LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page [SOLVED] Problem getting winexe to run commands from Ubuntu 14.04 to Win 2008
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-24-2015, 03:54 PM   #1
gkasica
Member
 
Registered: Jan 2011
Location: Jackson WI
Distribution: Fedora Core/Generic
Posts: 116

Rep: Reputation: 0
Problem getting winexe to run commands from Ubuntu 14.04 to Win 2008

We've got an Ubuntu 14.04.1 system here running winexe 1.0 installed with apt-get.

The following command works normally and produces the following output:

winexe -U DOMAIN\\<userid> //system.domain.tld "tasklist"
Password for [DOMAIN\userid]:

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 308 K
smss.exe 276 Services 0 1,256 K
csrss.exe 372 Services 0 6,356 K
wininit.exe 416 Services 0 4,704 K
csrss.exe 424 Console 1 6,992 K
winlogon.exe 476 Console 1 4,588 K
services.exe 520 Services 0 25,404 K

etc....

When we try the following command it fails:
winexe -d 2 -A /opt/jaeger/credentials.cfg //system.domain.tld "tasklist"
winexe version 1.00
This program may be freely redistributed under the terms of the GNU GPLv3
Mapped to DCERPC endpoint \pipe\svcctl
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
ERROR: Cannot connect to svcctl pipe. NT_STATUS_LOGON_FAILURE.
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm CNXPROD)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE

The file
/opt/jaeger/credentials.cfg
contains the same userid, password and domain as what is on the command line version and its permissions and ownership are as follows so I don't see that as an issue:
-rw-rw-r-- 1 ubuntu ubuntu 51 Feb 24 16:07 credentials.cfg


The other command we are trying and failing with is
winexe -d 10 -A /opt/jaeger/credentials.cfg //system.domain.tld "cmd /c dir \\systyem\jaeger_deployments\DPLY-1033"


adding hidden service IPC$
adding hidden service ADMIN$
failed to get principal from default ccache: No such file or directory: open(/tmp/krb5cc_0): No such file or directory
winexe version 1.00
This program may be freely redistributed under the terms of the GNU GPLv3
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'ntlmssp' registered
Using binding ncacn_np:vibcifpwa02.mgmt.cnxprod.com[,print]
Mapped to DCERPC endpoint \pipe\svcctl
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
Shutdown SMB signing
BSRSPYL SMB signing enabled
Shutdown SMB signing
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Cannot reach a KDC we require to contact cifs@system.domain.tld
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 86 B6 4E 2F 7C 1F E8 84 ..N/|...
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: Cannot connect to svcctl pipe. NT_STATUS_LOGON_FAILURE.
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
Shutdown SMB signing
BSRSPYL SMB signing enabled
Shutdown SMB signing
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Cannot reach a KDC we require to contact cifs@system.domain.tld
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 0E DB 9E E4 CA 8F 13 18 ........
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE

Can anyone assist with getting this working??
 
Old 02-26-2015, 08:12 AM   #2
sudowtf
Member
 
Registered: Nov 2013
Posts: 205

Rep: Reputation: 46
when i search for phrasing in

Quote:
Originally Posted by gkasica View Post
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm CNXPROD)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
results refer to a few things like DNS, Kerberos, samba.

i'd first assume it's a DNS issue.

second i'd check that my local /etc/hosts contains "IP fqdn hostname" (all three in that order).

and it only works if you are not NAT'ed/firewalled in some way.
 
Old 02-26-2015, 08:24 AM   #3
gkasica
Member
 
Registered: Jan 2011
Location: Jackson WI
Distribution: Fedora Core/Generic
Posts: 116

Original Poster
Rep: Reputation: 0
All those are done.

As I stated above it works from the command line with domain and ID and manually entering password as shown but trying with the configuration file option fails as shown.
 
Old 02-26-2015, 08:43 AM   #4
sudowtf
Member
 
Registered: Nov 2013
Posts: 205

Rep: Reputation: 46
according to the internets, credentials file should be:
Code:
domain=domainName
username=myUserName
password=myPassword
HOWEVER, it still asks for my password, then works as expected in my environment.

Code:
$ winexe --version
Version 4.0.0alpha11-GIT-UNKNOWN
 
Old 02-26-2015, 08:52 AM   #5
gkasica
Member
 
Registered: Jan 2011
Location: Jackson WI
Distribution: Fedora Core/Generic
Posts: 116

Original Poster
Rep: Reputation: 0
We are running the latest version installed by apt-get in Ubuntu here and the file is in that format. It doesn't ask for password at all as shown above. It just fails.
 
  


Reply

Tags
ubuntu 14.04.1, windows



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] WINEXE + is it possible to run winexe without set the domain name in winexe syntax? ubarih Linux - Server 0 07-06-2013 11:45 AM
WINEXE + run windows cmd commands from linux ubarih Linux - Server 1 07-06-2013 01:43 AM
bought RAM for Ubuntu 10.10 box - can I just pop it in or do I need to run commands? sneakyimp Linux - Newbie 8 02-21-2011 07:47 PM
[SOLVED] Sudo problem - Run all commands with password except these uncle-c Linux - Newbie 1 02-16-2010 11:02 AM
NTLDR missing during grub run when ubuntu 8.4 is in disk0 and win 2003 is in disk1 sksundaram Linux - Newbie 4 10-29-2008 11:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:42 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration