I am trying to run a community.windows.win_domain_user on ansible. My current playbook I am running is as followed.
---
- name: connect to windows server
hosts: win
connection: ssh
gather_facts: no
vars:
ansible_connection: ssh
ansible_shell_type: cmd
tasks:
- name: Ensure user bob is present with address information
community.windows.win_domain_user:
name: Bob.c
firstname: Bob
lastname: Carrender
groups:
- Users
domain_username: testing.com\bob.c
domain_password: SomePas2w0rd
domain_server: testing.com
The CSV file containing the updated AD server information is located on the Ubuntu machine.
The host files on the Windows servers in the mesh need to be updated with the information from the CSV.
The Ubuntu machine has access to all of the Windows servers in the mesh via SSH.
The SSH connection between the Ubuntu machine and the Windows servers is authenticated using password fingerprints.
The Ubuntu machine is able to run other Windows playbooks successfully.
The Local Network Policy on the Windows servers has been updated to allow various encryption sessions to be enabled.
the output
I am trying to automate the process of updating the Active Directory (AD) servers on the host files of multiple servers within my mesh. I have a CSV file that contains the updated AD server information, and I want to use this information to update the host files on all of the servers in my mesh.
The module being used is only capable of verifying existing username information and does not have the ability to create new accounts.
Related
I have a VirtualBox Desktop Ubuntu machine with AWX running. I then spun up a separate server Ubuntu machine in VirtualBox. To act as one of my hosts. I took the IP address of the server Ubuntu machine and inputted it as a host in AWX.
After running a playbook I get the error "unreachable."
I did create a credential according to this: https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#machine. And received the same error.
I am looking use AWX to run playbooks on several on-prem Linux boxes/hosts. I am unsure how to configure AWS correctly credentials.
Is it possible to connect several users via openSSH to the same VM so that everyone can access VB Code on the same VM machine and run scripts? thrue the local VB Code
If so, how do I do this?
In one domain, we have NTFS file share (Windows Server 2014+ machine) and Ubuntu 16.04 machine.
I have added Ubuntu machine to this domain using Samba. Now I can see Active Directory groups and users and login to Ubuntu machine with domain users.
The task is to get information about NTFS file share permissions to Ubuntu machine programmatically.
Python solutions are preferred, but any advice will be appreciated.
I have a OpenLDAP server (v2.4) running on CentOS 6.4. It works great! I'm using this OpenLdap server as authenticate backend for several service like Gitlab, Redmine, etc.
Now I want to setup another Samba standalone server and use the OpenLDAP server as auth backend for existed users in OpenLDAP. I tried with samba v3.6.9 but after configure auth backend as ldapsam in smb.conf I can't login using LDAP account.
When I run
smbclient -L localhost -U%
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.9-151.el6_4.1]
Sharename Type Comment
--------- ---- -------
allusers Disk All Users
IPC$ IPC IPC Service (Samba Server Version 3.6.9-151.el6_4.1)
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.9-151.el6_4.1]
Server Comment
--------- -------
VAGRANT-CENTOS64 Samba Server Version 3.6.9-151.el6_4.1
Workgroup Master
--------- -------
WORKGROUP MY_MACHINE
But when I login with my test acc
smbclient -L localhost -U test
Enter test's password:
session setup failed: NT_STATUS_LOGON_FAILURE
Here is my /etc/samba/smb.conf (print out from testparm)
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
passdb backend = ldapsam:ldap://192.168.1.201/
log file = /var/log/samba/log.%m
max log size = 50
ldap admin dn = cn=Manager,dc=mycompany,dc=com
ldap passwd sync = yes
ldap suffix = dc=mycompany,dc=com
ldap ssl = no
ldap debug level = 1
idmap config * : backend = tdb
cups options = raw
In the Samba server. I use sssd to authenticate with OpenLDAP. From this Samba machine I can query user by ldapsearch command. I can get the user info by id LDAP_USER and ssh to this machine by any LDAP_USER/password. Here is my /etc/sssd/sssd.conf
[domain/mycompany.com]
ldap_id_use_start_tls = False
cache_credentials = True
ldap_search_base = dc=mycompany,dc=com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://192.168.1.201:636
ldap_tls_cacertdir = /etc/openldap/certs
ldap_tls_reqcert = never
[sssd]
services = nss, pam
config_file_version = 2
domains = mycompany.com
On OpenLDAP server, I use LDAP Account Manager to manage user/group. I import samba schema and check everything ok in LAM. I also enable samba3 extension for some users in LDAP to test. I also open ports 137, 138, 139, 445 (tcp) in Samba server.
