> Andrew Webber wrote:
> > I'm having trouble authenticating to my subversion server
> ever since I
> > installed the new RC2 of TortoiseSVN.
> >
> > The server is running on WinXP with mod_auth_sspi to authenticate
> > against our domain server. The svn command line still can
> > authenticate correctly with <domain name>\<domain user
> name> as the username.
>
> Wait for RC3 or try a nightly build. There have been serious
> problems with SSPI (look through the mailing list for the
> last week) and it will almost certainly be disabled for the
> 1.3.0 release.
One of our users is having a seemingly-related auth problem.
On the 18th, I installed SVN 1.3.0 on our server (which is Apache 2.0.55
on Windows 2000), and TSVN 1.3.0 release on my own workstation. I
didn't change any server config apart from to use the new logging
directive as described in the SVN release notes, and was still able to
commit.
The user installed TSVN 1.3.0 release on his box, and now can't commit
(though he can read - ie, updates, logs, etc).
When he attempts to write with TSVN, the Apache logs show:
access.log:
"
10.1.2.199 - - [23/Jan/2006:11:17:34 +0000] "OPTIONS /svn/apps/trunk
HTTP/1.1" 401 518
10.1.2.199 - - [23/Jan/2006:11:17:34 +0000] "OPTIONS /svn/apps/trunk
HTTP/1.1" 401 518
10.1.2.199 - whitbybird\\iosta [23/Jan/2006:11:17:34 +0000] "OPTIONS
/svn/apps/trunk HTTP/1.1" 200 188
10.1.2.199 - - [23/Jan/2006:11:17:34 +0000] "MKACTIVITY
/svn/apps/!svn/act/1061b7c2-2219-a44f-b808-0c940370a062 HTTP/1.1" 401
518
10.1.2.199 - - [23/Jan/2006:11:17:34 +0000] "MKACTIVITY
/svn/apps/!svn/act/1061b7c2-2219-a44f-b808-0c940370a062 HTTP/1.1" 401
518
10.1.2.199 - whitbybird\\iosta [23/Jan/2006:11:17:34 +0000] "MKACTIVITY
/svn/apps/!svn/act/1061b7c2-2219-a44f-b808-0c940370a062 HTTP/1.1" 403
373
10.1.2.199 - - [23/Jan/2006:11:17:48 +0000] "OPTIONS /svn/apps/trunk
HTTP/1.1" 401 518
10.1.2.199 - - [23/Jan/2006:11:17:48 +0000] "OPTIONS /svn/apps/trunk
HTTP/1.1" 401 518
10.1.2.199 - whitbybird\\iosta [23/Jan/2006:11:17:48 +0000] "OPTIONS
/svn/apps/trunk HTTP/1.1" 200 188
10.1.2.199 - - [23/Jan/2006:11:17:48 +0000] "MKACTIVITY
/svn/apps/!svn/act/5cbea4de-5faf-b34b-af18-81661dc87c3f HTTP/1.1" 401
518
10.1.2.199 - - [23/Jan/2006:11:17:48 +0000] "MKACTIVITY
/svn/apps/!svn/act/5cbea4de-5faf-b34b-af18-81661dc87c3f HTTP/1.1" 401
518
10.1.2.199 - whitbybird\\iosta [23/Jan/2006:11:17:48 +0000] "MKACTIVITY
/svn/apps/!svn/act/5cbea4de-5faf-b34b-af18-81661dc87c3f HTTP/1.1" 403
373
"
error.log:
"
[Mon Jan 23 11:17:48 2006] [error] [client 10.1.2.199] (OS 87)The
parameter is incorrect. : authentication failure for
"/svn/apps/!svn/act/5cbea4de-5faf-b34b-af18-81661dc87c3f": user unknown,
reason: cannot generate context
[Mon Jan 23 11:17:48 2006] [error] [client 10.1.2.199] Access denied:
'whitbybird\\iosta' MKACTIVITY apps:
"
When I attempt with the CLI, as him, using 'svn ci --message "test"
--username "{domain in lowercase}\{username}" --password {password}' the
log shows:
access.log:
"
10.1.2.199 - - [23/Jan/2006:11:37:16 +0000] "OPTIONS /svn/apps/trunk
