I have a problem to use pywinrm on linux, to get a PowerShell Session. I read several posts and questions on sites about that. But any that can solve my question.
The error is in the Kerberos autentication. This is my krb5.conf:
0 [libdefaults]
1 default_realm = DOMAIN.COM.BR
2 ticket_lifetime = 24000
3 clock-skew = 300
4 dns_lookup_kdc = true
5
6 # [realms]
7 # LABCORP.CAIXA.GOV.BR = {
8 # kdc = DOMAIN.COM.BR
9 # kdc = DOMAIN.COM.BR
10 # admin_server = DOMAIN.COM.BR
11 # default_domain = DOMAIN.COM.BR
12 # }
13
14 [logging]
15
16 default = FILE:/var/log/krb5libs.log
17 kdc = FILE:/var/log/krb5kdc.log
18 admin_server = FILE:/var/log/kadmind.log
19
20 # [domain_realm]
21 # .DOMAIN.COM.BR = DOMAIN.COM.BR
22 # server.com = DOMAIN.COM.BR
My /etc/resolv.conf is:
search DOMAIN.COM.BR
nameserver IP
And my python code is:
import winrm
s = winrm.Session(
'DOMAIN.COM.BR ',
'transport='kerberos',
auth=('my_active_directory_user', 'my_active_directory_password'),
server_cert_validation='ignore')
r = s.run_cmd('ipconfig', ['/all'])
And the server return this error:
winrm.exceptions.WinRMTransportError: ('http', 'Bad HTTP response returned from server. Code 500')
The port of the server is open. I see with nmap:
5985/tcp open wsman
I can ping and resolv the name of the server:
$ ping DOMAIN.COM.BR
PING DOMAIN.COM.BR (IP) 56(84) bytes of data.
64 bytes from IP: icmp_seq=2 ttl=127 time=0.410 ms
64 bytes from IP: icmp_seq=2 ttl=127 time=0.410 ms
I can use kinit without problem to get the ticket:
$ kinit [email protected]
And, list the ticket:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]
Valid starting Expires Service principal
05-09-2017 10:23:52 05-09-2017 17:03:50 krbtgt/DOMAIN.COM.BR @DOMAIN.COM.BR
What kind of problem is that?
Other solution is to add this line with
allow_weak_cryptoin yourkrb5.conffile: