Hi one and all,
I’m new to AWX (1.0.2.356) and just trying to get my head around an issue I’m having using a playbook on a windows domain. I have AWX successfully returning pings to windows boxes (2012R2 and 2016 server) in question which is on a windows domain. So my kerberos would appear to be setup correctly within my container. Also have kinit retiring correctly etc, however I’m getting some issues trying to install certain chocolatey powershell packages that would appear to require elevated privileges.
The same credential I’m using in my ping test is a valid domain user that is a member of Domain Administrators.
If I manually try to install the power shell pack via command line as myself (domain admin) It requires elevated privileges, i.e. Right click on command shell “Run As Administrator” then from there package will successfully install no problems. I have tried (unsuccessfully) to elevate privileges of the playbook using RunAs to no avail.
For my user credentials in AWX I have the username set as ansible@DOMAN.LOCAL with the current password entered. This is working with the ping command to the remote windows host. Then for privilege escalation I have set method to RunAs, I have tried setting escalated username to 1) the same username with the same password, and b) also have tried the actual domain admin account both to no avail. Both these in the format of username@DOMAIN.LOCAL (in caps) I also have the box ticked in the playbook to escalate privileges.
So my question is how is privilege escalation normally handled under windows in AWX/ansible? Is there something I’m missing or not doing?
Regards,
Stephen