Overall goal: I'm trying to authenticate to Active Directory over LDAP with Kerberos on Windows. Due to dependencies, I'm unable to use python-ldap or python-gssapi, so I'm using ldap3 with the patch found in this answer to use Kerberos (by way of winkerberos instead of python-gssapi).
Example code:
from ldap3 import Connection, Server, ALL, IP_V4_PREFERRED, SASL, GSSAPI
domain_controller = input("DC: ")
SERVER = Server(domain_controller,
allowed_referral_hosts=[('*', True)],
get_info=ALL,
mode=IP_V4_PREFERRED)
CONNECTION = {"authentication": SASL,
"sasl_mechanism": GSSAPI,
"check_names": True}
c = Connection(SERVER, **CONNECTION)
c.bind()
Throws:
File "ldap3\core\connection.py", line 550, in bind
response = self.do_sasl_bind(controls)
File "ldap3\core\connection.py", line 1252, in do_sasl_bind
result = sasl_gssapi(self, controls)
File "ldap3\protocol\sasl\kerberos.py", line 54, in sasl_gssapi
base64.b64encode(in_token).decode('ascii')
winkerberos.GSSError: SSPI: InitializeSecurityContext: The specified target is unknown or unreachable
I've tried changing # to / from the solution here without any difference. The socket is resolving the dc fqdn properly, the dc has the SASL/GSSAPI mechanism supported, and I can alternatively pass a username/password to bind successfully. The part failing here sounds kerberos-specific.
Question: what is causing this error and how can I remediate it?
Related
Hello Dear StackOverflow friends,
I'm receiving an strange error when connecting to a managed MySQL instance (DigitalOcean). The connection works on my Dev computer (Windows 8.1 machine), but not on the Prod server (CentOS 8, SELinux in permissive mode). The connection also works with MySQL Workbench.
I've done pip freeze on both mentioned environments and both results are mysql-connector-python==8.0.19 which I find very strange. I've made sure to run my tests with the venv activated.
The managed MySQL 8.x instance is set up to allow connections from both my droplet and my Dev IP address. I've also tried this without the firewall enabled. The managed instance requires the usage of an SSL enabled connection, so a CA Certificate is provided (I've applied chmod 777 over it for now to make sure that's not the cause of the problem).
I've checked the documentation of the library I'm using and it's compatible with MySQL 8.
It is also worth noting I've also tried the solution in this question about it.
The code is the following. Works as expected in Windows.
import datetime
import mysql.connector
from mysql.connector.constants import ClientFlag
dbconn_host = '<sanitized>'
dbconn_port = '<sanitized>'
dbconn_user = '<sanitized>'
dbconn_passwd = '<sanitized>'
dbconn_database = '<sanitized>'
cnx = mysql.connector.connect(
host=dbconn_host,
port=dbconn_port,
user=dbconn_user,
passwd=dbconn_passwd,
database=dbconn_database,
client_flags=ClientFlag.SSL,
ssl_ca='.\\ca_certificate.crt', # When running on prod server I change it to a proper Linux path
# auth_plugin='caching_sha2_password' # Trying another solution I had it changed to mysql_native_password
)
cur_a = cnx.cursor(buffered=True)
query_sel = (
"SELECT * FROM datasources"
)
cur_a.execute(query_sel)
for w in cur_a:
print(w[0])
This is the stack trace I receive in Linux.
(venv) [root#<sanitized> <sanitized>]# python -i conn-test.py
Traceback (most recent call last):
File "conn-test.py", line 12, in <module>
cnx = mysql.connector.connect(
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/__init__.py", line 219, in connect
return MySQLConnection(*args, **kwargs)
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/connection.py", line 104, in __init__
self.connect(**kwargs)
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/abstracts.py", line 960, in connect
self._open_connection()
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/connection.py", line 290, in _open_connection
self._do_auth(self._user, self._password,
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/connection.py", line 212, in _do_auth
self._auth_switch_request(username, password)
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/connection.py", line 256, in _auth_switch_request
raise errors.get_exception(packet)
mysql.connector.errors.DatabaseError: 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client
>>>
What do you think could be the issue here?
The magic of StackOverflow, is when you post a question that you find the solution in a few minutes. Two things happened:
Half the time I didn't have network connectivity to the MySQL database.
So I ran all kinds of tests before I could even ping the server, then I realized I should run all tests again, but I didn't start with the basics (I did all tests with patches applied, instead of trying a "vanilla" connection first, so to speak).
The solution is I commented out client_flags=ClientFlag.SSL, but left the CA Certificate enabled and the connection worked as expected in the Prod server.
