WSMan和基本授权

时间:2012-06-22 09:35:50

标签: windows basic-authentication remote-access winrm wsman

我正在努力让WSMan使用Basic authorizaion。 我总是得到Access Denied错误。 Kerberos认证工作正常。

Windows远程管理服务在域A中的Windows Server 2008 R2上运行,并具有以下配置:

Config
    MaxEnvelopeSizekb = 800
    MaxTimeoutms = 600000
    MaxBatchItems = 20
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts = *
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;S-1-5-21-2516571543-3809851355-1508507046-1008)(A;;GA;;;BA)(A;;GAGXGWGR;;;S-1-5-21-3465154619-3242790773-2173928322-17804)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 200
        EnumerationTimeoutms = 600000
        MaxConnections = 15
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = true
        Auth
            Basic = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = true
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint = ee cd g2 5e 61 ad d0 07  07 b7 77 95 ec 38 16 02df 7f 64 51
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 180000
        MaxConcurrentUsers = 5
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 15
        MaxMemoryPerShellMB = 150
        MaxShellsPerUser = 5

我正在域B中的Windows 7工作站上执行Test-WSMan:

Test-WSMan -ComputerName https://server2008:5986 -Auth basic -Cred B\MY_USER_NAME

收到以下错误:

Test-WSMan : Access is denied.
At line:1 char:11
+ Test-WSMan -ComputerName https://server2008:5986 -Auth basic -Cred B\MY_USER_NAME
    + CategoryInfo          : InvalidOperation: (https://server2008:5986:5986:String) [Test-WSMan], InvalidOperationException
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand

请注意,以下命令可以正常工作:

Test-WSMan -ComputerName https://server2008:5986 -Auth kerberos

以下在Windows Server上记录apear:

Error   6/22/2012 12:21:27 PM   Windows Remote Management   168 User authentication

General: Sending HTTP 401 response to the client and disconnect the connection after sending the response
Details:
    Log Name:      Microsoft-Windows-WinRM/Operational
    Source:        Microsoft-Windows-WinRM
    Date:          6/22/2012 12:21:27 PM
    Event ID:      168
    Task Category: User authentication
    Level:         Error
    Keywords:      Security,Server
    User:          NETWORK SERVICE
    Computer:      server2008
    Description:
        Sending HTTP 401 response to the client and disconnect the connection after sending the response

有人可以帮我解决这个问题吗?这是配置问题还是我做错了什么?

感谢。

1 个答案:

答案 0 :(得分:8)

WinRM basic Auth不尊重域名。 基本上,您只能作为目标计算机的本地用户进行身份验证

相关问题
最新问题