-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instructions to use Kerberos ? #21
Comments
Note: I am using Ubuntu Step1: Generate kerberose tickit using cmd line. Step 2: pywinrm code Create a Shellshell_id = win_connect.open_shell() Run a command on shellcommand_id = win_connect.run_command(shell_id, cmd) Get the output of commandoutput,error_value,exit_status = win_connect.get_command_output(shell_id, command_id) win_connect.cleanup_command(shell_id, command_id) win_connect.close_shell(shell_id) |
Hi. I have a krb ticket and it works. I use it for smb:// access to domain controller (windows 2k8 r2) Thanks! |
OK, my bad. I have solved the problem by adding http:// in front of endpoint. Any idea? |
Try to put the IP and Hostname of your Windows Host entry in /etc/hosts file and then try. |
Thanks Vipul, import sys
from winrm.protocol import Protocol
HYPERV_SERVER = 'http://ad.lab.local:5985/wsman'
class RM():
def __init__(self):
self.win_connect = Protocol(endpoint=HYPERV_SERVER, transport='kerberos')
def test(self):
shell_id = self.win_connect.open_shell()
cmd = "ver"
command_id = self.win_connect.run_command(shell_id, cmd)
output,error_value,exit_status = self.win_connect.get_command_output(shell_id, command_id)
self.win_connect.cleanup_command(shell_id, command_id)
self.win_connect.close_shell(shell_id)
def main():
rm = RM()
rm.test()
if __name__ == '__main__':
main()
sys.exit() Thanks! |
Update: Now I get: |
Hmmm ... code looks good, but don't know why its not working. Thanks On Tue, Oct 14, 2014 at 11:01 PM, Dejan Levaja notifications@github.com
Thanks Vipul Borikar |
Solved with: winrm configSDDL default |
I have the same problem, I think. On which host did you run "winrm configSDDL default", the AD/DC or on the remote host? And then, what settings did you change when the "Permissions for Default" dialog popped-up? |
@dgoade I ran the command at target (remote) host, unfortunately, I do not remember what permissions I have chosen. I guess read & execute, but I am not sure. |
My problem turned-out to be a SID conflict. It was apparent after observing on the remote host (not the AD/DC) that the domain admins group was not included in the local admins group, which is something that should be done automatically by Windows after adding a computer to the domain --- and SHOULD be reported as an error by Windows if it fails but wasn't. Anyway, the fix was to run sysprep on the remote host and re-add it to the domain. Then domain auth started working. |
Had the same problem doing a local logon and got the 401 authorized error. The fix was as above to set AllowUnencrypted to true but you need to also add single quotes around or the command is invalid: |
Hi, I'm also struggling with 401 authentication error. I've got Windows Server 2012 R2 and Ubuntu 14.04 machine. I'm trying to authenticate as
and the output:
I've already:
Now I'm running out of ideas. Any help would be much appreciated! |
Do you have a Kerberos ticket for the target server? If you don't, that could be the reason why you are getting the 401. What happens when you use host name instead of IP? |
Thank you vipulob, After I add IP and hostname into hosts file, ansible works! |
Initial issue was solved, if you still have problems please open a new issue. |
Can anybody provide an example on how to get kerberos working for pywinrm ? I am trying to use this with Ansible 1.7 to manage windows server remotely and have spent half day on this topic online but could not find anything.
The text was updated successfully, but these errors were encountered: