Return-Path: 
 <users-return-21433-apmail-subversion-users-archive=subversion.apache.org@subversion.apache.org>
X-Original-To: apmail-subversion-users-archive@minotaur.apache.org
Delivered-To: apmail-subversion-users-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0F99F10DC2
	for <apmail-subversion-users-archive@minotaur.apache.org>;
 Fri, 16 May 2014 13:50:13 +0000 (UTC)
Received: (qmail 65236 invoked by uid 500); 16 May 2014 11:47:25 -0000
Delivered-To: apmail-subversion-users-archive@subversion.apache.org
Received: (qmail 77412 invoked by uid 500); 16 May 2014 11:37:46 -0000
Mailing-List: contact users-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@subversion.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@subversion.apache.org>
List-Post: <mailto:users@subversion.apache.org>
List-Id: <users.subversion.apache.org>
Delivered-To: mailing list users@subversion.apache.org
Received: (qmail 3972 invoked by uid 99); 16 May 2014 11:23:11 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 May 2014 11:23:11 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of kenneth.a.fischer@gmail.com
 designates 209.85.216.175 as permitted sender)
Received: from [209.85.216.175] (HELO mail-qc0-f175.google.com)
 (209.85.216.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 May 2014 20:05:47 +0000
Received: by mail-qc0-f175.google.com with SMTP id w7so2661592qcr.6
        for <users@subversion.apache.org>;
 Thu, 15 May 2014 13:05:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=LqXYIF5mzwixvHfmnmxFL+VbtbKZD8ui2oTdKH72+Z8=;
        b=G0onwjngVtIP7PV4U5qWnh/ofafOgtr5cq4/r9NEzxbOeQUNWUCqWZ16vlzE/r85md
         xjNMqqfj6VqRsw6CQIBl8Wl8tzYlQz1sjxNauPSmCdqLuU4U4nsYOOcubIEttib/SwxF
         2a1ot3gcgJU7KAm5Nd/rq7BumHbkJvLc5L2lvy26zZdeIgvyokTJUrDu92rybeAznfdS
         39pjtFk3fp6U7L64W69FPyuOEK4OK+Gbq7YNVQECAzrjsy6lGdwcJ88RjNZkunM+sJNq
         t27oGdUgozT/e0K7jn9/GKfuHWpZZ0Le7vZl+C+xQkNpjConCDqZ8Bjsy+wybAjLVl8r
         smaQ==
MIME-Version: 1.0
X-Received: by 10.140.97.55 with SMTP id l52mr18042829qge.19.1400184323590;
 Thu, 15 May 2014 13:05:23 -0700 (PDT)
Received: by 10.224.16.147 with HTTP; Thu, 15 May 2014 13:05:23 -0700 (PDT)
Date: Thu, 15 May 2014 16:05:23 -0400
Message-ID: 
 <CACnFVMWgDwLDTPTsfw59tiv56UcM_QDqtzH29AuD5OTM14kriw@mail.gmail.com>
Subject: need help SVN authentication to SAMBA PDC
From: Ken Fischer <kenneth.a.fischer@gmail.com>
To: users@subversion.apache.org
Content-Type: text/plain; charset=UTF-8
X-Virus-Checked: Checked by ClamAV on apache.org

Hello all,

I'm in need of some help getting my subversion server to allow me to
domain authentication.  I sent something to the mailing list last
night but it seems to not show up anywhere and I only now just
subscribed, so I apologized if someone has already responded.  Please
cc me in any response.


I have setup a CentOS 6.5 machine running samba to act as my primary
domain controller.  I then setup another CentOS 6.5 machine to act as
my subversion server, and using winbind I was able to join that
machine to the domain following this tutorial:

https://www.youtube.com/watch?v=c-vWAaocRU0

On the subversion server I am using Apache subversion with Apache 2.2.15.

Below is my subversion.conf script, which includes some commented out
previous attempts.  Basically what happens is that I go to a client
machine, navigate to /svn/svn/mytestproj in firefox, and attempt to
log in.  This works fine with basic authentication.  When I try to use
domain authentication I get the login prompt, I type in
TESTLAB\kfischer as my username and enter my password.  It seems to
reject this and immediately prompts me for the password again (no
warning or error message).  After three attempts I eventually get an
Authorization Required message.

New information:  I checked the /var/log/httpd/error_log and it is
telling me I have a password mismatch.  I'm sure I am using the right
password so there must be something else going on.

Anyone have any ideas on what I am doing wrong?  Your help is greatly
appreciated!

Best regards,
Ken


####################START SCRIPT##################################
#Load Apache LDAP Modules
LoadModule ldap_module          modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

#Load Subversion Apache Modules
LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

#Load winbind module.... commented out now since this didn't work
#LoadModule auth_ntlm_winbind_module
/usr/lib/apache2/modules/mod_auth_ntlm_winbind.so


#Work around for authz and SVNListParentPath issue
RedirectMatch ^(/repos)$ $1/

#Enable Subversion Logging
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION

<Location /svn>
  DAV svn
  SVNParentPath /var/www/svn
  SVNListParentPath On
  SVNAutoversioning On
  AuthType Basic
  AuthName "TESTLAB"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPBindDN "CN=ldapbind,CN=Users,DC=TESTLAB,DC=LBTE"
  AuthLDAPBindPassword ldapbind!12
  AuthLDAPURL "ldap://testlab.lbte:3268/DC=TESTLAB,DC=LBTE?sAMAccountName?sub?(ObjectClass=*)"
  Require valid-user
</Location>

####  FAILED PREVIOUS ATTEMPTS
#<Location /svn>
#---trying to use mod_auth_ntlm_winbind
#  DAV svn
#  AuthName "TESTLAB.LBTE"
#  NTLMAuth on
#  NegotiateAuth on
#  NTLMAuthHelper "/usr/bin/ntlm_auth --domain=testlab.lbte
--helper-protocol=squid-2.5-ntlmssp"
#  NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
#  NTLMBasicAuthoritative on
#  AuthType NTLM
#  AuthType Negotiate
#  require valid-usr
#  SVNParentPath /var/www/svn
#  SVNListParentPath on

#----attempt at LDAP----------------------------------------------------------
#  DAV svn
#  SVNParentPath /var/www/svn
#  SVNListParentPath on

#  order allow,deny
#  allow from all
#  Options Indexes
#  AuthzLDAPAuthoritative On

#  AuthName "TESTLAB.LBTE"
#  AuthType Basic
#  AuthBasicProvider ldap
#  AuthzLDAPAuthoritative On

#  AuthLDAPBindDN "CN=ldapbind,CN=linuxusers,DC=testlab,DC=lbte"
#  AuthLDAPBindPassword "ldapbind!12"

#  AuthLDAPURL "ldap://testlab.lbte:3268/DC=testlab,DC=lbte?sAMAccountName?sub?(objectClass=*)"
NONE
#  Require ldap-group CN=linuxusers,OU=Groups,DC=testlab,DC=lbte

#--BASIC CONFIGURATION---THIS DOES WORK I JUST HAVE IT DISABLED RIGHT
NOW----------------------------------

#  DAV svn
#  SVNParentPath /var/www/svn
#  AuthType Basic
#  AuthName "Subversion repositories"
#  AuthUserFile /etc/svn-auth-users
#  Require valid-user


#</Location>
################################################################################################