Configure SVN with Apache and AD authentication
The tortoise client does not work with http, it has to be https when we use mod_ntlm in Linux. Following are steps to configure SVN with https wih Apache on Linux to work with tortoise svn client and with web browser on Windows/Linux:
We will use the Apache httpd that comes with the distribution with ssl:
Ensure atleast openssl-0.97 is available.
Hostname: svnreposerver
Server version: Apache/2.2.3
Openssl version: openssl097a
Subversion version: 1.6.0
Neon version: 0.28.4
1. Yum update httpd-devel for mod_ntlm
2. Yum update mod_dav_svn for mod_dav_svn.so authz_mod_dav.so
3. Download sqlite-amalgamation-3.6.11 untar it.
4. Download neon-0.28.4 for subversion compilation with ssl
5. Download subversion-1.6.0 and untar it.
6. Copy sqlite-amalgamation/sqlite3.c inside subversion-1.6.0/sqlite-amalgamation/sqlite3.c, create the directory if required.
7. Compile neon with ssl support (./configure --with-ssl, make make install)
8. Compile subversion with neon (Take a backup of /usr/local/lib, ./configure --with-neon=/usr/local/ , make , make install)
9. Change the user and group to svn in httpd.conf
10. Download and untar mod_ntlm2-0.1 and insert the following statement at the start of the function RFCNB_Session_Req located at smbval/rfcnb-util.inc.c
char name[strlen(Called_Name)+1];
strcpy(name, Called_Name);
char *p =strtok(name, ".");
memset(Called_Name, 0, strlen(Called_Name)+1);
strcpy(Called_Name, name);
This is for a small bug in mod_ntlm module which sends hostname for NT authentication rather than NetBIOS name.
11. Change the APXS and APACHECTL path to the apxs and apachectl corresponding to the apache distribution inside the Makefile for mod_ntlm.
12. Make and make install. Add the following line below the LoadModule line in httpd.conf
LoadModule ntlm_module /usr/lib/httpd/modules/mod_ntlm.so
if not already present. Replace the entry /usr/lib/httpd with whatever valid.
13. Enable KeepAlive in httpd.conf for ntlm to work.
14. Ensure the hostname is registered in DNS and enter the corresponding hostname in httpd.conf file
15. Enter the hostname in conf.d/ssl.conf in ServerName section inside virtual host configuration:
ServerName svnreposerver:443
16. Ensure the entry SSLCertificateFile and SSLCertificateKeyFile are not hashed out and points to a existing crt and key file
17. Enter the following inside virtual host section in ssl.conf file
DAV svn
SVNPath /svn/svn_repos/test
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain XYZ.COM
NTLMServer ADServer
Require valid-user
where /svn/svn_repos/conf/test points to the repository.
This is for everybody in domain authenticating with AD for access to the above repository.
18. /etc/resolv.conf should contain the vaild dns entry for XYZ.com
search XYZ.com
nameserver IP
nameserver IP
19. /etc/hosts entries should be proper
20. The owner of the repository should be the svn user or whatever apache is configured to as in section 9.
21. Configure the svn_access file for the repository to have the AD username (Do not include the domain name as part of the user)
21. Start httpd and point your browser to https://svnreposerver/svn/svn-repo
We will use the Apache httpd that comes with the distribution with ssl:
Ensure atleast openssl-0.97 is available.
Hostname: svnreposerver
Server version: Apache/2.2.3
Openssl version: openssl097a
Subversion version: 1.6.0
Neon version: 0.28.4
1. Yum update httpd-devel for mod_ntlm
2. Yum update mod_dav_svn for mod_dav_svn.so authz_mod_dav.so
3. Download sqlite-amalgamation-3.6.11 untar it.
4. Download neon-0.28.4 for subversion compilation with ssl
5. Download subversion-1.6.0 and untar it.
6. Copy sqlite-amalgamation/sqlite3.c inside subversion-1.6.0/sqlite-amalgamation/sqlite3.c, create the directory if required.
7. Compile neon with ssl support (./configure --with-ssl, make make install)
8. Compile subversion with neon (Take a backup of /usr/local/lib, ./configure --with-neon=/usr/local/ , make , make install)
9. Change the user and group to svn in httpd.conf
10. Download and untar mod_ntlm2-0.1 and insert the following statement at the start of the function RFCNB_Session_Req located at smbval/rfcnb-util.inc.c
char name[strlen(Called_Name)+1];
strcpy(name, Called_Name);
char *p =strtok(name, ".");
memset(Called_Name, 0, strlen(Called_Name)+1);
strcpy(Called_Name, name);
This is for a small bug in mod_ntlm module which sends hostname for NT authentication rather than NetBIOS name.
11. Change the APXS and APACHECTL path to the apxs and apachectl corresponding to the apache distribution inside the Makefile for mod_ntlm.
12. Make and make install. Add the following line below the LoadModule line in httpd.conf
LoadModule ntlm_module /usr/lib/httpd/modules/mod_ntlm.so
if not already present. Replace the entry /usr/lib/httpd with whatever valid.
13. Enable KeepAlive in httpd.conf for ntlm to work.
14. Ensure the hostname is registered in DNS and enter the corresponding hostname in httpd.conf file
15. Enter the hostname in conf.d/ssl.conf in ServerName section inside virtual host configuration:
ServerName svnreposerver:443
16. Ensure the entry SSLCertificateFile and SSLCertificateKeyFile are not hashed out and points to a existing crt and key file
17. Enter the following inside virtual host section in ssl.conf file
DAV svn
SVNPath /svn/svn_repos/test
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain XYZ.COM
NTLMServer ADServer
Require valid-user
where /svn/svn_repos/conf/test points to the repository.
This is for everybody in domain authenticating with AD for access to the above repository.
18. /etc/resolv.conf should contain the vaild dns entry for XYZ.com
search XYZ.com
nameserver IP
nameserver IP
19. /etc/hosts entries should be proper
20. The owner of the repository should be the svn user or whatever apache is configured to as in section 9.
21. Configure the svn_access file for the repository to have the AD username (Do not include the domain name as part of the user)
21. Start httpd and point your browser to https://svnreposerver/svn/svn-repo
Comments
Post a Comment