我在linux上使用pywinrm时遇到问题,以获得PowerShell会话。 我在网站上阅读了几篇关于此的帖子和问题。但任何可以解决我的问题。
错误发生在Kerberos身份验证中。这是我的krb5.conf:
0 [libdefaults]
1 default_realm = LABCORP.CAIXA.GOV.BR
2 ticket_lifetime = 24000
3 clock-skew = 300
4 dns_lookup_kdc = true
5
6 # [realms]
7 # LABCORP.CAIXA.GOV.BR = {
8 # kdc = DFLABSAIL003.LABCORP.CAIXA.GOV.BR
9 # kdc = dflabsail003.labcorp.caixa.gov.br
10 # admin_server = DFLABSAIL003.LABCORP.CAIXA.GOV.BR:464
11 # default_domain = LABCORP.CAIXA.GOV.BR
12 # }
13
14 [logging]
15
16 default = FILE:/var/log/krb5libs.log
17 kdc = FILE:/var/log/krb5kdc.log
18 admin_server = FILE:/var/log/kadmind.log
19
20 # [domain_realm]
21 # .labcorp.caixa.gov.br = LABCORP.CAIXA.GOV.BR
22 # server.com = LABCORP.CAIXA.GOV.BR
我的/etc/resolv.conf是:
search labcorp.caixa.gov.br
nameserver 10.196.20.143
我的python代码是:
import winrm
s = winrm.Session(
'dflabsail003.labcorp.caixa.gov.br',
'transport='kerberos',
auth=('my_active_directory_user', 'my_active_directory_password'),
server_cert_validation='ignore')
r = s.run_cmd('ipconfig', ['/all'])
服务器返回此错误:
winrm.exceptions.WinRMTransportError: ('http', 'Bad HTTP response returned from server. Code 500')
服务器端口已打开。我看到nmap:
5985/tcp open wsman
我可以ping并重新解析服务器的名称:
$ ping dflabsail003.labcorp.caixa.gov.br
PING dflabsail003.labcorp.caixa.gov.br (10.196.20.144) 56(84) bytes of data.
64 bytes from 10.196.20.144: icmp_seq=2 ttl=127 time=0.410 ms
64 bytes from 10.196.20.144: icmp_seq=2 ttl=127 time=0.410 ms
我可以毫无问题地使用kinit获取票证:
$ kinit my_active_directory_user@LABCORP.CAIXA.GOV.BR
并列出门票:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: my_active_directory_user@LABCORP.CAIXA.GOV.BR
Valid starting Expires Service principal
05-09-2017 10:23:52 05-09-2017 17:03:50 krbtgt/LABCORP.CAIXA.GOV.BR@LABCORP.CAIXA.GOV.BR
那是什么问题?
答案 0 :(得分:1)
其他解决方案是在allow_weak_crypto文件中添加krb5.conf这一行:
[libdefaults]
***
allow_weak_crypto = true
***