Hello, We use TortoiseSVN from windows XP SP3 clients (required by corporate policy) to connect to repos on windows server 2003:-
Apache/2.2.17 (Win32) DAV/2 mod_ssl/2.2.17 OpenSSL/0.9.8o mod_wsgi/3.3 Python/2.6.4 SVN/1.6.15 I have one single user (amongst 15 or so) who is experiencing authentication issues and need some help in working out what is wrong for him alone. Background: We moved to svn and Trac about 18 months ago (when I joined) and I have configured everything. We started using mod_sspi for authentication as I could not understand (nor get local help for) the decorated names etc used by LDAP. That was working but then this one user stopped being able to use svn at all. As he had trouble accessing the server at all (which uses SSL and global authentication) I blamed SSPI and finally found the info I needed to get LDAP working against our Active Directory forest. My user can now access the server and browse the source tree fine (I use the TortoiseSVN xslt config and each department has their own parentpath set of repos). However, he still cannot checkout or update. From using tortoise we installed svn command line that we use on the server (from alagazam, thanks David Darj!) and we are seeing the following error: Authentication realm: <https://server.company.net:443> Dept Applications server Password for 'user_a': ********* Authentication realm: <https://server.company.net:443> Dept Applications server Username: domain\user_a Password for 'domain\user_a': ********* Authentication realm: <https://server.company.net:443> Dept Applications server Username: svn: OPTIONS of 'https://server.company.net/svn/dept/project/trunk': authorization failed: Could not authenticate to server: rejected Basic challenge (https://server.company.net) We know the same username/password works against the apache server and we use the same authz file for path based authentication from both apache and subversion direct. All other users work OK, just this one user is having problems. We have cleared all cached data using tortoise then uninstalled and rebooted before re-installing tortoise. We then tried the svn cli again (generating the info above) to make sure it was svn and not specific to tortoise. Here is the sanitised authentication section from httpd conf (I know Basic is plain text but all traffic is redirected to SSL https and the standard client here is IE6): <Location /> Order allow,deny Allow from all AuthName "Dept Applications server" AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative on # The LDAP query URL ~ upgrading to a secure connection once connected... AuthLDAPURL "ldap://adserver:3268/DC=blah,DC=blah,DC=blah?sAMAccountName,mail?sub?(o bjectClass=*)" TLS # Active Directory requires an authenticating DN to access records AuthLDAPBindDN <ad-username> AuthLDAPBindPassword <ad-password> Require valid-user </Location> ...and the department svn root: <Location /svn/dept/> DAV svn SVNIndexXSLT "/subversion/svnindex.xsl" SVNParentPath D:/svn/dept/ SVNListParentPath On # restrict access to subversion repository paths... AuthzForceUsernameCase Lower AuthzSVNAccessFile d:/path-to/svn-users.txt </Location> ...and the relevant bits of svn-users.txt: [aliases] bryanb = user_a # Give all authenticated users read access to the root # NB: use "* = " for all [repo:/] sections to remove access [/] &bryanb = rw user_a = rw ...note that I have granted rights to both the alias and the user's ID to see if that helped (no change). Finally, here are sample errors from the apache log file: [Wed Jan 12 10:06:38 2011] [error] [client ip-address] user user_a: authentication failure for "/svn/dept/project/trunk": Password Mismatch [Wed Jan 12 10:18:42 2011] [error] [client ip-address] user domain\\user_a not found: /svn/dept/project/trunk I do not understand where the 'Password Mismatch' error is coming from, why does that only happen when using subversion and not the browser? I have tried searching for "rejected Basic challenge" (both svn.haxx.se and the wider net) but I've not found anything that hes helped so far. Please can someone help me with where to go next? Many thanks, ~ mark c
