Skip Menu |
 

Subject: Remote Powershell session creation from a Linux machine
Date: Fri, 6 Sep 2024 14:05:02 +0530
From: "Rohit Tiwari" <tiwari88.rohit@gmail.com>
To: krb5-bugs@mit.edu
Hi Team,

I was trying to create a remote powershell session from a Linux Mariner distro to a windows machine and the same is failing. The same scenario is working with krb5-1.19.4-2.cm2 version whereas it fails with  krb5-1.21.3-1.cm2.

Please let me know what logs/additional info I can help with to get to the root cause of the issue. Or do we have some known issue reported around the same.

Looking forward to hearing from you.

Regards,
Rohit Tiwari
This is my first introduction to the concept of remote powershell (I'm somewhat familiar with powershell itself) or the Mariner distribution.  There might be a reported issue in the tracker for whatever software you're using, but not in the MIT krb5 tracker.

The first piece of relevant information would be the command being run (or sequence of operations, if this is a GUI thing) and the error message associated with the failure.

Beyond that, trace logs (set the environment variable KRB5_TRACE to a filename, e.g. with "KRB5_TRACE=/tmp/trace command args") for both successful and failing scenarios may help.
Date: Tue, 10 Sep 2024 15:06:33 +0530
Subject: Re: [krbdev.mit.edu #9138] Remote Powershell session creation from a Linux machine
From: "Rohit Tiwari" <tiwari88.rohit@gmail.com>
To: krb5-bugs@mit.edu
Hi,

Below is the quick repro steps - 

On a windows machine enable PS Remoting.

       To enable the same one can run below Powershell cmdlet 
       Enable-PSRemoting

On a linux machine -

1) Install Powershell core on linux machine
2) Install gssntlmssp package
3) Check the kerberos version 
3) Run pwsh on linux machine
    - Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
    - Install-Module -Name PSWSMan -Force
    - Install-WSMan
    - exit
4) Run pwsh again on the linux machine and run the below command -
   New-PSSession - ComputerName "windowsmachine IP" -Credential 'domain\username' -Authentication Negotiate

5) If kerberos version is 1.19.4 the above PSSession command will work. If the kerberos package is 1.21.3 PSSession command will hang.

To answer your point about what is the end error I am seeing , there is no end error seen, New-PSSession command is actually hanged.

If required I can share a DockerFile with all the steps and that can be used for quick repro.

Tried enabling the kerberos logs. Attached the logs for reference.

Message body is not shown because sender requested not to inline it.

Download working_kerberos.txt
text/plain 19.9KiB

Message body is not shown because sender requested not to inline it.