PowerShell-Docker icon indicating copy to clipboard operation
PowerShell-Docker copied to clipboard

Published 20 hours ago verified publisher icon PowerShell

NTLM auth not functional in Ubuntu-22.04 image

Open japicken opened this issue 1 year ago • 0 comments

Prerequisites

  • [X] Write a descriptive title.
  • [X] Make sure you are able to repro it on the latest image.
  • [X] Search the existing issues.
  • [X] Verified that this is not a Known Issue
  • [X] Verified this is not an issues in the underlying windows container that should be reported to Windows Feedback Hub

Steps to reproduce

docker run --rm -it mcr.microsoft.com/powershell:lts-7.2-ubuntu-22.04 bash
root@container:/# pwsh -nop -c "& { Install-Module -Name 'PSWSMan' -AcceptLicense -Force -Scope AllUsers}"
root@container:/# pwsh -nop -c "& { Install-WSMan }"
root@container:/# pwsh
PS /> Enter-PSSession -ComputerName myserver -Credential (Get-Credential) -Authentication Negotiate

PowerShell credential request
Enter your credentials.
User: domain\myusername
Password for user domain\myusername: ***************

Enter-PSSession: Connecting to remote server myserver failed with the following error message : acquiring creds with username only failed No credentials were supplied, or the credentials were unavailable or inaccessible SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.

Expected behavior

docker run --rm -it mcr.microsoft.com/powershell:lts-7.2-ubuntu-22.04 bash
root@container:/# pwsh -nop -c "& { Install-Module -Name 'PSWSMan' -AcceptLicense -Force -Scope AllUsers}"
root@container:/# pwsh -nop -c "& { Install-WSMan }"
root@container:/# pwsh
PS /> Enter-PSSession -ComputerName myserver -Credential (Get-Credential) -Authentication Negotiate

PowerShell credential request
Enter your credentials.
User: domain\myusername
Password for user domain\myusername: ***************

[myserver]: PS C:\Users\myusername\Documents>



### Actual behavior

```console
docker run --rm -it mcr.microsoft.com/powershell:lts-7.2-ubuntu-22.04 bash
root@container:/# pwsh -nop -c "& { Install-Module -Name 'PSWSMan' -AcceptLicense -Force -Scope AllUsers}"
root@container:/# pwsh -nop -c "& { Install-WSMan }"
root@container:/# pwsh

PS /> Enter-PSSession -ComputerName myserver -Credential (Get-Credential) -Authentication Negotiate

PowerShell credential request
Enter your credentials.
User: domain\myusername
Password for user domain\myusername: ***************

Enter-PSSession: Connecting to remote server myserver failed with the following error message : acquiring creds with username only failed No credentials were supplied, or the credentials were unavailable or inaccessible SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.

NOTE

Running the following pwsh script in the container and restarting pwsh resolves the issue.

<#
    .SYNOPSIS Enables support for legacy protocols in openssl which is needed for WinRM NTLM auth on Ubuntu 22.04
#>
[CmdletBinding()]
param()

$ErrorActionPreference = 'Stop'

Write-Host 'Enabling OpenSSL Legacy protocols...'
$opensslcnf = '/etc/ssl/openssl.cnf'

if (-not (Test-Path $opensslcnf)) { throw "Unable to find file: $opensslcnf" }

$content = Get-Content -Path $opensslcnf -Raw
$replacements = @(
    [PSCustomObject]@{
        regex = '\[provider_sect\]\s*\ndefault\s*=\s*default_sect\s*\n'
        newText = "[provider_sect]`ndefault = default_sect`nlegacy = legacy_sect`n"
    },
    [PSCustomObject]@{
        regex = '\[default_sect\]\s*\n\s*(#)*\s*activate\s*=\s*1\s*\n'
        newText = "[default_sect]`nactivate = 1`n[legacy_sect]`nactivate = 1`n"
    }
)

foreach ($replacement in $replacements) {
    if (-not ($content -match $replacement.regex)) {
        throw "Unable to find regex match for pattern: $($replacement.regex)"
    }
    $content = $content -replace $replacement.regex,$replacement.newText
}

$content | Out-File -Path '/etc/ssl/openssl.cnf' -NoNewline -Force



### Error details

```console
See above

Environment data

{
        "schemaVersion": 2,
        "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
        "config": {
                "mediaType": "application/vnd.docker.container.image.v1+json",
                "size": 4174,
                "digest": "sha256:905358640d7b3e6b9e228ebfdcf362f5011103df2e5233a67261f9ac604ef256"
        },
        "layers": [
                {
                        "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
                        "size": 30446577,
                        "digest": "sha256:3dd181f9be599de628e1bc6d868d517125e07f968824bcf7b7ed8d28ad1026b1"
                },
                {
                        "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
                        "size": 100805825,
                        "digest": "sha256:499091a85d98e22bacb4f4df74202b35b75d6acb7f5e84cec0aa3df496f1b4cd"
                }
        ]
}

Visuals

No response

japicken avatar Jan 16 '24 20:01 japicken