[cvsnt] SSPI authentication from Windows7 client

Bo Berglund Bo.Berglund at system3r.com
Mon Oct 12 13:23:51 BST 2009


I made another test:
With the help of the IT department I attached the Win7 workstation to our domain.
then I logged in using my domain account and tested with sspi.

This time it does work!

So at least we know that domain attached Win7 PC:s will be able to use the CVSNT
repository... 


Bo Berglund
Automation Systems Development
-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf Of Bo Berglund
Sent: den 12 oktober 2009 09:41
To: CVS-NT List (cvsnt at cvsnt.org)
Subject: Re: [cvsnt] SSPI authentication from Windows7 client

 
Tony,
Now I am at work and I *cannot* see your reply from last week in my inbox.
It looks like whatever one does towards the cvsnt newsserver does NOT get 
relayed back to the mail list!

Anyway, you suggested that my problem was caused by my setting 
the Win7 PC workgroup name to the same as our domain (SYSTEM3R).
So this morning I have changed the workgroup to WRKGR3R and restarted Win7.

No difference at all!
This is what I get when I try:

C:\Users\bob>set CVSROOT=:sspi:3rappl01:/3RProj

C:\Users\bob>cvs ls CVSROOT
cvs [ls aborted]: Error reading from server 3rappl01: -1: Unknown error

C:\Users\bob>set CVSROOT=:sspi:bob at 3rappl01:/3RProj

C:\Users\bob>cvs login
Logging in to :sspi:bob at 3rappl01:2401:/3RProj
CVS Password:
cvs [login aborted]: Error reading from server 3rappl01: -1: Unknown error

C:\Users\bob>set CVSROOT=:pserver:bob at 3rappl01:/3RProj

C:\Users\bob>cvs ls CVSROOT
Listing module: CVSROOT

checkoutlist
commit_email

As you can see I *have* network connection but SSPI is not working!

I also tried one of the commands with tracing on:

C:\Users\bob>set CVSROOT=:sspi:3rappl01:/3RProj

C:\Users\bob>cvs -ttt ls CVSROOT
09:39:06:   -> Tracelevel set to 3.  PID is 4064
09:39:06:   -> Session ID is fe04ad2dd1a39b6
09:39:06:   -> Session time is Mon Oct 12 07:39:06 2009
09:39:06:   -> Loading protocol sspi as sspi.dll
09:39:06:   -> CLibraryAccess::Load loading C:\Programs\Cvsnt/protocols/sspi.dll

09:39:06:   -> main loop with CVSROOT=:sspi:3rappl01:/3RProj
cvs [ls aborted]: Error reading from server 3rappl01: -1: Unknown error

And to recapitulate, my CVSNT versions are as follows:

CVSNT Configuration information:
Client: Concurrent Versions System (CVSNT) 2.5.03 (Scorpio) Build 2382 (client/server)
Server: Concurrent Versions System (CVSNT) 2.5.03 (Scorpio) Build 2382 (client/server)

Bo Berglund

-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf Of Bo Berglund
Sent: den 9 oktober 2009 13:29
To: CVS-NT List (cvsnt at cvsnt.org)
Subject: [cvsnt] SSPI authentication from Windows7 client

I tried posting a question about Win 7 on the cvsnt newsserver yesterday, but it seems like it is not relayed to the mailing list. :-(

So now I try to repeat the post from memory to hopefully get a solution suggestion.


I have created a development virtual machine (VMWare Workstation 6.5.3) with Windows 7 Enterprise RTM.
Here I have installed all of the dev tools we use in the company (Delphi compiler, WinCvs, CVSNT Client etc).

When I go to check out a project module from our corporate CVSNT server I fail to get connection to the server.
I get an exit error code -1 and server rejected connection message...

I have tried the following CVSROOT settings:
  :SSPI:cvsserver:/Repo       (any cvs command using this root fails)

C:\Users\bob>cvs -d :sspi:3rappl01:/3RProj ls
cvs [ls aborted]: Error reading from server 3rappl01: -1: Unknown error

and
  :SSPI:user at cvsserver:/Repo  (in this case I have first issued the cvs login command but it too fails)

C:\Users\bob>cvs -d :sspi:bob at 3rappl01:/3RProj login
Logging in to :sspi:bob at 3rappl01:2401:/3RProj
CVS Password:
cvs [login aborted]: Error reading from server 3rappl01: -1: Unknown error


Since I have set up one single pserver user also on this server I next tested this:
  :pserver:user at cvsserver:/Repo

Now I was able to first do cvs login and then check out the module I needed.

Here is an ls command example
C:\Users\bob>cvs -d :pserver:bob at 3rappl01:/3RProj ls CVSROOT
Listing module: CVSROOT

checkoutlist
commit_email
commitinfo
config
....


So by bypassing built-in authentication with SSPI it is possible to use CVSNT from Windows7.
This is not a valid scenario in our case though because I am the only person with a pserver login (being the CVS admin). All standard users are supposed to use SSPI.
Since they are still now on XP-Pro it is not a big deal yet, but when migrating to new PC:s with Win7 it may become a problem.

CVSNT Configuration information:
Client: Concurrent Versions System (CVSNT) 2.5.03 (Scorpio) Build 2382 (client/server)
Server: Concurrent Versions System (CVSNT) 2.5.03 (Scorpio) Build 2382 (client/server)

Workstation configuration:
OS: Windows 7 Enterprise 32 bit RTM
Connected to a workgroup with the same name as the domain (we can't attach virtual machines to the domain)
Account on Win7 created with the exact same username/password as exists on the domain

So this raises some interesting questions concerning the CVSNT connectivity and Windows7:
- In XP SSPI works fine provided that the XP machine is attached to the domain the server is attached to
- But it also works fine if the XP PC is attached to a workgroup by the same name as the domain and the local user account uses the same login name and password as on the domain.
- On Windows 7 it seems like it is not possible to use SSPI in either mode

What is the alternative solution to this dilemma?

Bo Berglund
Automation Systems Development

System 3R International AB
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/


More information about the cvsnt mailing list