[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Accessing REPOS with Alternate WINDOWS AD account than currently logged in (HOW)

From: Pavel Lyalyakin <pavel.lyalyakin_at_visualsvn.com>
Date: Mon, 28 Jan 2013 16:04:06 +0400

Hello John,

On Fri, Jan 25, 2013 at 2:38 AM, <J.Neal_at_emerson.com> wrote:
> 1. I have a situation that I have been trying to find guidance to
> online, and I am having issues finding my solution.
>
> It revolves around Windows AD and needing to access Repositories as
> different AD username than currently logged into the current windows
> session.
>
> I have the following requirement to fulfill.
>
> * AD Authentication Must Be used due to security restrictions
> * I have users that are working for company X in domain XYZ.
> * My company , company A is in domain ABC.
> * Company X is trusted, and inside our firewall in a very convuleted way
> that is hard to explain.
> * While logged onto their local PC in Domain XYZ, they need to utilize the
> TortoiseSVN Client and access REPOS using a different windows username that
> is in domain ABC we have created for them.
>
> When they access websites, including our SVN website, they can type in the
> correct window credentials domain abc with username.

This behavior is not expected. I strongly advise you to check the KB
article at http://www.visualsvn.com/support/topic/00043/. It seems
that you either haven't add the server to local intranet sites list or
simply have Single Sign-On disabled in Firefox browser. Thus Single
Sign-On fails when you use a web browser and a user get the password
prompt.

> BUT when they use the windows client, it is always forcing the issue and not
> letting them access with an username that is anything but the current logged
> in windows account which is in DOMAIN XYZ. I am unable to add this windows
> account to our SVN usergroup for AD access.
>
> HOW DO I GET THEIR SYSTEM SETUP SO, when they righclick and use tortisesvn
> options, it uses the domain/username that I want it to and not what is
> currently logged into the windows session which would normally work.

Have you tried to use Windows Credential Manager on client? See "Store
passwords, certificates, and other credentials for automatic logon" at
http://windows.microsoft.com/en-IN/windows7/Store-passwords-certificates-and-other-credentials-for-automatic-logon

When Integrated Windows Authentication (Single Sign-On) is active,
users do not get password prompt (i.e. it's expected behavior). User
gets authenticated under the same user account which is logged to a
Windows machine. So in order to "switch" a user account, user has to
put the other account's credential and a server's hostname to Windows
Credential Manager storage.

Username should be in form:

[[
DOMAIN\username
]]

E.g. "svn.domain.com\user.name"

Hope this helps!

-- 
With best regards,
Pavel Lyalyakin
VisualSVN Team
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3046362
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2013-01-28 13:04:52 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.