Problem getting winexe to run commands from Ubuntu 14.04 to Win 2008
We've got an Ubuntu 14.04.1 system here running winexe 1.0 installed with apt-get.
The following command works normally and produces the following output: winexe -U DOMAIN\\<userid> //system.domain.tld "tasklist" Password for [DOMAIN\userid]: Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ System Idle Process 0 Services 0 24 K System 4 Services 0 308 K smss.exe 276 Services 0 1,256 K csrss.exe 372 Services 0 6,356 K wininit.exe 416 Services 0 4,704 K csrss.exe 424 Console 1 6,992 K winlogon.exe 476 Console 1 4,588 K services.exe 520 Services 0 25,404 K etc.... When we try the following command it fails: winexe -d 2 -A /opt/jaeger/credentials.cfg //system.domain.tld "tasklist" winexe version 1.00 This program may be freely redistributed under the terms of the GNU GPLv3 Mapped to DCERPC endpoint \pipe\svcctl added interface ip=10.30.10.200 nmask=255.255.255.0 added interface ip=192.168.212.120 nmask=255.255.255.0 added interface ip=10.30.10.200 nmask=255.255.255.0 added interface ip=192.168.212.120 nmask=255.255.255.0 kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN) Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER ERROR: Cannot connect to svcctl pipe. NT_STATUS_LOGON_FAILURE. added interface ip=10.30.10.200 nmask=255.255.255.0 added interface ip=192.168.212.120 nmask=255.255.255.0 added interface ip=10.30.10.200 nmask=255.255.255.0 added interface ip=192.168.212.120 nmask=255.255.255.0 kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm CNXPROD) Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE The file /opt/jaeger/credentials.cfg contains the same userid, password and domain as what is on the command line version and its permissions and ownership are as follows so I don't see that as an issue: -rw-rw-r-- 1 ubuntu ubuntu 51 Feb 24 16:07 credentials.cfg The other command we are trying and failing with is winexe -d 10 -A /opt/jaeger/credentials.cfg //system.domain.tld "cmd /c dir \\systyem\jaeger_deployments\DPLY-1033" adding hidden service IPC$ adding hidden service ADMIN$ failed to get principal from default ccache: No such file or directory: open(/tmp/krb5cc_0): No such file or directory winexe version 1.00 This program may be freely redistributed under the terms of the GNU GPLv3 GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'ntlmssp' registered Using binding ncacn_np:vibcifpwa02.mgmt.cnxprod.com[,print] Mapped to DCERPC endpoint \pipe\svcctl added interface ip=10.30.10.200 nmask=255.255.255.0 added interface ip=192.168.212.120 nmask=255.255.255.0 added interface ip=10.30.10.200 nmask=255.255.255.0 added interface ip=192.168.212.120 nmask=255.255.255.0 Shutdown SMB signing BSRSPYL SMB signing enabled Shutdown SMB signing Starting GENSEC mechanism spnego Server claims it's principal name is not_defined_in_RFC4178@please_ignore Starting GENSEC submechanism gssapi_krb5 kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN) Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm Cannot reach a KDC we require to contact cifs@system.domain.tld Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP challenge set by NTLM2 challenge is: [0000] 86 B6 4E 2F 7C 1F E8 84 ..N/|... NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH ERROR: Cannot connect to svcctl pipe. NT_STATUS_LOGON_FAILURE. added interface ip=10.30.10.200 nmask=255.255.255.0 added interface ip=192.168.212.120 nmask=255.255.255.0 added interface ip=10.30.10.200 nmask=255.255.255.0 added interface ip=192.168.212.120 nmask=255.255.255.0 Shutdown SMB signing BSRSPYL SMB signing enabled Shutdown SMB signing Starting GENSEC mechanism spnego Server claims it's principal name is not_defined_in_RFC4178@please_ignore Starting GENSEC submechanism gssapi_krb5 kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN) Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm Cannot reach a KDC we require to contact cifs@system.domain.tld Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP challenge set by NTLM2 challenge is: [0000] 0E DB 9E E4 CA 8F 13 18 ........ NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE Can anyone assist with getting this working?? |
when i search for phrasing in
Quote:
i'd first assume it's a DNS issue. second i'd check that my local /etc/hosts contains "IP fqdn hostname" (all three in that order). and it only works if you are not NAT'ed/firewalled in some way. |
All those are done.
As I stated above it works from the command line with domain and ID and manually entering password as shown but trying with the configuration file option fails as shown. |
according to the internets, credentials file should be:
Code:
domain=domainName Code:
$ winexe --version |
We are running the latest version installed by apt-get in Ubuntu here and the file is in that format. It doesn't ask for password at all as shown above. It just fails.
|
All times are GMT -5. The time now is 01:07 AM. |