Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Auth using AD username?

See original GitHub issue

Is it possible to authenticate using an Active Directory (AD) username?

>>> import winrm
>>> s = winrm.Session('192.168.123.158', auth=('example.com\Administrator', 'V@grant'))
>>> s.run_cmd('echo test')
Traceback (most recent call last):
  File "<ipython-input-10-231983453a9e>", line 1, in <module>
    s.run_cmd('echo test')
  File "/home/jakob/pywinrm/winrm/__init__.py", line 29, in run_cmd
    shell_id = self.protocol.open_shell()
  File "/home/jakob/pywinrm/winrm/protocol.py", line 118, in open_shell
    rs = self.send_message(xmltodict.unparse(rq))
  File "/home/jakob/pywinrm/winrm/protocol.py", line 190, in send_message
    return self.transport.send_message(message)
  File "/home/jakob/pywinrm/winrm/transport.py", line 99, in send_message
    raise UnauthorizedError(transport='plaintext', message=ex.msg)
UnauthorizedError: 401 Unauthorized. basic auth failed

Using winexe works:

$  winexe -U 'example.com\Administrator'%V@grant //192.168.123.158 'cmd.exe /c echo test'
test

Using the local administrator also works:

>>> import winrm
>>> s = winrm.Session('192.168.123.158', auth=('Administrator', 'V@grant'))
>>> s.run_cmd('echo test')
<Response code 0, out "test
", err "">

kind regards, Jakob

Issue Analytics

State:
Created 9 years ago
Comments:10

Top GitHub Comments

2reactions

ikkarocommented, Jul 8, 2016

This is working on Windows 2012R2 with domain account.

import winrm
winrmHost='https://HOST:5986'
winrmUser='DOMAIN.local\USERNAME'
winrmPass='PASS'

print (winrmUser)
print (winrmPass)
#ps_script = """Get-Alias"""
s = winrm.Session(winrmHost, auth=(winrmUser, winrmPass),transport='ntlm',server_cert_validation='ignore')
r = s.run_cmd('ipconfig', ['/all'])
#r = s.run_ps(ps_script)`

print (r.status_code)
print (r.std_out)
#print (r)

Here is my winrm configuration

C:\Windows\system32>winrm get winrm/config/service
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true

0reactions

jborean93commented, Jun 24, 2019

Domain credentials require ntlm, kerberos, or credssp support. Basic auth only works for local accounts. This is simply specified by using transport='ntlm/kerberos/credssp' on the constructor.

Top Results From Across the Web

User authentication and user authorization process

AD authorization process is used to secure the AD resources from unauthorized access. After a user is authenticated using the AD authentication ......

Example of Only Authenticating User Accounts Using LDAP

The LDAP/AD Auth Resource Editor page allows you to define an Authentication Resource for use with an AD user store. An LDAP/AD Authentication...

Azure Active Directory authentication overview - Microsoft Entra

In Azure Active Directory (Azure AD), authentication involves more than just the verification of a username and password. To improve security ...

LDAP user authentication explained - Connect2id

LDAP user authentication is the process of validating a username and password combination with a directory server such MS Active Directory, ...

Active Directory Authentication - Oracle Help Center

To use standard connections, type the user name and password of a user that has privileges to search Active Directory in the User...