如何使用远程服务器的本地用户通过Powershell WinRM对远程服务器进行身份验证

时间:2017-04-19 19:26:57

标签: powershell winrm

请考虑以下情况:

有两台服务器:server1server2,它们位于同一网络和同一网域上。目标是使用server1中的本地用户作为身份,从server2打开PSSession到server2

PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential server2\username

server2上的本地用户是WinRMRemoteWMIUsers_群组的成员

如果使用域用户,那么一切正常:

PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential domain\username

尝试以本地用户身份连接时获得的错误是:

New-PSSession : [server2] Connecting to remote server server2 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos
    authentication: There are currently no logon servers available to service the logon request.
     Possible causes are:
      -The user name or password specified are invalid.
      -Kerberos is used when no authentication method and no user name are specified.
      -Kerberos accepts domain user names, but not local user names.
      -The Service Principal Name (SPN) for the remote computer name and port does not exist.
      -The client and remote computers are in different domains and there is no trust between the two domains.
     After checking for the above issues, try the following:
      -Check the Event Viewer for events related to authentication.
      -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
     Note that computers in the TrustedHosts list might not be authenticated.
       -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

在错误消息中有The following error with errorcode 0x80090311 occurred while using Kerberos authentication-Kerberos accepts domain user names, but not local user names.因此,在server1上执行以下操作后尝试连接:

PS @SERVER1 > winrm set winrm/config/client '@{TrustedHosts="server2"}'

执行命令后尝试启动PSSession仍然失败。

可以尝试哪些其他步骤?

1 个答案:

答案 0 :(得分:1)

你应该可以做这样的事情

groupname

因此,首先收集凭证,然后将其插入。然后,您可以逐字地使用localhost作为域名,并且可以正常工作。为我工作。

db.usergroups.aggregate([
    { $match: { mobilenumber:"0509867865" } },
    { $project: { groupname:{ $split: [ "$groupname", ',' ] }  } },
    { $lookup:
        {
          from: "groups",
          localField: "groupname",
          foreignField: "groupname",
          as: "mobile_group"
        }
   },
   {$unwind:"$mobile_group"},
   { $project : { groupname:"$mobile_group.groupname", "messages" : "$mobile_group.message" } }
])