RE: Windows AD authentication with SSPI
From: <jason_at_subversus.org>
Date: 2006-06-29 16:38:33 CEST
Well, you've added a ton of variables into your httpd.conf and
Httpd.conf (replacing "MyDomain with your real domain name).
<Location /repos>
AuthName "Windows Authentication - SVN"
SSPIOfferBasic On
SSPIOmitDomain On
SSPIUsernameCase lower
AuthzSVNAccessFile "c:/svnrepos/svnaccess.conf"
And for svnaccess.conf .
[groups]
[/]
From: Leathem, Steven [mailto:Steven.Leathem@phlx.com]
Jason-
I've followed your advice, but I am now running into different issues.
My httpd.conf now includes:
<Directory "c:\svnrepos">
<Location /repos>
# our user authentication policy
AuthName "Windows Authentication - SVN"
SSPIOfferBasic On #let non-IE clients authenticate
SSPIUsernameCase lower
<LimitExcept GET PROPFIND OPTIONS REPORT>
# our access control policy enforced by mod_authz_svn
And my svnaccess.conf is as follows:
#access control file
[groups]
[/]
[bona:/]
[repos:/]
If I use the default setup for Apache authentication, I am able to browse to
...as normal. When I use the files above (with SSPI), I get a 500 -
The error.log file displays the following:
[Thu Jun 29 09:29:27 2006] [error] [client 10.112.2.125] (20014)Error string
I appreciate your help with this.
Steve
_____
From: jason@subversus.org [mailto:jason@subversus.org]
I suppose if I had read your email better the first time, I'd have given a
http:// <http://%3cservername%3e/repos/%3crepository>
It seems as though you're neglecting to add the actual name of your
From: jason@subversus.org [mailto:jason@subversus.org]
I would recommend
1) Turning SSPIOfferBasic "on" as the documentation recommends
2) Setting SSPIUsernameCase to "lower" which will ensure consistent
3) Setting SSPIOmitDomain to "on" which will strip the domain name from
Then for [groups], just list the usernames *all lowercase* and *domain name
This should take care of your issues.
From: Leathem, Steven [mailto:Steven.Leathem@phlx.com]
Hello-
My platform is:
I am trying to set up Active Directory authentication for the users. I've
I've downloaded the "mod_auth_sspi-1.0.4-2.0.58.zip" file from:
The applicable parts of the httpd.conf is below:
LoadModule dav_module modules/mod_dav.so
# subversion modules
# Windows authentication module
LoadModule auth_module modules/mod_auth.so
<Directory "c:\svnrepos">
<Location /repos>
AuthName "Windows Authentication - SVN"
<LimitExcept GET PROPFIND OPTIONS REPORT>
# our access control policy enforced by mod_authz_svn
My svnaccess.conf is as follows:
[groups]
[/]
I've tried several combinations of the domain\username, based on advice I've
Forbidden
(I don't even get prompted for credentials.) I then see the following in
[Wed Jun 28 16:23:01 2006] [error] [client (IP address)] The URI does not
I am unable to log in via TortoiseSVN either. Any help is greatly
Steve
|
This is an archived mail posted to the Subversion Dev mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.