Skip to content
This repository has been archived by the owner on Mar 2, 2020. It is now read-only.
/ vagrant-winrm-s Public archive

An extension of the built-in winrm communicator for negotiate authentication.

License

View license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cimpress-MCP/vagrant-winrm-s

BranchesTags

Repository files navigation

Vagrant-WinRM-S

Note: This plugin is only compatible with vagrant >= 1.7.4. Future versions of Vagrant will provide this functionality natively.

A Vagrant communicator that uses the winrm-s gem to communicate over winrm. Notably, allows for SSPI authentication of domain accounts when using a Windows host.

Installation

$ vagrant plugin install vagrant-winrm-s

Or, to install and test a locally-developed version:

$ rake install

Use

Vargrant-WinRM-S uses the :winrm communicator built in to vagrant as its base, so existing Vagrantfiles should continue to work with this plugin.

The extra configuration value that gets exposed is config.winrm.transport. The default transport is :plaintext. This is for basic authentication of local accounts over HTTP. The plugin exposes the :sspinegotiate transport from the winrm-s gem in order to do Negotiate authentication of domain accounts (still only over HTTP).

An example Vagrant communicator block for :sspinegotiate would look something like:

config.vm.provision "shell", inline: "echo Hello, World!"
config.vm.communicator = :winrm
config.winrm.username = "domain\\auser"
config.winrm.password = "It5@p455w0rd!"
config.winrm.transport = :sspinegotiate

What about the SSL transport?

The :ssl transport is available and can be used to authenticate local accounts. Vagrant supports SSL with/without self-signed certs out of the box as of 1.7.3. vagrant-winrm-s is no longer necessary to use this transport.

Just ensure you set config.winrm.ssl_peer_verification to false for self-signed certs.

Setting up your server

For authentication of local accounts over HTTP, the winrm quickconfig command should suffice. This will enable the HTTP listener for basic authentication.

In order to connect via the :plaintext transport, you should ensure that winrm/config/service/auth/Basic and winrm/config/service/AllowUnencrypted are enabled.

winrm set winrm/config/service/auth @{Basic="true"}
winrm set winrm/config/service @{AllowUnencrypted="true"}

For the :sspinegotiate transport, ensure winrm/config/service/auth/Negotiate is true and winrm/config/service/AllowUnencrypted is false.

winrm set winrm/config/service/auth @{Negotiate="true"}
winrm set winrm/config/service @{AllowUnencrypted="false"}

See also:

Contributing

  1. Fork it ( https://github.com/Cimpress-MCP/vagrant-winrm-s/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

About

An extension of the built-in winrm communicator for negotiate authentication.

Resources

Readme

License

View license
Activity
Custom properties

Stars

5 stars

Watchers

11 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages