[Samba] svn access via apache with ntlm authentication

Thomas Fazekas thomas.fazekas at gmail.com
Wed Oct 17 17:59:23 GMT 2007 

My setup :

Debian Etch i386

httpd-2.0.61 configured with the following command
"./configure --prefix=/opt/httpd-2.0.61 --with-mpm=worker --enable-so
--enable-dav=shared
--enable-unique-id=shared --enable-version=shared --enable-ssl=shared
--enable-info=shared
--enable-cgi=shared --enable-rewrite=shared --enable-cache=shared --
enable-disk-cache=shared --enable-deflate=shared"

subversion-1.4.5 configured with the following
"./configure --prefix=/opt/subversion-1.4.5 --with-apr=/opt/
httpd-2.0.61 --with-apr-util=/opt/httpd-2.0.61 --with-apxs=/opt/
httpd-2.0.61/bin/apxs"

mod_auth_ntlm_winbind AFAIK the latest version compiled with
"/opt/httpd-2.0.61/bin/apxs -DAPACHE2 -c -i mod_auth_ntlm_winbind.c"

Now, AFAIT everything is working well... separately !
Apache serves documents,
svn works for anonymous access with the following config :

<Location /svn/repos>
   DAV svn
   SVNPath /mnt/data/rep/svn
</Location /svn/repos>

I can check out projects from the repository

Then I've tested the NTLM authentication with

Alias /ntlmtest/ "/mnt/data/docuwiki/"
<Directory "/mnt/data/docuwiki">
 AuthName "NTLM Authentication"
 NTLMAuth on
 NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
 NTLMBasicAuthoritative on
 AuthType NTLM
 require valid-user
</Directory>

This works just fine, the browser prompts for the username and
password, and ntlm authenticates against our PDC

Now my problem is with the svn + NTLM combination
If I have in my httpd.conf
<Location /svn/repos>
   DAV svn
   SVNPath /mnt/data/rep/svn
   AuthName "NTLM Authentication"
   AuthType NTLM
   NTLMAuth on
   NTLMBasicAuthoritative on
   NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
   require valid-user
</Location>

and I do "svn co http://svnhost/svn/repos/test" ,
it seems to me that the server doesn't even bother calling the
ntlm_winbind module for authentication...
There are no logs or any trace of related messages and all I get is
svn: PROPFIND request failed on '/svn/repos/test'
svn: PROPFIND of '/svn/repos/test': authorization failed (http://
svnhost)
at the client side.

Any ideas ?

Thomas

More information about the samba mailing list