I’m trying to get a Red Hat server (RHEL7) to join a Windows Active Directory domain and I can’t seem to get the expect command to send a password.
The playbook asks for the username and password and should then put the username at the end of the adcl command
adcli join example.com -U administratorName
This returns a prompt of
Password for administratorName@EXAMPLE.COM:
The expect portion ‘should’ see this and send the password
I’ve added -v to the adcli command to try and check whats happening, but it didn’t really shed any light.
Neither did ansible-playbook -vvv filename.yml, but maybe I just can’t read it well.
The example below has example.com instead of my actual domain but otherwise is identical.
Does anyone have any suggestions on why the expect/send portion isn’t working?:
Try \n instead of \r. This is more a question about expect than ansible. You'll also have to worry about special chars in the password, as parsed by TCL. (Obviously you need the expect command available on the target system.)
A better approach might be to pass the password in args: stdin and use --stdin-password
On Monday, October 7, 2019 at 4:12:36 PM UTC-5, James Cassell wrote:On
Mon, Oct 7, 2019, at 4:19 PM, Troy Cosson wrote:
> > I'm trying to get a Red Hat server (RHEL7) to join a Windows Active
> > Directory domain and I can't seem to get the expect command to send a
> > password.
> >
> > The playbook asks for the username and password and should then put the
> > username at the end of the adcl command
> > adcli join example.com -U administratorName
> > This returns a prompt of
> > Password for administ...@EXAMPLE.COM:
> > The expect portion 'should' see this and send the password
> > The ansible example is here
> > https://docs.ansible.com/ansible/latest/modules/shell_module.html#shell-module (# You can use shell to run other executables to perform actions inline)
> >
> > I've added -v to the adcli command to try and check whats happening,
> > but it didn't really shed any light.
> > Neither did ansible-playbook -vvv filename.yml, but maybe I just can't
> > read it well.
> > The example below has example.com instead of my actual domain but
> > otherwise is identical.
> > Does anyone have any suggestions on why the expect/send portion isn't
> > working?:
> >
> > ---
> > - hosts: 127.0.0.1
> > vars_prompt:
> > - name: username
> > prompt: "What is your Active Directory administrator username?"
> > private: no
> > - name: password
> > prompt: "What is your administrator password?"
> > private: yes
> > tasks:
> > - name: join the domain
> > shell: |
> > set timeout 300
> > spawn /usr/sbin/adcli -v join example.com -U {{username}}
> > expect "Password for {{usern...@EXAMPLE.COM: "
> > send "{{password}}\r"
> > interact
> > exit 0
> > args:
> > executable: /usr/bin/expect
> > delegate_to: localhost
> >
> >
>
> Try \n instead of \r. This is more a question about expect than ansible. You'll also have to worry about special chars in the password, as parsed by TCL. (Obviously you need the expect command available on the target system.)
>
> A better approach might be to pass the password in args: stdin and use --stdin-password
>
I skimmed right over the --stdin-password from the man page.
That's way simpler.
- Thanks
---
- hosts: 127.0.0.1
vars_prompt:
- name: username
prompt: "What is your Active Directory administrator username?"
private: no
- name: password
prompt: "What is your administrator password?"
private: yes
better to avoid password being (briefly) accessible to all on the system, and to skip escaping worries:
command: adcli join --stdin-password example.com.com -U {{username}}
args:
stdin: "{{password}}"
stdin_add_newline: no