I have a problem to use pywinrm on linux, to get a PowerShell Session. I read several posts and questions on sites about that. But any that can solve my question.
The error is in the Kerberos autentication. This is my krb5.conf:
0 [libdefaults]
1 default_realm = LABCORP.CAIXA.GOV.BR
2 ticket_lifetime = 24000
3 clock-skew = 300
4 dns_lookup_kdc = true
5
6 # [realms]
7 # LABCORP.CAIXA.GOV.BR = {
8 # kdc = DFLABSAIL003.LABCORP.CAIXA.GOV.BR
9 # kdc = dflabsail003.labcorp.caixa.gov.br
10 # admin_server = DFLABSAIL003.LABCORP.CAIXA.GOV.BR:464
11 # default_domain = LABCORP.CAIXA.GOV.BR
12 # }
13
14 [logging]
15
16 default = FILE:/var/log/krb5libs.log
17 kdc = FILE:/var/log/krb5kdc.log
18 admin_server = FILE:/var/log/kadmind.log
19
20 # [domain_realm]
21 # .labcorp.caixa.gov.br = LABCORP.CAIXA.GOV.BR
22 # server.com = LABCORP.CAIXA.GOV.BR
My /etc/resolv.conf is:
search labcorp.caixa.gov.br
nameserver 10.196.20.143
And my python code is:
import winrm
s = winrm.Session(
'dflabsail003.labcorp.caixa.gov.br',
'transport='kerberos',
auth=('my_active_directory_user', 'my_active_directory_password'),
server_cert_validation='ignore')
r = s.run_cmd('ipconfig', ['/all'])
And the server return this error:
winrm.exceptions.WinRMTransportError: ('http', 'Bad HTTP response returned from server. Code 500')
The port of the server is open. I see with nmap:
5985/tcp open wsman
I can ping and resolv the name of the server:
$ ping dflabsail003.labcorp.caixa.gov.br
PING dflabsail003.labcorp.caixa.gov.br (10.196.20.144) 56(84) bytes of data.
64 bytes from 10.196.20.144: icmp_seq=2 ttl=127 time=0.410 ms
64 bytes from 10.196.20.144: icmp_seq=2 ttl=127 time=0.410 ms
I can use kinit without problem to get the ticket:
$ kinit my_active_directory_user@LABCORP.CAIXA.GOV.BR
And, list the ticket:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: my_active_directory_user@LABCORP.CAIXA.GOV.BR
Valid starting Expires Service principal
05-09-2017 10:23:52 05-09-2017 17:03:50 krbtgt/LABCORP.CAIXA.GOV.BR@LABCORP.CAIXA.GOV.BR
What kind of problem is that?