In a Flask app with flask-sqlalchemy, I am trying to initialize a connection to Db2 Warehouse on Cloud by setting SQLALCHEMY_DATABASE_URI to one of the parts provided in the service credentials. In the past, going with the uri component worked fine, but my new service has SSL connections only.
app.config['SQLALCHEMY_DATABASE_URI']=dbInfo['uri']
This results in connection errors
File "/home/vcap/deps/0/python/lib/python3.6/site-packages/ibm_db_dbi.py", line 592, in connect
conn = ibm_db.connect(dsn, '', '', conn_options)
Exception: [IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "TCP/IP". Communication API being used: "SOCKETS". Location where the error was detected: "52.117.199.197". Communication function detecting the error: "recv". Protocol specific error code(s): "104", "*", "0". SQLSTATE=08001 SQLCODE=-30081 During handling of the above exception, another exception occurred:
It seems that the driver is not accepting the ssl=true option specified in the URI string. What parts of the service credentials should I use? Would I need to build the URI string manually?
This is only a partial answer because of a workaround. I am using the port information from the service credentials to modify the connection URI:
if dbInfo['port']==50001:
# if we are on the SSL port, add additional parameter for the driver
app.config['SQLALCHEMY_DATABASE_URI']=dbInfo['uri']+"Security=SSL;"
else:
app.config['SQLALCHEMY_DATABASE_URI']=dbInfo['uri']
By adding Security=SSL to the uri, the driver picks up the info on SSL and uses the correct settings to connect to Db2.
I am trying to connect with Mysql server using mentioned below python code
import mysql.connector
mydb = mysql.connector.connect(
host = "127.0.0.1",
port = 5000,
user = "user id",
password = "password"
)
print(mydb)
But while running this code to test whether I have been connected with MySQL or not, I am facing the error which I am not able to understand.
Traceback (most recent call last):
File "C:\Users\varul.jain\Desktop\Test Phase\Mysql\mydb_test.py", line 7, in <module>
password = "root"
File "C:\Users\varul.jain\AppData\Local\Programs\Python\Python36\lib\site-packages\mysql\connector\__init__.py", line 179, in connect
return MySQLConnection(*args, **kwargs)
File "C:\Users\varul.jain\AppData\Local\Programs\Python\Python36\lib\site-packages\mysql\connector\connection.py", line 95, in __init__
self.connect(**kwargs)
File "C:\Users\varul.jain\AppData\Local\Programs\Python\Python36\lib\site-packages\mysql\connector\abstracts.py", line 716, in connect
self._open_connection()
File "C:\Users\varul.jain\AppData\Local\Programs\Python\Python36\lib\site-packages\mysql\connector\connection.py", line 210, in _open_connection
self._ssl)
File "C:\Users\varul.jain\AppData\Local\Programs\Python\Python36\lib\site-packages\mysql\connector\connection.py", line 142, in _do_auth
auth_plugin=self._auth_plugin)
File "C:\Users\varul.jain\AppData\Local\Programs\Python\Python36\lib\site-packages\mysql\connector\protocol.py", line 102, in make_auth
auth_data, ssl_enabled)
File "C:\Users\varul.jain\AppData\Local\Programs\Python\Python36\lib\site-packages\mysql\connector\protocol.py", line 58, in _auth_response
auth = get_auth_plugin(auth_plugin)(
File "C:\Users\varul.jain\AppData\Local\Programs\Python\Python36\lib\site-packages\mysql\connector\authentication.py", line 191, in get_auth_plugin
"Authentication plugin '{0}' is not supported".format(plugin_name))
mysql.connector.errors.NotSupportedError: Authentication plugin 'caching_sha2_password' is not supported
Note: I have initialized the default as 5000
for the testing purpose, I have initialized the port 5000, user - root and password - root
but the authorization the default password is not available as per mentioned above error
Is there any way to check the user id and password to cross verify and update in python code accordingly?
suggestions will be helpful
Follow these steps:
You must install MySQL Server (https://dev.mysql.com/downloads/installer/)
from this install MySQL Server.
Install mysql-connector-python (in your python environment)
Use this code :
Open database connection
import mysql.connector
mydb = mysql.connector.connect(host="127.0.0.1", port="3306", user="root", password="root", auth_plugin="mysql_native_password")
print(mydb)
As per SQL documentation for python library.you need to specify the auth plugin as follows:-
conn = mysql.connector.connect(user='root', password='password', host='127.0.0.1',port=5000, database='test', auth_plugin='mysql_native_password')
print(conn)
I come across a similar problem on my centOS VPS using webmin + python3.
At first I think it might due to connection package , so I tried:
'python3 -m pip install mysql-connector' , in python it will use 'import mysql.connector'
'pip3 install PyMySQL' , in python it use 'import PyMySQL'
both dont solve the problem. Then I found there are a couples of other connection method from a website (which I dont remember its address now), which detaily explain pro and cos of each, according to it, I finally choose to use mysqlclient.
'sudo pip3 install mysqlclient' , I use this because it is more versatile and have support for python3.
All above does not solve my problem, I still face connection error.
I tried a couple of random test and accidentially with root and the skip-grant-tables option in config file, I was able to log in mysql with SSH python code, but that is not the reason , cos a normal newly created user still cannot login no matter what hosts I am accessing in the code, localhost, 127.0.0.1, domains, ....
