python winrm使用本地帐户连接

Question

我正在尝试使用winrm通过CentOS上的python 2.7.13连接到Windows Server 2012。服务器不是域的一部分。我创建了一个单独的本地管理员帐户来连接它。

使用winrm configSDDL default为该用户提供所有访问权限。

将我的客户端计算机添加到可信主机。

PS C:\Windows\system32> Get-Item WSMan:\localhost\Client\TrustedHosts


   WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client

Type            Name                           SourceOfValue   Value
----            ----                           -------------   -----
System.String   TrustedHosts                                   172.27.150.95

在防火墙中添加了例外，并确保服务已启动。

PS C:\Windows\system32> netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
Ok.

PS C:\Windows\system32> Get-Service -ComputerName abc -Name winrm | Select Status

                                                                                                                                                         Status
                                                                                                                                                         ------
                                                                                                                                                        Running


PS C:\Windows\system32>

winrm的客户端设置：

PS C:\Windows\system32> winrm get winrm/config/client
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = true
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts = 172.27.150.95

Telnet正在运作：

xyz:~ # telnet 172.27.148.29 5985
Trying 172.27.148.29...
Connected to abc (172.27.148.29).
Escape character is '^]'.
^]
telnet> quit
Connection closed.
xyz:~ # 

但仍然：

>>> s = winrm.Session('abc', auth=('abc\script-runner', 'xxx'))                   
>>> r = s.run_cmd('ipconfig', ['/all'])
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/site-packages/winrm/__init__.py", line 37, in run_cmd
    shell_id = self.protocol.open_shell()
  File "/usr/local/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/local/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/usr/local/lib/python2.7/site-packages/winrm/transport.py", line 190, in send_message
    raise InvalidCredentialsError("the specified credentials were rejected by the server")
winrm.exceptions.InvalidCredentialsError: the specified credentials were rejected by the server
>>> 

此外，我启用了审核失败/成功登录，但我没有看到尝试连接失败或成功。

请告诉我缺少什么？我想通过本地用户连接。

感谢您的帮助。

Answer 1

1. 确保在目标Windows机器中网络连接类型为“私有”，如果是“公共”，则winrm将无法配置。

2. 打开命令提示符并输入：

   winrm qc winrm set winrm/config/service @{AllowUnencrypted="true"}

3. 打开Powershell并输入：

   enable-psremoting set-item WSMan:\localhost\Client\TrustedHosts * （'*'适用于所有主机，您可以指定所需的主机）

4. 在你的python脚本中：

   import winrm s = winrm.Session('yourWindowsHost', auth=('yourLocalAdmin', 'passwordInPlainText'), transport='ntlm') r = s.run_cmd('ipconfig', ['/all'])