Rundeck Node Authentication with domain account

I have installed Rundeck 4.8.0 on Redhat 9.
I have a Windows 2022 Server node.
I have a local account on the node called rundeck and it’s in the Administrators group.
In Rundeck key storage, I made a password key, with the password for the local rundeck account.
In my project I have a yaml file pointing to the node with the rundeck username.
That works, I can run jobs that call powershell scripts on the node.

However, I want to use a domain account (ACME\dom-rundeck),. The domain is acme.corp, netbios name ACME. Also in the Administrators group on the node.
I edited my yaml file with
username: dom-rundeck@acme.corp

and pointed to the right password key store.

the job fails with:
[ERROR ] Execution finished with the following error (winrm-exec.py:323)[root]
[ERROR ] the specified credentials were rejected by the server (winrm-exec.py:324)[root]
Failed: NonZeroResultCode: [WinRMPython] Result code: 1

In my /etc/rundeck/profile file, I added the lines -

       -Djava.security.krb5.realm=acme.corp \
       -Djava.security.krb5.kdc=dc01.acme.corp \ 

that didn’t help.

Any ideas on how to get the domain account to work

Hi Roger,

Your question appears to have been addressed here.

Regards!

Reiner, ya thanks. That post you linked to at Stackoverflow was posted by me. I got my answer there and I havent had time to post the answer here.

What I ended up doing was adding an SPN in the domain for the domain account.

setspn -A WSMAN/RundeckNode:5985 DOMAIN\user

Aslo … I was using kerberos authentication.
I had to change to CredSSP to allow a double hop of the authentication credentials.

1 Like