尝试使用kerberos winrm

时间:2017-02-10 19:56:29

标签: python-2.7 ansible kerberos

所以我在几个不同的变化下测试了这个。我有一个带有Windows 2008 R2服务器并安装了RHEL6和Python2.6的实验室。我能够使用ansible作为远程进入Windows服务器并执行ping的方法(我已经按照所有指示执行此操作)。 我得到的问题是无法用Rhel 7和python2.7做到这一点,但是我不确定python版本的区别是什么阻止了我。

我经常收到此hostname_override错误...

[alebede@linuxbox]$ klist -a
Ticket cache: FILE:/tmp/krb5cc_37575
Default principal: Admin_alebede@mydomain.bla

Valid starting       Expires              Service principal
02/10/2017 11:30:32  02/10/2017 21:30:32  krbtgt/mydmain.bla@mydomain.bla
    renew until 02/10/2017 21:30:32
    Addresses: (none)
[alebede@linuxbox]$ python
Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
    >>> import winrm
    >>> s = winrm.Session('WINDOWSBOX', auth=('admin_alebede@mydomain.bla',         'mypassword'), transport='kerberos')
    >>> r = s.run_cmd('ipconfig', ['/all'])
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
      File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 37, in run_cmd
    shell_id = self.protocol.open_shell()
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in send_message
    self.session = self.build_session()
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 140, in build_session
    sanitize_mutual_error_response=False)
TypeError: __init__() got an unexpected keyword argument 'hostname_override'

使用ansible看起来像这样,hostname_override错误:

mywinserver.mydomain.com> WINRM CONNECT: transport=ssl endpoint=https://mywinserver.mydomain.com:5986/wsman
    <mywinserver.mydomain.com> WINRM CONNECTION ERROR: the specified credentials were rejected by the server
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 154, in _winrm_connect
    self.shell_id = protocol.open_shell(codepage=65001)  # UTF-8
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 190, in send_message
    raise InvalidCredentialsError("the specified credentials were rejected by the server")
InvalidCredentialsError: the specified credentials were rejected by the server

mywinserver.mydomain.com | UNREACHABLE! => {
    "changed": false, 
    "msg": "kerberos: __init__() got an unexpected keyword argument 'hostname_override', ssl: the specified credentials were rejected by the server", 
    "unreachable": true
}

让我知道我还能尝试什么,同样在Windows 2008R2服务器上我可以看到linux框正在尝试连接安全事件日志。不知道还有什么事情发生。同样,这适用于2个不同的Windows 2008R2服务器上的RHEL6。

1 个答案:

答案 0 :(得分:0)

可能你在winrm和requests-kerberos之间的版本不匹配。当我通过pip安装winrm并通过apt安装请求-kerberos时,我遇到了同样的问题。

验证您是否正在为所有安装使用单个软件包管理器。