So what should I do next?
I just want to reuse the user from OpenLDAP server. I don't want to create any user from samba. Please give me suggestions about this case.
Thank you!
You need to make sure samba knows the password of the admin DN to bind to LDAP server. This is done with
smbpasswd -w <secret>
before starting Samba.
Now, if that is done, do you have NTLM passwords created for your users? Samba checks sambaNTPassword and sambaLMPassword attributes when performing authentication for the user. For changing these attributes at the time user changes own password through LDAP, you need to use smbk5pwd OpenLDAP overlay and set ldap passwd sync = only in smb.conf instead of ldap passwd sync = yes as you did.
I don't know if you solved the problem. In any case if you install a samba 4 standalone server using a ldap remote server you have to establish the same SID that domain server (it's not necessary to join it to the domain). Obviously, the command net setlocalid <sid domain> won't work on a local machine. You have to modify the value in the LDAP tree, searching the name of the netbios machine... I recommend you use a LDAP browser for this purpose...
Good Luck
I have just installed and configured AppFabric cache cluster with one Host (the local machine). I use SQL as the Provider.
When I launch the Caching Administration Windows PowerShell using Administrator privileges,
I got the following error,
Use-CacheCluster : ErrorCode<ERRCAdmin040>:SubStatus<ES0001>:Failed to connect
to hosts in the cluster
At line:1 char:62
+ Import-Module DistributedCacheAdministration;Use-CacheCluster <<<<
+ CategoryInfo : NotSpecified: (:) [Use-CacheCluster], DataCacheE
xception
+ FullyQualifiedErrorId : Microsoft.ApplicationServer.Caching.DataCacheExc
eption,Microsoft.ApplicationServer.Caching.Commands.UseCacheClusterCommand
When I opened the DCacheAdministration.log it shows as below,
Host XXX is Reachable.,DistributedCache.CacheAdmin,Verbose,2013-5-2 13:54:06.042
Failed to read remote registry key from host XXX: Microsoft.ApplicationServer.Caching.DataCacheException: ErrorCode<ERRCAdmin026>:SubStatus<ES0001>:Remote registry access failed on host XXX. Check if the required permissions are available and the host is not down. ---> System.ComponentModel.Win32Exception: The network path was not found at Microsoft.ApplicationServer.Caching.AdminApi.RemoteRegistry64.OpenRemoteConnection(String hostName) at Microsoft.ApplicationServer.Caching.AdminApi.RemoteRegistry64.OpenConnection(String hostName, String registryPath)at Microsoft.ApplicationServer.Caching.AdminApi.CacheAdmin.GetRemoteRegistryKey(String hostName, Boolean writable)
--- End of inner exception stack trace ---
at Microsoft.ApplicationServer.Caching.AdminApi.CacheAdmin.GetRemoteRegistryKey(String hostName, Boolean writable)
at Microsoft.ApplicationServer.Caching.AdminApi.CacheAdmin.GetServerVersion(String hostName),DistributedCache.CacheAdmin,Error,2013-5-2 13:54:08.053
Remote registry Service has been started. Which accounts needs read permission in regedit.exe? I have provided rights for LOCAL SERVICE (as Remote registry service use this as Logon) and for NETWORK SERVICE (Which i have used as Caching Service Account). Do i have to give any other permissions to make Registry key accessible??
Or what are the other things I need to check?
Please Help
I fixed the same issue by enabling the Remote Registry Services and running it. I think AppFabric tries to connect to the remote server (which is local machine) using domain name to manipulate registry.
What exactly do you see in the HOSTNAME reported in the error message "Failed to read remote registry key from host XXX". Is XXX the machine name of the local machine or FQDN of the machine or is it pointing to a totally different machine ???
If it is pointing to the local machine name or the FQDN of the local machine, then try putting an entry in the HOSTS file for the hostname pointing to 127.0.0.1 and see if that helps. If that doesn't then try restarting Remote Registry service and then run Restart-CacheCluster from the same PowerShell Caching Administration window and see if that helps.
It is FQDN. I tried editing the host file also and alos restarted the service and cachecluster, but resulted in the same issue.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 <My FQDN>