Return-Path: 
 <users-return-76425-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 54276 invoked from network); 17 Oct 2007 18:57:05 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 17 Oct 2007 18:57:05 -0000
Received: (qmail 13045 invoked by uid 500); 17 Oct 2007 18:56:41 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 13029 invoked by uid 500); 17 Oct 2007 18:56:41 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 13018 invoked by uid 99); 17 Oct 2007 18:56:41 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Oct 2007 11:56:41 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of thomas.fazekas@gmail.com
 designates 64.233.162.225 as permitted sender)
Received: from [64.233.162.225] (HELO nz-out-0506.google.com) (64.233.162.225)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Oct 2007 18:56:44 +0000
Received: by nz-out-0506.google.com with SMTP id i1so1628240nzh
        for <users@httpd.apache.org>; Wed, 17 Oct 2007 11:56:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        bh=f9O+1cpRE70sS5ATG2N/z0xwZquErdU7/WwwLwx/R78=;
        b=hD+soQWZL8wWzABJLjORlUijYSwDmMXjq9kMuJ3Mq3q07CEbPqYwhS+Pu3MCUpC00nu8cyj8CYTqUkETYSQeJQc7AzZlzQsuSIHBnN0Yms5D2S7dFb+H3EncLwJxPALqB/7RtZkHP8ZPXFJYmkl/opDjVsU1aQ40q4KD/SRgwzg=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=CnERykgRGLymcUfHMl4N/dNHVxbhBEUanwTRHmx95A81rZtkGYxz+50ViaDIRYSTxIqGw9gjxRPlCLntJFgWp4UPr8c+P9sx5xVTuoJvA3TDAU0o2VStfu9sF99TpQnuKvHB6XSztVkRJQ01z4VzS1ti820ejt/a56Gk1z9FNJI=
Received: by 10.115.93.16 with SMTP id v16mr965302wal.1192647359715;
        Wed, 17 Oct 2007 11:55:59 -0700 (PDT)
Received: by 10.114.13.15 with HTTP; Wed, 17 Oct 2007 11:55:59 -0700 (PDT)
Message-ID: <421547be0710171155q38b260eal5be0d1956fce84bd@mail.gmail.com>
Date: Wed, 17 Oct 2007 20:55:59 +0200
From: "Thomas Fazekas" <thomas.fazekas@gmail.com>
To: users@httpd.apache.org
In-Reply-To: <421547be0710160900u3de6ce75n101c9b9b488c1778@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <421547be0710160900u3de6ce75n101c9b9b488c1778@mail.gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: [users@httpd] svn access via apache with ntlm authentication

My setup :

Debian Etch i386

httpd-2.0.61 configured with the following command
"./configure --prefix=/opt/httpd-2.0.61 --with-mpm=worker --enable-so
--enable-dav=shared
--enable-unique-id=shared --enable-version=shared --enable-ssl=shared
--enable-info=shared
--enable-cgi=shared --enable-rewrite=shared --enable-cache=shared --
enable-disk-cache=shared --enable-deflate=shared"

subversion-1.4.5 configured with the following
"./configure --prefix=/opt/subversion-1.4.5 --with-apr=/opt/
httpd-2.0.61 --with-apr-util=/opt/httpd-2.0.61 --with-apxs=/opt/
httpd-2.0.61/bin/apxs"

mod_auth_ntlm_winbind AFAIK the latest version compiled with
"/opt/httpd-2.0.61/bin/apxs -DAPACHE2 -c -i mod_auth_ntlm_winbind.c"

Now, AFAIT everything is working well... separately !
Apache serves documents,
svn works for anonymous access with the following config :

<Location /svn/repos>
   DAV svn
   SVNPath /mnt/data/rep/svn
</Location /svn/repos>

I can check out projects from the repository

Then I've tested the NTLM authentication with

Alias /ntlmtest/ "/mnt/data/docuwiki/"
<Directory "/mnt/data/docuwiki">
 AuthName "NTLM Authentication"
 NTLMAuth on
 NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
 NTLMBasicAuthoritative on
 AuthType NTLM
 require valid-user
</Directory>

This works just fine, the browser prompts for the username and
password, and ntlm authenticates against our PDC

Now my problem is with the svn + NTLM combination
If I have in my httpd.conf
<Location /svn/repos>
   DAV svn
   SVNPath /mnt/data/rep/svn
   AuthName "NTLM Authentication"
   AuthType NTLM
   NTLMAuth on
   NTLMBasicAuthoritative on
   NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
   require valid-user
</Location>

and I do "svn co http://svnhost/svn/repos/test" ,
it seems to me that the apache server doesn't even bother calling the
ntlm_winbind module for authentication...
There are no logs or any trace of related messages and all I get is
svn: PROPFIND request failed on '/svn/repos/test'
svn: PROPFIND of '/svn/repos/test': authorization failed (http://
svnhost)
at the client side.

Any ideas ?

Thomas

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org