Loron < >
  • Cc:
  • Subject: [chef-dev] Re: Re: Re: Knife-windows: Can't authenticate
  • Date: Wed, 8 Aug 2012 19:22:49 -0400

If you haven't already tried it, why not create a local administrator account and see if you can use the plugin with this?

-Tim

On Wednesday, August 8, 2012 at 7:17 PM, Peter Loron wrote:

Yeah, I was using 5985 before I got the HTTPS endpoint set up. No difference.

When I put two backslashes in the username, it does not change the outcome. I do see that the output from the knife command shows both backslashes in the "failed to authenticate as" line.

-Pete

On Aug 8, 2012, at 3:59 PM, Tim Green wrote:

I noticed in your knife args (again, going back to KNIFE-25) that you used -p 5986.  Did you try changing to 5985 when you tested unencrypted auth settings?

Also, did you try separating the domain\user with domain\\user instead?  I think if you don't have '\\' as the separator the plugin might use the wrong code path for authentication.

-Tim

On Wednesday, August 8, 2012 at 6:54 PM, Peter Loron wrote:

Output below. For now I have enabled Basic auth as well as allowing unencrypted connections.

Thanks.

-Pete

PS C:\Windows\system32> winrm get winrm/config/service
Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 15
    EnumerationTimeoutms = 60000
    MaxConnections = 25
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true
    Auth
        Basic = true
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = false
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = *
    IPv6Filter = *
    EnableCompatibilityHttpListener = false
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint


On Aug 8, 2012, at 3:49 PM, Tim Green wrote:

Peter,

Maybe you could provide the output to the following command on the host you're trying to connect to?

winrm get winrm/config/service

I see from the ticket that you're not able to run it unencrypted, but it might be a good idea to try and make this work first.

-Tim

On Wednesday, August 8, 2012 at 6:43 PM, Peter Loron wrote:

Hello. I'm working on trying to get some tests completed using chef and the knife-windows plugin. I'm hoping to be able to prove out using chef to replace our deployment tooling as well as doing the usual infrastructure automation. The issue I'm running into is that while I can issue remote commands directly to another Windows machine via winrs, I cannot issue the same command using the knife-windows plugin. There is an existing ticket on this issue, which I have added my comments to:

http://tickets.opscode.com/browse/KNIFE_WINDOWS-25

I'm happy to work with the devs (in person is ok…I'm about 2 blocks from the Opscode office) in getting this solved.

Thanks!

-Pete








Archive powered by MHonArc 2.6.16.

§