So I revoke the skip-grant-tables option cos thats risky without protection (just for test).
Lately, from default already exist user 'root' in MySQL Server, I found it has 4 entries, so I have try to create 4 individual similar entries record in webmin -> server -> MySQL server -> User Permission.
these records have same user name and less privilege right but similar host content assigned. they are 'local' , '127.0.0.1' , 'myservername.vps.provider.ca' , '::1'
(I do not know what does the last one means)
And, Bingo, after above 4 entries added, the new user is able to log in with password authenthicate provided via python3 code.
(remember the first time, you have to set the MySQL Admin 'root' with password in MySQL Server page, so that password Login authenthication feature will work, and that password need not same as root password of system)
Thats all, this take me 6 hours. hope it can help someone using webmin as well. Please give positive vote if it helps you in anyway. thanks
I was trying to get authentication of my api.However,it always show the following import errors:
public_key=raw.input ('...')
secret_key=raw.input ('...')
client = upwork.Client(public_key, secret_key)
It is supposed to appear a url, however it shows that
" File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/upwork/client.py", line 118, in __init__
ca_certs=ca_certs_locater.get(),
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ca_certs_locater/__init__.py", line 36, in get
raise ImportError()"
I don't know what I should do about the ca_certs_locater
Before instantiating the upwork client, modify the module's LINUX_PATH constant.
import upwork
# Set the certificate path within the module
upwork.ca_certs_locater.LINUX_PATH = '/path/to/my/cert.crt'
...
client = upwork.Client(public_key, secret_key, **credentials)
...
I had this same problem. The solution is indeed as the comment suggests to do what Python - SSL Issue with Oauth2 says in combination with following the "SSL Certificate Note" on https://pypi.python.org/pypi/python-upwork. I did the following:
Read https://github.com/upwork/python-upwork/issues/9
Downloaded cacert.pem from Python - SSL Issue with Oauth2
Set the HTTPLIB_CA_CERTS_PATH environment variable to /path/to/cacert.pem
Then, the import error went away. My use case was the upwork API and yours may be different but the solution is the same either way.
I'm trying to consume a SOAP web service using Python suds but I am getting the error "RuntimeError: maximum recursion depth exceeded while calling a Python object".
According to the trace, there is infinite recursion at "suds/binding/multiref.py", line 69.
The web service I'm trying to access is http://www.reactome.org:8080/caBIOWebApp/services/caBIOService?wsdl.
The method I'm trying to access is loadPathwayForId.
Here's the part of my code that consumes the web service:
from suds.client import Client
client = Client('http://www.reactome.org:8080/caBIOWebApp/services/caBIOService?wsdl')
pathway = client.service.loadPathwayForId(2470946)
I'm not sure what is responsible for the infinite recursion. I tried to look up this problem and there has been reports of issues with suds and infinite recursion, but the traces are different than mine (the recursive code is different), so I suspect my problem has other origins.
The full trace:
File "C:\Python27\lib\suds\bindings\multiref.py", line 69, in update
self.update(c)
File "C:\Python27\lib\suds\bindings\multiref.py", line 69, in update
self.update(c)
...
File "C:\Python27\lib\suds\bindings\multiref.py", line 69, in update
self.update(c)
File "C:\Python27\lib\suds\bindings\multiref.py", line 69, in update
self.update(c)
File "C:\Python27\lib\suds\bindings\multiref.py", line 67, in update
self.replace_references(node)
File "C:\Python27\lib\suds\bindings\multiref.py", line 80, in replace_references
href = node.getAttribute('href')
File "C:\Python27\lib\suds\sax\element.py", line 404, in getAttribute
prefix, name = splitPrefix(name)
File "C:\Python27\lib\suds\sax\__init__.py", line 49, in splitPrefix
if isinstance(name, basestring) \
RuntimeError: maximum recursion depth exceeded while calling a Python object
Thanks in advance for the help!
After more testing, it seems that (unfortunately) suds has trouble interpreting Java Collection objects serialized as XML. I ended up using SOAPpy instead to avoid this issue. If someone can suggest a fix, that would be awesome! I really like suds for its other merits over SOAPpy.
I tried lots of SUDS versions and forks, and finally got to find one that works with proxies, https and authenticated services, find it here:
https://github.com/unomena/suds
Also, here is example code showing simple usage:
from suds.client import Client
# SOAP WSDL url
url = 'https://example.com/ws/service?WSDL'
# SOAP service username and password for authentication, if needed
username = 'user_name'
password = 'pass_word'
# local intranet proxy definition to get to the internet, if needed
proxy = dict(http='http://username:password#localproxy:8080',
https='http://username:password#localproxy:8080')
# unauthenticaded, no-proxy
# client = Client(url)
# use a proxy to connect to the service
# client = Client(url, proxy=proxy)
# no proxy, authenticathed service
# client = Client(url, username=username, password=password)
# use a proxy to connect to an authenticated service
client = Client(url, proxy=proxy, username=username, password=password)
print client