Hi All,
I’m trying to run chef-client on many nodes from my chef workstation via knife winrm command.
One of my recipes, needs to access a shared network drive.
When I invoke chef-client manually within every node, there is no problem and the run ended successfully.
However, when I invoke chef-client on a node from my chef workstation via knife winrm command, I get “Access is denied” error message.
Narrowing the problem a little bit more I figured out that:
-
knife winrm 143.185.0.1 -m -x ‘user’ -P ‘password’ ‘dir c:’ - works.
-
knife winrm 143.185.0.1 -m -x ‘user’ -P ‘password’ ‘dir \myserver\shares’ - doesn’t work.
143.185.0.1 Access is denied. -
winrs -r:143.185.0.1 -u:user -p:password dir \ccdsrv01\shares<file:///\ccdsrv01\shares> - doesn’t work.
143.185.0.1 Access is denied.
- winrs -r:143.185.0.1 -allowDelegate -u:user -p:password dir \ccdsrv01\shares<file:///\ccdsrv01\shares> - works!!!
The -allowDelegate flag allows winrm to delegate the credentials to multiple computers (multi hop).
(One also needs to enable CredSSP support)
Is there a way to tell knife winrm to delegate credentials over multi hops? After all, knife winrm encapsulates Microsoft winrm.
Is there another way to access network drive via knife winrm?
(I found an emails thread called “knife winrm browsing network shares” on chef mailing lists, but there was no solution there)
Thanks,
Raanan.
Intel Israel (74) Limited
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.