This note is a work-in-progress as the NTLM authentication support module by Microsoft for Ubuntu is non-functional as of this writing.

# Actions on Windows 10 being used as WinRM Server

# Enable WinRm
winrm quickconfig
or
Enable-PSRemoting –Force

PS C:\Windows\system32> Enable-PSRemoting -Force
WinRM is already set up to receive requests on this computer.
Set-WSManQuickConfig : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150859113"
Machine="localhost"><f:Message><f:ProviderFault provider="Config provider"
path="%systemroot%\system32\WsmSvc.dll"><f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"
Code="2150859113" Machine="DESKTOP-30MG9L9"><f:Message>WinRM firewall exception will not work since one of the network
connection types on this machine is set to Public. Change the network connection type to either Domain or Private and
try again. </f:Message></f:WSManFault></f:ProviderFault></f:Message></f:WSManFault>
At line:116 char:17
+                 Set-WSManQuickConfig -force
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand

# Resolution:
Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
Enable-PSRemoting –force

# Sample output:
PS C:\Windows\system32> Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
PS C:\Windows\system32> Enable-PSRemoting -force
WinRM is already set up to receive requests on this computer.
WinRM has been updated for remote management.
WinRM firewall exception enabled.
Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

# Check WinRM to see if it's listening
Get-NetTCPConnection | Where-Object -Property LocalPort -EQ 5985

# Optional: disable Windows Firewall
PS C:\Windows\system32> Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

# Optional: enable firewall profile Private
PS C:\Windows\system32> Set-NetFirewallProfile -Profile Private -Enabled True

# Optional: check Windows Firewall Status
PS C:\Windows\system32> Get-NetFirewallProfile | Format-Table Name, Enabled
Name    Enabled
----    -------
Domain    False
Private    True
Public    False

# Add local network into trusted hosts list for NTLM
$localNetwork='192.168.100.*'
Set-Item WSMan:\localhost\Client\TrustedHosts -Force -Concatenate -Value $localNetwork

# Check trusted hosts list
Get-Item WSMan:\localhost\Client\TrustedHosts

# Restart WinRm
Set-Service WinRM -StartMode Automatic
Restart-Service -Force WinRM

# Actions on the Linux Client

kim@kimlinux:~$ sudo apt install gss-ntlmssp
[sudo] password for kim: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  gss-ntlmssp
0 upgraded, 1 newly installed, 0 to remove and 26 not upgraded.
Need to get 47.9 kB of archives.
After this operation, 136 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ focal/universe amd64 gss-ntlmssp amd64 0.7.0-4build3 [47.9 kB]
Fetched 47.9 kB in 1s (75.1 kB/s)      
Selecting previously unselected package gss-ntlmssp.
(Reading database ... 281058 files and directories currently installed.)
Preparing to unpack .../gss-ntlmssp_0.7.0-4build3_amd64.deb ...
Unpacking gss-ntlmssp (0.7.0-4build3) ...
Setting up gss-ntlmssp (0.7.0-4build3) ...
Processing triggers for man-db (2.9.1-1) ...

kim@kimlinux:~$ enter-pssession 192.168.100.114
enter-pssession: command not found

kim@kimlinux:~$ powershell
PowerShell 7.0.3
Copyright (c) Microsoft Corporation. All rights reserved.
https://learn.microsoft.com/en-us/powershell/
Type 'help' to get help.
PS /home/kim> enter-pssession 192.168.100.114 -credential baloo
PowerShell credential request
Enter your credentials.                                                                                                        
Password for user baloo: *****
Enter-PSSession: MI_RESULT_ACCESS_DENIED

# Important: you MUST state the  authentication type as Negotiate
Enter-PSSession -ComputerName 192.168.100.114 -Authentication Negotiate -Credential baloo

PS C:\Windows\system32> Enter-PSSession 192.168.100.114 -Credential baloo
Enter-PSSession : Connecting to remote server 192.168.100.114 failed with the following error message : The WinRM
client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer
is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the
TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts
list might not be authenticated. You can get more information about that by running the following command: winrm help
config. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession 192.168.100.114 -Credential baloo
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (192.168.100.114:String) [Enter-PSSession], PSRemotingTransportExceptio
   n
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

# Reattempting to connect with explicit option to negotiate
PS /home/kim> Enter-PSSession -ComputerName 192.168.100.114 -Authentication Negotiate -Credential baloo
PowerShell credential request
Enter your credentials.
Password for user baloo: *****

Enter-PSSession: Connecting to remote server 192.168.100.114 failed with the following error message : acquiring creds with username only failed An invalid name was supplied SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.
PS /home/kim> Enter-PSSession -ComputerName 192.168.100.114 -Authentication Negotiate -Credential desktop-30mg9l9\baloo
PowerShell credential request
Enter your credentials.
Password for user desktop-30mg9l9\baloo: *****
Enter-PSSession: Connecting to remote server 192.168.100.114 failed with the following error message : acquiring creds with username only failed Unspecified GSS failure.  Minor code may provide more information SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.

# Trying to use Basic Auth
PS /home/kim> Enter-PSSession -ComputerName 192.168.100.114 -Authentication basic -Credential desktop-30mg9l9\baloo 
PowerShell credential request
Enter your credentials.                                                                                                        
Password for user desktop-30mg9l9\baloo: *****
Enter-PSSession: Basic authentication is not supported over HTTP on Unix.

# Option: join Linux to Windows domain using sssd and realmd
# Nope, not gonna simulate that
Categories: