chef - [chef] Re: Re: RE: Knife-Windows and Domain Authentication

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: RE: Knife-Windows and Domain Authentication

From: Paul Morton - BIA < >
To: " " < >
Subject: [chef] Re: Re: RE: Knife-Windows and Domain Authentication
Date: Wed, 25 Jul 2012 14:02:01 -0700
Accept-language: en-US
Acceptlanguage: en-US

Interestingly, If you are using domain authentication, you should not need to enable basic auth. Domain authentication uses NTLM by default. If domain authentication is not working with basic off, that would be helpful to know.

Paul

From: Tim Green < "> >
Reply-To: " "> " < "> >
To: " "> " < "> >
Subject: [chef] Re: RE: Knife-Windows and Domain Authentication

Derek,

I just wrestled for this for a little while, and I was able to resolve the issue by doing the following:

1. Login to Windows 2008R2 box.

2. Run winrm get winrm/config/service

3. Look for the following parameters:

AllowUnencrypted = false

Auth

Basic = false

4. Flip both of these to true. Syntax for winrm is a bit painful, so let me just give you the commands to run:

- winrm set winrm/config/service @{AllowUnencrypted="true"}

- winrm set winrm/config/service/auth @{Basic="true"}

5. Try running knife again, using the same syntax you showed us below.

AFAIK this should work with both versions of knife-windows that you've been working with. I tested with 0.5.8.

Hope this helps.

-Tim

On Tuesday, July 24, 2012 at 5:28 PM, Derek Schultz wrote:

By the way, this was with version 0.5.8 of Knife-Windows. I did a gem uninstall, cloned the latest 0.5.10.rc.1 from GitHub, built and installed the gem and am still experiencing the same issue. Any ideas are welcome J

Cheers,
Derek
From: Derek Schultz [ ">mailto: ]
Sent: Tuesday, July 24, 2012 11:41 AM
To: ">
Subject: [chef] Knife-Windows and Domain Authentication

Chefs,

I’m having some issues with getting Chef to communicate with our Windows 2003 R2 servers. There appears to be an problem with domain auth when running `knife winrm` as noted in an open ticket: http://tickets.opscode.com/browse/KNIFE_WINDOWS-25

I’ve copied the output of the knife command below. Also, note that I CAN communicate via WinRM between 2 Windows systems without issue, so that “should” rule out improper config in WinRM.

$ knife winrm "domain.com" "dir c:/" -m -x 'domain\administrator' -P'****' -VV
DEBUG: Using configuration from /home/chef/.chef/knife.rb
DEBUG: Adding domain.com
DEBUG: :session => :init
DEBUG: :relay_to_servers => dir c:/
DEBUG: :relayed => domain.com
DEBUG: domain.com => :run_command
ERROR: Failed to authenticate to ["domain.com"] as domain\administrator
Response: Bad HTTP response returned from server (401).

Anybody experience this same issue and have a workaround? I wish I could stick solely to the Linux management, but unfortunately I need to manage the Windows side as well, thus having to endure much pain throughout the process.

Cheers,
Derek

[chef] Knife-Windows and Domain Authentication, Derek Schultz, 07/24/2012
- [chef] RE: Knife-Windows and Domain Authentication, Derek Schultz, 07/24/2012
  - [chef] Re: RE: Knife-Windows and Domain Authentication, Tim Green, 07/25/2012
    - [chef] Re: Re: RE: Knife-Windows and Domain Authentication, Paul Morton - BIA, 07/25/2012
      - [chef] Re: Re: Re: RE: Knife-Windows and Domain Authentication, Tim Green, 07/25/2012
        
        [chef] RE: Re: Re: Re: RE: Knife-Windows and Domain Authentication, Derek Schultz, 07/26/2012
        
        [chef] RE: RE: Re: Re: Re: RE: Knife-Windows and Domain Authentication, Derek Schultz, 07/26/2012
        
        [chef] Re: RE: RE: Re: Re: Re: RE: Knife-Windows and Domain Authentication, Tim Green, 07/26/2012