2017-09-05 308 views
0

我有一個問題,在Linux上使用pywinrm來獲取PowerShell會話。 我在網站上閱讀了幾篇文章和問題。但任何可以解決我的問題。服務器返回錯誤的HTTP響應。代碼500

錯誤出現在Kerberos身份驗證中。這是我的krb5.conf:

0 [libdefaults] 
1   default_realm = LABCORP.CAIXA.GOV.BR                               
2   ticket_lifetime = 24000                                  
3   clock-skew = 300                                    
4   dns_lookup_kdc = true                                   
5                                          
6 # [realms]                                        
7 #   LABCORP.CAIXA.GOV.BR = {                                  
8 #     kdc = DFLABSAIL003.LABCORP.CAIXA.GOV.BR                            
9 #     kdc = dflabsail003.labcorp.caixa.gov.br                            
10 #     admin_server = DFLABSAIL003.LABCORP.CAIXA.GOV.BR:464                       
11 #     default_domain = LABCORP.CAIXA.GOV.BR                          
12 #   }                                       
13 
14 [logging]                                        
15                                          
16  default = FILE:/var/log/krb5libs.log                                 
17  kdc = FILE:/var/log/krb5kdc.log                                  
18  admin_server = FILE:/var/log/kadmind.log                                
19                                          
20 # [domain_realm]                                      
21 #   .labcorp.caixa.gov.br = LABCORP.CAIXA.GOV.BR 
22 #   server.com = LABCORP.CAIXA.GOV.BR 

我的/etc/resolv.conf是:

search labcorp.caixa.gov.br 
nameserver 10.196.20.143 

而且我的Python代碼:

import winrm 

s = winrm.Session(
    'dflabsail003.labcorp.caixa.gov.br', 
    'transport='kerberos', 
    auth=('my_active_directory_user', 'my_active_directory_password'), 
    server_cert_validation='ignore') 

r = s.run_cmd('ipconfig', ['/all']) 

而且服務器返回此錯誤:

winrm.exceptions.WinRMTransportError: ('http', 'Bad HTTP response returned from server. Code 500') 

服務器的端口已打開。我看到NMAP:

5985/tcp open wsman 

我可以ping和RESOLV服務器的名稱:

$ ping dflabsail003.labcorp.caixa.gov.br 

PING dflabsail003.labcorp.caixa.gov.br (10.196.20.144) 56(84) bytes of data. 
64 bytes from 10.196.20.144: icmp_seq=2 ttl=127 time=0.410 ms 
64 bytes from 10.196.20.144: icmp_seq=2 ttl=127 time=0.410 ms 

我可以使用的kinit沒有問題買票:

$ kinit [email protected] 

而且,列出門票:

$ klist 

Ticket cache: FILE:/tmp/krb5cc_1000 
Default principal: [email protected] 

Valid starting  Expires    Service principal 
05-09-2017 10:23:52 05-09-2017 17:03:50 krbtgt/[email protected] 

什麼那種問題是什麼?

回答

1

其他解決方案是用allow_weak_cryptokrb5.conf文件中加入這一行:

[libdefaults] 
    *** 
    allow_weak_crypto = true 
    *** 
相關問題