jborean93
commented
5 years ago It should work, what’s the error you are getting.
Closed Pitenager closed 5 years ago
jborean93
commented
5 years ago It should work, what’s the error you are getting.
Pitenager
commented
5 years ago it is not an error in itself, it is simply that if I execute a command like: "net user sqlservice Sql12345 /domain /add" logged as the user juan1 on the own shell of powershell, it works without problems, but if I execute it from the python with your library, return access error. I have verified that it is a problem of authentication against the domain because if I try to log in with a user that has not previously logged in the system, I get an ACCESS_DENIED error and this is because it does not validate against the domain.
jborean93
commented
5 years ago Ok that makes sense, so if you are using net user ... /domain it needs to authenticate the current user with the domain controller to create the actual user. By default a network logon is not able to authenticate to downstream servers, otherwise known as the double hop or credential delegation issue.
To get around this issue in pypsexec, you need to also specify the username and password kwarg in the run_executable function. This means that you will still authenticate as the user specified in Client when connecting to the host but are telling the PAExec service on the host to run this executable with these explicit credentials. This allows the process to authenticate to downstream servers like it would when running locally.
Pitenager
commented
5 years ago Ok, that is, if I have understood correctly, every time I want to perform an operation on domain under the privileges of a user of it, I have to specify to run_executable that I am using that user of the domain to execute the command over it, right?
jborean93
commented
5 years ago Yep, if you only run commands that operate then explicit creds for run_executable aren't needed. It's only if you need to authenticate from the Windows host to another downstream server that you need the explicit credentials.
Pitenager
commented
5 years ago Wow, I hope with all my strength that this is the solution! Unfortunately I do not have the laboratory available to try it now, but tomorrow I will try it and, if it is solved, I will comment on it.
Thank you very much for the attention and the quick response!
jborean93
commented
5 years ago @Pitenager were you able to try this out?
Pitenager
commented
5 years ago @jborean93 Yes sir, I kept this thread open because I was developing until 2 weeks ago.
Thank you very much for your quick support, really.
Hi dude,
I am having problems when I try to execute commands as a domain user (example: net user sqlservice Sql12345 / domain / add). I have created a laboratory with a DC (windows server 2016) and three computers (w7, w8.1 and w10). The connection was created in the following way: "smb = Client (ip=ip, username ="IBERICA\juan1", password="Banana123"), but can not authenticate against the domain. I've also tried putting the following values in the "username" field: username = "juan1" (assuming the domain takes it by default) username = "juan1@Iberica.es" But none is successful.
Is it a problem of how I am creating the connection or is there something else I do not know? Could you give me advice on how to create connections against domain?
I hope you see it on time, since I am using this library for my final year project. Thank you