LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Problem getting winexe to run commands from Ubuntu 14.04 to Win 2008 (https://www.linuxquestions.org/questions/linux-software-2/problem-getting-winexe-to-run-commands-from-ubuntu-14-04-to-win-2008-a-4175534990/)

gkasica 02-24-2015 03:54 PM
Problem getting winexe to run commands from Ubuntu 14.04 to Win 2008
 
We've got an Ubuntu 14.04.1 system here running winexe 1.0 installed with apt-get.

The following command works normally and produces the following output:

winexe -U DOMAIN\\<userid> //system.domain.tld "tasklist"
Password for [DOMAIN\userid]:

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 308 K
smss.exe 276 Services 0 1,256 K
csrss.exe 372 Services 0 6,356 K
wininit.exe 416 Services 0 4,704 K
csrss.exe 424 Console 1 6,992 K
winlogon.exe 476 Console 1 4,588 K
services.exe 520 Services 0 25,404 K

etc....

When we try the following command it fails:
winexe -d 2 -A /opt/jaeger/credentials.cfg //system.domain.tld "tasklist"
winexe version 1.00
This program may be freely redistributed under the terms of the GNU GPLv3
Mapped to DCERPC endpoint \pipe\svcctl
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
ERROR: Cannot connect to svcctl pipe. NT_STATUS_LOGON_FAILURE.
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm CNXPROD)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE

The file
/opt/jaeger/credentials.cfg
contains the same userid, password and domain as what is on the command line version and its permissions and ownership are as follows so I don't see that as an issue:
-rw-rw-r-- 1 ubuntu ubuntu 51 Feb 24 16:07 credentials.cfg


The other command we are trying and failing with is
winexe -d 10 -A /opt/jaeger/credentials.cfg //system.domain.tld "cmd /c dir \\systyem\jaeger_deployments\DPLY-1033"


adding hidden service IPC$
adding hidden service ADMIN$
failed to get principal from default ccache: No such file or directory: open(/tmp/krb5cc_0): No such file or directory
winexe version 1.00
This program may be freely redistributed under the terms of the GNU GPLv3
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'ntlmssp' registered
Using binding ncacn_np:vibcifpwa02.mgmt.cnxprod.com[,print]
Mapped to DCERPC endpoint \pipe\svcctl
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
Shutdown SMB signing
BSRSPYL SMB signing enabled
Shutdown SMB signing
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Cannot reach a KDC we require to contact cifs@system.domain.tld
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 86 B6 4E 2F 7C 1F E8 84 ..N/|...
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: Cannot connect to svcctl pipe. NT_STATUS_LOGON_FAILURE.
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
Shutdown SMB signing
BSRSPYL SMB signing enabled
Shutdown SMB signing
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Cannot reach a KDC we require to contact cifs@system.domain.tld
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 0E DB 9E E4 CA 8F 13 18 ........
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE

Can anyone assist with getting this working??

sudowtf 02-26-2015 08:12 AM
when i search for phrasing in

Quote:
Originally Posted by gkasica (Post 5322788)
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm CNXPROD)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
results refer to a few things like DNS, Kerberos, samba.

i'd first assume it's a DNS issue.

second i'd check that my local /etc/hosts contains "IP fqdn hostname" (all three in that order).

and it only works if you are not NAT'ed/firewalled in some way.

gkasica 02-26-2015 08:24 AM
All those are done.

As I stated above it works from the command line with domain and ID and manually entering password as shown but trying with the configuration file option fails as shown.

sudowtf 02-26-2015 08:43 AM
according to the internets, credentials file should be:
Code:
domain=domainName
username=myUserName
password=myPassword
HOWEVER, it still asks for my password, then works as expected in my environment.

Code:
$ winexe --version
Version 4.0.0alpha11-GIT-UNKNOWN

gkasica 02-26-2015 08:52 AM
We are running the latest version installed by apt-get in Ubuntu here and the file is in that format. It doesn't ask for password at all as shown above. It just fails.


All times are GMT -5. The time now is 01:07 AM.