(Keep me CC'ed please, I'm currently not subscribed to this list) Greetings!
Below is a mail I initially sent to the Subversion mailinglist, but I haven't gotten any response from there yet, so I wanted to ask if you could help me out perhaps, or at least help me determine where (Squid/NTLM/neon/Subversion) the error is. Note that the svn client is using neon 0.26. thanks! Uli >> original mail following >> I'm currently trying to get a machine to access a repository via a proxy. The details are: - proxy is squid, with the REPORT MERGE MKACTIVITY CHECKOUT request types added to the configuration. Note that 'PROPFIND' is not included, but according to the FAQ it shouldn't need to. - Subversion is a vanilla Debian/testing in version 1.4.2. ra_dav is compiled in as access method. Note that initially the problems occurred with a MS Windows machine, but were reproduced on Debian for better debugging tools. - The proxy requires authentication. I have entered the same proxy in konqueror on that machine and it automatically asks for a username and password. - The repository is http://stlport.svn.sourceforge.net/svnroot/stlport. I also tried the same with https://. It works in both cases if I don't use the proxy. It is also public, in case you want to try yourselves. Now, what makes me suspect a bug is this: I have run svn with strace, and I haven't seen any login attempts (or anything that looks like one). In fact svn tries several times a PROPFIND and each time the proxy answers "HTTP/1.0 407 Proxy Authentication Required .." ..which is also the error message that svn displays (minus the "HTTP/1.0"). BTW: if you use a https:// URL, the error message is rather "Could not create SSL connection through proxy server .." although the error message from the proxy is the same! This isn't exactly helpful when trying to find out what is going wrong. Anyway, this is not the immediate problem, I just wanted to mention it. Now, using the neon-debug-flags and strace, I see that Subversion/Neon notices that some authentication is required: > ah_create, for Proxy-Authenticate > ah_create, for WWW-Authenticate > ah_post_send (#0), code is 407 (want 407), Proxy-Authenticate is NTLM, > Basic realm="vProxy server" auth: Got challenge (code 407). > auth: Ignoring 'NTLM' challenge. > auth: Got 'Basic' challenge. > auth: Trying Basic challenge... > auth: Sending 'Basic' response. > [...] > ah_post_send (#10), code is 407 (want 407), Proxy-Authenticate is NTLM, > Basic realm="vProxy server" auth: Got challenge (code 407). > auth: Ignoring 'NTLM' challenge. > auth: Got 'Basic' challenge. > auth: Trying Basic challenge... > auth: No challenges accepted. > svn: PROPFIND request failed on '/svnroot/stlport' > svn: PROPFIND of '/svnroot/stlport': 407 Proxy Authentication Required > (http://stlport.svn.sourceforge.net) The interesting thing here is that it only seems to consider the 'basic' challenge and not NTLM. From the README I gather that Neon supports 'basic' and 'digest' authentication, so NTLM is simply not implemented? I'm not sure what the differences are, but if squid is configured to refuse the basic variant, this will obviously fail. Since this is in a MS Windows network, authentication is with the domain/username/password from the windows logon (tried with konqueror). The squid docs have something to say about getting those to work together, and it involves NTLM, but this is far beyond my skills now. Does anybody have a clue how I could pin down where the problem lies? Thanks and a happy weekend! Uli -- ML: http://subversion.tigris.org/mailing-list-guidelines.html FAQ: http://subversion.tigris.org/faq.html Docs: http://svnbook.red-bean.com/ Sator Laser GmbH Geschäftsführer: Ronald Boers Steuernummer: 02/892/02900 Amtsgericht Hamburg HR B62 932 USt-Id.Nr.: DE183047360 ************************************************************************************** Visit our website at <http://www.satorlaser.de/> ************************************************************************************** Diese E-Mail einschließlich sämtlicher Anhänge ist nur für den Adressaten bestimmt und kann vertrauliche Informationen enthalten. Bitte benachrichtigen Sie den Absender umgehend, falls Sie nicht der beabsichtigte Empfänger sein sollten. Die E-Mail ist in diesem Fall zu löschen und darf weder gelesen, weitergeleitet, veröffentlicht oder anderweitig benutzt werden. E-Mails können durch Dritte gelesen werden und Viren sowie nichtautorisierte Änderungen enthalten. Sator Laser GmbH ist für diese Folgen nicht verantwortlich. ************************************************************************************** _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
