[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

need help SVN authentication to SAMBA PDC

From: Ken Fischer <kenneth.a.fischer_at_gmail.com>
Date: Thu, 15 May 2014 16:05:23 -0400

Hello all,

I'm in need of some help getting my subversion server to allow me to
domain authentication. I sent something to the mailing list last
night but it seems to not show up anywhere and I only now just
subscribed, so I apologized if someone has already responded. Please
cc me in any response.

I have setup a CentOS 6.5 machine running samba to act as my primary
domain controller. I then setup another CentOS 6.5 machine to act as
my subversion server, and using winbind I was able to join that
machine to the domain following this tutorial:

https://www.youtube.com/watch?v=c-vWAaocRU0

On the subversion server I am using Apache subversion with Apache 2.2.15.

Below is my subversion.conf script, which includes some commented out
previous attempts. Basically what happens is that I go to a client
machine, navigate to /svn/svn/mytestproj in firefox, and attempt to
log in. This works fine with basic authentication. When I try to use
domain authentication I get the login prompt, I type in
TESTLAB\kfischer as my username and enter my password. It seems to
reject this and immediately prompts me for the password again (no
warning or error message). After three attempts I eventually get an
Authorization Required message.

New information: I checked the /var/log/httpd/error_log and it is
telling me I have a password mismatch. I'm sure I am using the right
password so there must be something else going on.

Anyone have any ideas on what I am doing wrong? Your help is greatly
appreciated!

Best regards,
Ken

####################START SCRIPT##################################
#Load Apache LDAP Modules
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

#Load Subversion Apache Modules
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

#Load winbind module.... commented out now since this didn't work
#LoadModule auth_ntlm_winbind_module
/usr/lib/apache2/modules/mod_auth_ntlm_winbind.so

#Work around for authz and SVNListParentPath issue
RedirectMatch ^(/repos)$ $1/

#Enable Subversion Logging
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION

<Location /svn>
  DAV svn
  SVNParentPath /var/www/svn
  SVNListParentPath On
  SVNAutoversioning On
  AuthType Basic
  AuthName "TESTLAB"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPBindDN "CN=ldapbind,CN=Users,DC=TESTLAB,DC=LBTE"
  AuthLDAPBindPassword ldapbind!12
  AuthLDAPURL "ldap://testlab.lbte:3268/DC=TESTLAB,DC=LBTE?sAMAccountName?sub?(ObjectClass=*)"
  Require valid-user
</Location>

#### FAILED PREVIOUS ATTEMPTS
#<Location /svn>
#---trying to use mod_auth_ntlm_winbind
# DAV svn
# AuthName "TESTLAB.LBTE"
# NTLMAuth on
# NegotiateAuth on
# NTLMAuthHelper "/usr/bin/ntlm_auth --domain=testlab.lbte
--helper-protocol=squid-2.5-ntlmssp"
# NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
# NTLMBasicAuthoritative on
# AuthType NTLM
# AuthType Negotiate
# require valid-usr
# SVNParentPath /var/www/svn
# SVNListParentPath on

#----attempt at LDAP----------------------------------------------------------
# DAV svn
# SVNParentPath /var/www/svn
# SVNListParentPath on

# order allow,deny
# allow from all
# Options Indexes
# AuthzLDAPAuthoritative On

# AuthName "TESTLAB.LBTE"
# AuthType Basic
# AuthBasicProvider ldap
# AuthzLDAPAuthoritative On

# AuthLDAPBindDN "CN=ldapbind,CN=linuxusers,DC=testlab,DC=lbte"
# AuthLDAPBindPassword "ldapbind!12"

# AuthLDAPURL "ldap://testlab.lbte:3268/DC=testlab,DC=lbte?sAMAccountName?sub?(objectClass=*)"
NONE
# Require ldap-group CN=linuxusers,OU=Groups,DC=testlab,DC=lbte

#--BASIC CONFIGURATION---THIS DOES WORK I JUST HAVE IT DISABLED RIGHT
NOW----------------------------------

# DAV svn
# SVNParentPath /var/www/svn
# AuthType Basic
# AuthName "Subversion repositories"
# AuthUserFile /etc/svn-auth-users
# Require valid-user

#</Location>
################################################################################################
Received on 2014-05-17 01:05:32 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.