[cvsnt] SSPI permissions issues

David Joy davidj at boundlessgallery.com
Fri Dec 12 23:11:09 GMT 2003 

> When I have heard someone on this list say "you are using XP Home" , I
have
> often heard someone else say soon after "you are using Simple
(recommended)
> Sharing on XP Pro".  As nobody has said it yet, I thought I would :-)
>
> Disable Simple (recommended) Sharing on the server and see if it corrects
> your issue.  The option can be found in Explorer (not MSIE), in Tools ->
> Folder Options -> View -> Advanced Settings
>

Yeah, I was definitely missing that.  So I can set the permissions now, and
I think they match the ones in Glen's SetACLS document.

The problem I'm having seems to be similar to Richard's in the "Newbie
question" thread.  The client machine will always try to login as "Guest" no
matter what I do.

I've created a username on the server machine that matches the username
that's logged in to XP on the client machine, and made sure that it has the
proper permissions, as mentioned above.  It's part of a group, etc.  The
"Guest" account doesn't have any permissions on the repository (or temp
folder), however, so whenever I try to login I simply get the "permission
denied" message.

If I disable the guest account (and also set
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest in the
registry to false), I then get a "Authentication protocol rejected access"
message instead.  I also get the same if I leave forceguest true - which is
the default.  This sounds like I'm just getting rejected outright since
"Guest" has disappeared.

I'm not sure how to get the server to understand that I really, really don't
want it to use "Guest", no matter how much it would love to.  "Server side
support for ntserver protocol", impersonation, and "use local users for
pserver authentication instead of domain users" are all enabled, if any of
them happen to make a difference.  Encryption/Compression are both set to
Optional, though I doubt the latter would have anything to do with it.

The client is trying to connect with the following cvsroot:
:sspi:<servername>:/test

Is it possible that I need a username/pass or anything in there?  There is
no passwd file currently.

More information about the cvsnt mailing list