HTTP/1.1" 401 518
10.1.2.199 - - [23/Jan/2006:11:37:16 +0000] "OPTIONS /svn/apps/trunk
HTTP/1.1" 401 518
10.1.2.199 - whitbybird\\iosta [23/Jan/2006:11:37:16 +0000] "OPTIONS
/svn/apps/trunk HTTP/1.1" 200 188
10.1.2.199 - - [23/Jan/2006:11:37:16 +0000] "MKACTIVITY
/svn/apps/!svn/act/39babe06-46bc-9e4c-ad5e-6d7fd731199f HTTP/1.1" 401
518
10.1.2.199 - - [23/Jan/2006:11:37:16 +0000] "MKACTIVITY
/svn/apps/!svn/act/39babe06-46bc-9e4c-ad5e-6d7fd731199f HTTP/1.1" 401
518
10.1.2.199 - whitbybird\\iosta [23/Jan/2006:11:37:16 +0000] "MKACTIVITY
/svn/apps/!svn/act/39babe06-46bc-9e4c-ad5e-6d7fd731199f HTTP/1.1" 403
373
"
error.log:
"
[Mon Jan 23 11:37:16 2006] [error] [client 10.1.2.199] (OS 87)The
parameter is incorrect. : authentication failure for
"/svn/apps/!svn/act/39babe06-46bc-9e4c-ad5e-6d7fd731199f": user unknown,
reason: cannot generate context
[Mon Jan 23 11:37:16 2006] [error] [client 10.1.2.199] Access denied:
'whitbybird\\iosta' MKACTIVITY apps:"
(heros is the name of our domain server)
He is adamant that he hasn't changed his box except to install TSVN 1.3
(he rebooted). I have since uninstalled and installed again from
scratch, with reboots in between, with no change to the symptoms.
Trying to omit the domain from the prompt yields no change.
Clearing the TSVN authentication cache appears to yield no change - I
did that, and my tests were performed by typing in the username and
password each time. I know I haven't mistyped the u/p, because I signed
into his machine as him. Caps-lock is not turned on.
The domain, when logging on, is WHITBYBIRD. Previously (and still, for
me and ctonk), auth with whitbybird (as in, lowercase) worked (and still
does). It's just iosta with this issue.
Myself and a different colleague can still commit fine.
Question #1:
Am I calling the commit from the CLI client correctly? In two years,
I've never(!) used it.
Question #2:
WTF is going on?!
Question #3:
If he _did_ change something, should my experimentation have allowed me
to figure out what it was?
Pete
My config is:
<Location /svn>
DAV svn
SVNParentPath D:\SvnRepositories
AuthType SSPI
AuthName "Subversion Repositories"
SSPIAuth On
SSPIAuthoritative On
SSPIUsernameCase lower
SSPIDomain heros
SSPIOfferBasic On
AuthName "Subversion repositories"
AuthzSVNAccessFile conf/svnAccessFile.conf
Require valid-user
</Location>
CustomLog logs/svnAccess.log "%t %u %{SVN-ACTION}e" env=SVN-ACTION
My access file is:
[groups]
admin = whitbybird\pmoun
itdev =
whitbybird\pmoun,whitbybird\iosta,whitbybird\ctonk,WHITBYBIRD\PMOUN,WHIT
BYBIRD\IOSTA,WHITBYBIRD\CTONK,WHITBYBIRD\pmoun,WHITBYBIRD\iosta,WHITBYBI
RD\ctonk
# Default access rule for ALL repositories
# Everyone can read, admins can write
[/]
* = r
@admin = rw
# Allow developers complete access to their project repos
[Apps:/]
@itdev = rw
[BAAR:/]
@itdev = rw
[ITD:/]
@itdev = rw
[PoseidonCommonAdmDatabase:/]
@itdev = rw
[Utilities:/]
@itdev = rw
[WebServices:/]
@itdev = rw
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: users-help@tortoisesvn.tigris.org
Received on Mon Jan 23 12:42:35 2006