Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
tutorial:adm:configuration_-_winrm [2019/10/08 13:38]
fiserp [Commons issues]
tutorial:adm:configuration_-_winrm [2019/10/08 13:47]
fiserp [Common issues]
Line 119: Line 119:
  
  
-==== Commons issues ====+==== Common issues ====
 === Specified credentials were rejected by the server === === Specified credentials were rejected by the server ===
 Can be caused by: Can be caused by:
Line 161: Line 161:
   - Editing ''~/.local/lib/python2.7/site-packages/requests\_ntlm/requests\_ntlm.py'' and changing the import ''from requests.packages.urllib3.response import HTTPResponse'' to ''from requests.packages.urllib3 import HTTPResponse''.   - Editing ''~/.local/lib/python2.7/site-packages/requests\_ntlm/requests\_ntlm.py'' and changing the import ''from requests.packages.urllib3.response import HTTPResponse'' to ''from requests.packages.urllib3 import HTTPResponse''.
   - When running winrm script with NTLM, the warning should no longer pop up.   - When running winrm script with NTLM, the warning should no longer pop up.
 +
 +=== HTTPS certificate not trusted ===
 +Python, by default, uses its own certificate truststore located somewhere under ''/usr/lib/python2.7/...''. If it cannot find it, it uses system-wide truststore provided by ''ca-certificates''. However, you usually do not want to trust so many authorities. Also, your server usually have your certificates and that means you have to add your CA to the truststore. For debugging this (and WinRM at all) you can also use following script:
 +<code python>
 +import os
 +# there, you can explicitly set path to your CA chain
 +os.environ["REQUESTS_CA_BUNDLE"] = "/path/to/crt/chain.pem"
 +
 +from winrm.protocol import Protocol
 +
 +p = Protocol(
 +    endpoint='https://SERVER YOU WANT TO CONNECT TO:5986/wsman',
 +    transport='CHOOSE AUTHENTICATION METHOD: basic,credssp,ntlm,kerberos',
 +    username='USERNAME OR USERNAME@DOMAIN',
 +    password='USER PASSWORD')
 +#server_cert_validation='ignore'           # put this into the Protocol object constructor to disable certificate validation
 +shell_id = p.open_shell()
 +command_id = p.run_command(shell_id, 'ping', ['1.1.1.1'])
 +std_out, std_err, status_code = p.get_command_output(shell_id, command_id)
 +p.cleanup_command(shell_id, command_id)
 +p.close_shell(shell_id)
 +
 +# this will output all that returned from the WinRM call
 +print "stdout",std_out
 +print "stderr",std_err
 +print "retcode",status_code
 +</code>
 ===== HTTPS support ===== ===== HTTPS support =====
 The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client. The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client.
  • by erbenr