[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Windows AD authentication with SSPI

From: Leathem, Steven <Steven.Leathem_at_phlx.com>
Date: 2006-06-28 22:32:36 CEST

Hello-

My platform is:
- Windows Server 2003
- Apache 2.0.58
- SubVersion 1.3.0r17949 (installed with 1-Click setup)

I am trying to set up Active Directory authentication for the users. I've
found numerous web sites that have explained how to do this, but for some
reason, I can't seem to get this working.

I've downloaded the "mod_auth_sspi-1.0.4-2.0.58.zip" file from:
http://www.gknw.net/development/apache/httpd-2.0/win32/modules/
<http://www.gknw.net/development/apache/httpd-2.0/win32/modules/>
...and copied the appropriate module file to Apache.

The applicable parts of the httpd.conf is below:

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so

# subversion modules
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

# Windows authentication module
LoadModule sspi_auth_module modules/mod_auth_sspi.so

LoadModule auth_module modules/mod_auth.so

<Directory "c:\svnrepos">
   AllowOverride None
    Options All
    Order allow,deny
    Allow from all
</Directory>

<Location /repos>
    dav svn
    SVNListParentPath on
    SVNParentPath "c:/svnrepos/"

    AuthName "Windows Authentication - SVN"
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    SSPIDomain <domain name>

    <LimitExcept GET PROPFIND OPTIONS REPORT>
     Satisfy Any
     Require valid-user
    </LimitExcept>

    # our access control policy enforced by mod_authz_svn
    AuthzSVNAccessFile "c:/svnrepos/svnaccess.conf"
</Location>

My svnaccess.conf is as follows:

[groups]
admin = domain\username, domain//username, username

[/]
* = r
@admin = rw

I've tried several combinations of the domain\username, based on advice I've
heard on other web sites. The error I receive when browsing to the
repositoty is:

Forbidden
You don't have permission to access /repos/ on this server.

(I don't even get prompted for credentials.) I then see the following in
the error.log file:

[Wed Jun 28 16:23:01 2006] [error] [client (IP address)] The URI does not
contain the name of a repository. [403, #190001]

I am unable to log in via TortoiseSVN either. Any help is greatly
appreciated.

Steve
Received on Wed Jun 28 22:33:16 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.