Ansible Windows Kerberos 身份验证错误的 HTTP 响应从服务器代码 500 返回
Ansible Windows Kerberos Authentification Bad HTTP response returned from server Code 500
在 windows 服务器上配置 winRM 并填写连接所需的所有信息后:
---
### winrm / win connection ###
ansible_winrm_realm: *My AD Domain*
ansible_connection: winrm
ansible_winrm_kerberos_delegation: yes
ansible_port: 5985
ansible_winrm_transport: kerberos
我得到了一个
fatal: [MyServer]: UNREACHABLE! => {"changed": false, "msg": "kerberos: ('http', 'Bad HTTP response returned from server. Code 500')", "unreachable": true}
我已经尝试了很多事情,包括更改我的配置和检查 WinRm 是否可以访问,一切都很好:
C:\Users\ME>winrs -r :http://myserver:5985/wsman -u:My_User -p:Password ipconfig
我的 WinRM 配置:
PS C:\Users\XXXX> winrm get winrm/config/Service
Service
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
PS C:\Users\XXXX> winrm get winrm/config/Winrs
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
由于我正在尝试使用 HTTP 而不是 HTTPS,解决方案是通过 运行 以下命令更改 WinRm 服务配置以允许加密连接:
Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
我 运行 遇到了这个异常,我的解决方案是安装 python-kerberos 包装器。
pip3 install pywinrm[kerberos]
最后通过升级pykerberos到1.2.1版本解决
pip3 install pykerberos --upgrade
作为解决方法,您可以使用 python2 到 运行 这个剧本:
/usr/bin/python2 /usr/bin/ansible-playbook WindowsTest.yml
主机节点上的以下命令解决了该问题。我们需要接受未加密的流量。
Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
在 windows 服务器上配置 winRM 并填写连接所需的所有信息后:
---
### winrm / win connection ###
ansible_winrm_realm: *My AD Domain*
ansible_connection: winrm
ansible_winrm_kerberos_delegation: yes
ansible_port: 5985
ansible_winrm_transport: kerberos
我得到了一个
fatal: [MyServer]: UNREACHABLE! => {"changed": false, "msg": "kerberos: ('http', 'Bad HTTP response returned from server. Code 500')", "unreachable": true}
我已经尝试了很多事情,包括更改我的配置和检查 WinRm 是否可以访问,一切都很好:
C:\Users\ME>winrs -r :http://myserver:5985/wsman -u:My_User -p:Password ipconfig
我的 WinRM 配置:
PS C:\Users\XXXX> winrm get winrm/config/Service
Service
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
PS C:\Users\XXXX> winrm get winrm/config/Winrs
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
由于我正在尝试使用 HTTP 而不是 HTTPS,解决方案是通过 运行 以下命令更改 WinRm 服务配置以允许加密连接:
Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true
我 运行 遇到了这个异常,我的解决方案是安装 python-kerberos 包装器。
pip3 install pywinrm[kerberos]
最后通过升级pykerberos到1.2.1版本解决
pip3 install pykerberos --upgrade
作为解决方法,您可以使用 python2 到 运行 这个剧本:
/usr/bin/python2 /usr/bin/ansible-playbook WindowsTest.yml
主机节点上的以下命令解决了该问题。我们需要接受未加密的流量。
Set-Item -Path WSMan:\localhost\Service\AllowUnencrypted -Value true