[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

TortoiseSVN with NTLM not working after reading FAQs (PROPFIND 401)

From: Andrew de Quincey <Andrew.deQuincey_at_sumerian.com>
Date: Thu, 14 Feb 2008 14:10:30 -0000

Hi, before we start, yes I have read the FAQs:

Server system:
Windows 2003 server
Apache 2.2.4
subversion 1.4.6
mod_auth_sspi 1.0.4 from sf.net page

Client system:
Windows XP SP2
TortoiseSVN 1.4.7

Apache configuration:
LoadModule dav_svn_module "C:/Program
Files/Subversion/bin/mod_dav_svn.so"
LoadModule authz_svn_module "C:/Program
Files/Subversion/bin/mod_authz_svn.so"
<Location /svn/>

        AllowOverride All
        Order allow,deny
           allow from all
        AuthName "Subversion"
        AuthType SSPI
        SSPIAuth On
        SSPIAuthoritative On
        SSPIOfferBasic Off
        require valid-user

        DAV svn
        SVNParentPath D:/svn/
        SVNListParentPath on
        AuthzSVNAccessFile "D:/svn/test/conf/authorisation.conf"
</Location>
RedirectMatch ^(/svn)$ $1/

TortoiseSVN always reports an apache PROPFIND 401 error whatever I do
(I'm testing using the repo browser).

SSPI works everywhere else on the apache server: I can see the windows
usernames in the apache logs.

Here is the log for a normal HTTP GET request to
http://testserver/svn/test/ accessed with a web browser.

192.168.20.142 - - [14/Feb/2008:14:05:05 +0000] "GET /svn/test/
HTTP/1.1" 401 401
192.168.20.142 - SUMERIAN\\AndrewdeQuincey [14/Feb/2008:14:05:05 +0000]
"GET /svn/test/ HTTP/1.1" 200 301

OK: it sends a request, gets a 401, then retries with the windows auth.

Tortoise does this:
192.168.20.142 - - [14/Feb/2008:14:02:55 +0000] "PROPFIND /svn/test
HTTP/1.1" 401 401

It sends the request, gets a 401, then DOESN'T retry.

I used fiddler to examine what was being sent:
HTTP/1.1 401 Authorization Required
Date: Thu, 14 Feb 2008 13:39:09 GMT
Server: Apache/2.2.4 (Win32) DAV/2 mod_auth_sspi/1.0.4 PHP/5.2.3
SVN/1.4.6 mod_python/3.2.10 Python/2.4.4
WWW-Authenticate: NTLM
Content-Length: 401
Content-Type: text/html; charset=iso-8859-1
Proxy-Support: Session-Based-Authentication

So its getting a 401 with NTLM as the authentication option. And
tortoise is not coping with it.

I verified by setting SSPIOfferBasic to On. Then fiddler started
prompting for a username/password. But this is not possible for us: we
need the windows authetication.

So what is going on? AFAICS its all working ok on the server side, but
the client is not recognising NTLM. From what I read, tortoisesvn 1.4.x
has SSPI enabled though.

This email has been sent from Sumerian Europe Ltd a company registered in Scotland number SC224403 and having its registered office at 19 Blythswood Square, Glasgow, G2 4BG. . The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in any governing Sumerian Europe Ltd client agreement.

You can contact us on info_at_sumerian.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-02-14 15:10:39 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.