Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
devel:documentation:adm:systems:winrm_ad_connector [2022/10/12 08:24]
fiserp 		devel:documentation:adm:systems:winrm_ad_connector [2023/11/07 15:00]
urbanl [Installation]
Line 51: Line 51:
 It's better to run it in connector server instead of directly adding dependency to your application(IdM). The reason for this is simple - better security. You can choose user with some limited permissions which will be used as the owner of connector server and then give him access to run only the scripts which you want. It's better to run it in connector server instead of directly adding dependency to your application(IdM). The reason for this is simple - better security. You can choose user with some limited permissions which will be used as the owner of connector server and then give him access to run only the scripts which you want.
  
-It supports basic, ntlm, kerberos and credssp authentication schema for WinRM. To use Kerberos, you need to have properly-configured `/etc/krb5.confin your system.+It supports basic, ntlm, kerberos and credssp authentication schema for WinRM. To use Kerberos, you need to have properly-configured ''/etc/krb5.conf'' in your system.
  
 It supports HTTP and HTTPS communication. HTTPS communication can be a little bit tricky to configure. You need the right certificate which is used in WinRM listener on Win server. Store the crt to the on the machine where this connector is running and for: **WinRM < 1.0.5**  Edit <nowiki>winrm_wrapper.py</nowiki> to change the path to .pem certificate which is needed for HTTPS connection. It supports HTTP and HTTPS communication. HTTPS communication can be a little bit tricky to configure. You need the right certificate which is used in WinRM listener on Win server. Store the crt to the on the machine where this connector is running and for: **WinRM < 1.0.5**  Edit <nowiki>winrm_wrapper.py</nowiki> to change the path to .pem certificate which is needed for HTTPS connection.
Line 65: Line 65:
  
 **WinRM >= 1.0.5**  there is configuration field called <nowiki>"WinRM___CA trust path"</nowiki> - Path to certificate which will be used in HTTPS communication. E.g /path/to/file/crt.pem Be sure you are using up to date <nowiki>winrm_wrapper.py</nowiki> otherwise this new config property don't work and you will be forced to use previous solution. **WinRM >= 1.0.5**  there is configuration field called <nowiki>"WinRM___CA trust path"</nowiki> - Path to certificate which will be used in HTTPS communication. E.g /path/to/file/crt.pem Be sure you are using up to date <nowiki>winrm_wrapper.py</nowiki> otherwise this new config property don't work and you will be forced to use previous solution.
 +
  
 ===== Schema generation ===== ===== Schema generation =====
Line 164: Line 165:
 For using WinRM part of this connector you need to install a few things which is needed, otherwise you can skip these steps. For using WinRM part of this connector you need to install a few things which is needed, otherwise you can skip these steps.
  
-  * Install python, tested versions are <del>2.7 </del>  (this version is no longer supported by python so use 3.X), 3.6 and 3.9+  * Install python, tested versions are 3.6 and 3.9
   * Install pip for managing Python packages - for linux use package managers based on you distribution and install package python-pip. If you are using windows pip will be installed together with python if you use official installator.   * Install pip for managing Python packages - for linux use package managers based on you distribution and install package python-pip. If you are using windows pip will be installed together with python if you use official installator.
   * Install pywinrm and dependencies. You can follow official guide [[https://github.com/diyan/pywinrm|https://github.com/diyan/pywinrm]] Just don't forget to install additional packages if you want use Kerberos or CredSSP authentication. If you are using windows you need to execute only the commands for pip, you don't need to install other system dependencies.   * Install pywinrm and dependencies. You can follow official guide [[https://github.com/diyan/pywinrm|https://github.com/diyan/pywinrm]] Just don't forget to install additional packages if you want use Kerberos or CredSSP authentication. If you are using windows you need to execute only the commands for pip, you don't need to install other system dependencies.
  • by kotynekv