[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Cyrus SASL with NTLM and SMB Signing

From: Markus Schaber <m.schaber_at_codesys.com>
Date: Mon, 13 Jan 2014 08:32:01 +0000

Hi,

I know that this problem is not strictly SVN specific, but maybe one of the users here has experience with this and knows a solution:

I'm currently trying to set up an SVN server on linux which authenticates against an Windows domain using NTLM - we want a single sign-on solution.

The version of SASL is the debian libsasl2-2 package in version 2.1.25.dfsg1-6+deb7u1 (debian wheezy on amd64) running with SVN 1.6.17 (but upgrading to SVN 1.7 or 1.8 is an option.)

The configuration on the server side seems to be correct, but the authentication fails with the following message:
NTLM: error in NEGPROT response parameters

As far as I could google it[1], there seems to be a workaround (disabling SBM signing via group policy), but said workaround is not acceptable for our network administrators. The SMB Signing seems to be a security feature which is enabled by default on windows servers since 2003.

Is there any other solution or workaround for this problem?

Best regards

Markus Schaber

[1]
http://comments.gmane.org/gmane.comp.security.cyrus.sasl/7065
https://kc.mcafee.com/corporate/index?page=content&id=KB63137&cat=CORP_SENTIAN_BESS&actp=LIST

Best regards

Markus Schaber

CODESYS(r) a trademark of 3S-Smart Software Solutions GmbH

Inspiring Automation Solutions

3S-Smart Software Solutions GmbH
Dipl.-Inf. Markus Schaber | Product Development Core Technology
Memminger Str. 151 | 87439 Kempten | Germany
Tel. +49-831-54031-979 | Fax +49-831-54031-50

E-Mail: m.schaber@codesys.com | Web: http://www.codesys.com | CODESYS store: http://store.codesys.com
CODESYS forum: http://forum.codesys.com

Managing Directors: Dipl.Inf. Dieter Hess, Dipl.Inf. Manfred Werner | Trade register: Kempten HRB 6186 | Tax ID No.: DE 167014915
Received on 2014-01-13 09:38:22 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.