Windows authentication

[Anjana Raghavendra P]

Hi,

We are using CIS hardened AWS windows AMI in our production servers. What this means is the winrm basic authentication is disabled at client and service level. Now, I am unable to use the ansible to configure/deploy this server. Can anyone help me in this? 

I have searched through several sites but didn't come across anyone who is having the same issue. So, porting this question here.

Thanks,

Raghavendra.

[J Hawkesworth]

Hi,

Perhaps you can use User Data feature of AWS to achieve this.  Might be worth reading this if you have not seen it already: https://www.ansible.com/blog/easily-provision-windows

Jon

[Matt Davis]

Ansible 2.1 is scheduled to ship with NTLM authentication support (when paired with an updated version of pywnirm)- this *should* work on a CIS-hardened image correctly. There are coordinated changes we've been making to a number of upstream projects (pywinrm, requests_ntlm, requests_kerberos) that need to be in place for this support to "light up", but hopefully all will be released around the same time (unfortunately, mostly outside our control). 

I'm assuming you're using something like this? https://aws.amazon.com/marketplace/pp/B00UVT62LG/ref=sp_mpg_product_title/189-1125211-0773662?ie=UTF8&sr=0-8 - I'll try to test the NTLM support on that image to ensure that it works properly out of the box.

Keep an eye out for the release of Ansible 2.1 and on our Windows guide page at http://docs.ansible.com/ansible/intro_windows.html - we'll update the documentation there on how to use NTLM once all the required upstream project updates are publicly released. Should be a matter of weeks, but can't give a more concrete date than that right now.

-Matt Davis

Principal Software Engineer, Ansible Core (Windows)