trying to connect to Windows winRM using kerberos winrm

Question

so I have tested this under several different variations. I have a lab with Windows 2008 R2 servers and RHEL6 and Python2.6 installed. I am able to use ansible as means to remote into the windows server and perform a ping (I have followed all the instructions on how to do this). I get the problem of not being able to do this with Rhel 7 and python2.7, however I am not sure that the difference in python versions is whats stopping me.

I constantly get this hostname_override error...

[alebede@linuxbox]$ klist -a
Ticket cache: FILE:/tmp/krb5cc_37575
Default principal: [email protected]

Valid starting       Expires              Service principal
02/10/2017 11:30:32  02/10/2017 21:30:32  krbtgt/[email protected]
    renew until 02/10/2017 21:30:32
    Addresses: (none)
[alebede@linuxbox]$ python
Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
    >>> import winrm
    >>> s = winrm.Session('WINDOWSBOX', auth=('[email protected]',         'mypassword'), transport='kerberos')
    >>> r = s.run_cmd('ipconfig', ['/all'])
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
      File "/usr/lib/python2.7/site-packages/winrm/__init__.py", line 37, in run_cmd
    shell_id = self.protocol.open_shell()
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 173, in send_message
    self.session = self.build_session()
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 140, in build_session
    sanitize_mutual_error_response=False)
TypeError: __init__() got an unexpected keyword argument 'hostname_override'

With ansible it looks like this, the same hostname_override error:

mywinserver.mydomain.com> WINRM CONNECT: transport=ssl endpoint=https://mywinserver.mydomain.com:5986/wsman
    <mywinserver.mydomain.com> WINRM CONNECTION ERROR: the specified credentials were rejected by the server
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/plugins/connection/winrm.py", line 154, in _winrm_connect
    self.shell_id = protocol.open_shell(codepage=65001)  # UTF-8
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 132, in open_shell
    res = self.send_message(xmltodict.unparse(req))
  File "/usr/lib/python2.7/site-packages/winrm/protocol.py", line 207, in send_message
    return self.transport.send_message(message)
  File "/usr/lib/python2.7/site-packages/winrm/transport.py", line 190, in send_message
    raise InvalidCredentialsError("the specified credentials were rejected by the server")
InvalidCredentialsError: the specified credentials were rejected by the server

mywinserver.mydomain.com | UNREACHABLE! => {
    "changed": false, 
    "msg": "kerberos: __init__() got an unexpected keyword argument 'hostname_override', ssl: the specified credentials were rejected by the server", 
    "unreachable": true
}

Let me know what else I can try, also on the Windows 2008R2 server i can see that the linux box is trying to connect in the security event log. Not sure what else is going on. Again, this works in RHEL6 on 2 different windows 2008R2 servers.

Answer 1

Likely you have a mismatch in versions between winrm and requests-kerberos. I had the same issue when I had winrm installed via pip and requests-kerberos install via apt.

Verify that you are using a single package manager for all installations.