Use Non Admin user in CIFS (WinRM) Infrastructure

Follow

Ibrahim AbouElyazed -

Issue

You should have user with admin privileges in CIFS (WinRM) infrastructure configurations, but you may want to Use Non Admin user.

Environment

XLDeploy, Windows

Resolution

Below are steps in details in order to be able to use Non Admin User,

 1- From XLDeploy after configuring infrastructure do Test connection, you will find that first step failed which is Check whether XL Deploy can transfer files to TARGET with below error,

com.xebialabs.overthere.RuntimeIOException: Cannot determine existence of \\192.168.0.30\C$\windows\temp\ot-20161019T144430430: jcifs.smb.SmbAuthException: Access is denied.

This is because non admin users do not have access to administrative shares, in order to resolve, follow this link Using administrative shares with CIFS, this allow you to use Windows share mapping, you will need to share target folder for this user or you will get below error,

com.xebialabs.overthere.RuntimeIOException: Cannot determine existence of \\192.168.0.30\temp\ot-20161019T150342842: jcifs.smb.SmbException: The network name cannot be found.

besides make sure to set correct permissions for share or you will get error like below,

com.xebialabs.overthere.RuntimeIOException: Cannot generate a unique temporary file name on cifs:winrm_internal://ibrahim@192.168.0.30:445:5985

 2- After that test connection will pass first step but it will fail in next step which is Check whether XL Deploy can execute commands on TARGET with below error,

com.xebialabs.overthere.cifs.winrm.WinRmRuntimeIOException: Unexpected HTTP response on http://192.168.0.30:5985/wsman:   (401)

For more details about 401 error you can check this link winrm-command-fails-with-a-401-response-code, reason of this error is that user need admin privileges. 

 On target machine as admin user you will need to run this command winrm configSDDL default which will open a winrm permissions window, then you will need to add your user and change it's permissions to be full control "see attached screenshot", then you need to close this window so that changes will be applied in cmd winrm command, note that you can set permissions to be execute only not full control and this will allow user to execute winrm commands.

 After that Test connection will work fine without issues and all steps done, This check will pass using both connections WINRM_NATIVE "If the computer where you installed XL Deploy runs Windows" and WINRM_INTERNAL "If the computer where you installed XL Deploy does not run Windows"

 You can check connection manually using winrs command like below,

C:\Users\vagrant>winrs -r:192.168.0.30:5985 -u:ibrahim -p:IAI123 dir C:\Users\Ibrahim\Desktop\Temp
 Volume in drive C has no label.
 Volume Serial Number is 40DF-F195

 Directory of C:\Users\Ibrahim\Desktop\Temp

10/20/2016  09:01 AM    <DIR>          .
10/20/2016  09:01 AM    <DIR>          ..
               0 File(s)              0 bytes
               2 Dir(s)   2,974,162,944 bytes free

Before All that, Please make sure that winrm configurations are correct on target server by following this link Set up WinRM in XL Deploy and on a target host

Cause

In some cases and for security reasons you may want to use Non Admin user in your CIFS configurations instead of having user with full privileges.

Additional Information

Attached WinrmPerm.png which is a screenshot of winRM permissions window after running command winrm configSDDL default in order to add needed permissions for Non Admin User to be able to execute winRM commands.

Tags

XLDeploy, WinRM, CIFS

Have more questions? Submit a request
Powered by Zendesk