Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hi Everyone, I am encountering a strange error in which I can use the ext protocol (with sspi) to connect to a CVSNT server (running on Windows 2003 Server), but only with a client version that is earlier than the version that the server is running. I have been able to replicate the problem from the client side on two different WindowsXP Pro machines. The details: CVSNT Server: Windows 2003 Server CVSNT version 2.5.03.2382 server belongs to domain "DOMAIN" passwd file in CVSROOT directory of repository /CVS_REPO: USER:!DOMAIN Client machine: Windows XP Pro machine belongs to domain "DOMAIN" CVSNT versions: 2.5.03.1927 and 2.5.03.2382 extnt.ini: [CVS_SERVER] protocol=sspi hostname=CVS_SERVER directory=/CVS_REPO Here is how I produce the problem: with CVSNT 2.5.03.2382 installed: cvs -d :sspi:DOMAIN\USER at CVS_SERVER:/CVS_REPO login (enter my password, no errors returned) cvs -ttt -d :sspi:DOMAIN\USER at CVS_SERVER:/CVSREPO ls 12:19:12: -> Tracelevel set to 3. PID is 304 12:19:12: -> Session ID is 13044ecaa300d25 12:19:12: -> Session time is Wed Aug 23 19:19:12 2006 12:19:12: -> Loading protocol sspi as sspi.dll 12:19:12: -> CLibraryAccess::Load loading C:\PROGRA~1\CVSNT/protocols/sspi.dll 12:19:12: -> main loop with CVSROOT=:sspi:DOMAIN\USER at CVS_SERVER:/CVSREPO 12:19:13: -> Server codepage is CP1252 12:19:13: -> Client codepage is CP1252 12:19:13: -> Server version is CVSNT 2.5.03 (Scorpio) Build 2382 12:19:13: -> Client version is CVSNT 2.5.03 (Scorpio) Build 2382 (I get a valid listing of modules in CVS_REPO) cvs -ttt -d :ext:DOMAIN\USER at CVS_SERVER:/CVSREPO ls 12:02:51: -> Tracelevel set to 3. PID is 2384 12:02:51: -> Session ID is 95044eca65b00a1 12:02:51: -> Session time is Wed Aug 23 19:02:51 2006 12:02:51: -> Loading protocol ext as ext.dll 12:02:51: -> CLibraryAccess::Load loading C:\PROGRA~1\CVSNT/protocols/ext.dll 12:02:51: -> main loop with CVSROOT=:ext:DOMAIN\USER at CVS_SERVER:/CVSREPO [extnt] Authentication failed with CVSNT 2.5.03.1927 installed: cvs -d :sspi:DOMAIN\USER at CVS_SERVER:/CVS_REPO login (enter my password, no errors returned) cvs -d :sspi:DOMAIN\USER at CVS_SERVER:/CVS_REPO ls (listing of modules in CVS_REPO returned) cvs -d :ext:DOMAIN\USER at CVS_SERVER:/CVS_REPO ls (listing of modules in CVS_REPO returned) I enabled server log output on the server and looked at the resulting logs. When I try to use a 2.5.03.1927 client and the ext protocol, the relevant section of the server log looks like this: 11:50:11: S -> Domain found: DOMAIN 11:50:11: S -> CVS Server is acting as member of domain 'DOMAIN' 11:50:11: S -> Client sent 'BEGIN SSPI' 11:50:11: S -> FindPrototocol(BEGIN SSPI) 11:50:11: S -> EnumerateProtocols: C:\PROGRA~1\CVSNT/protocols 11:50:11: S -> Loading protocol sspi as sspi.dll 11:50:11: S -> CLibraryAccess::Load loading C:\PROGRA~1\CVSNT/protocols/sspi.dll 11:50:11: S -> Checking protocol sspi 11:50:11: S -> Checking key SspiProtocol 11:50:11: S -> Authentication protocol returned user(DOMAIN\USER) 11:50:11: S -> Impersonating preauthenticated user using protocol specific impersionation 11:50:11: S -> wnt_chmod(C:\WINDOWS\TEMP/cvs-serv5828,0700) 11:50:11: S -> Client compatibility level is 1 However, when I try it with a 2.5.03.2382 client and the ext protocol, the server log looks like this: 12:02:34: S -> Domain found: DOMAIN 12:02:34: S -> CVS Server is acting as member of domain 'DOMAIN' 12:02:34: S -> Client sent 'BEGIN SSPI' 12:02:34: S -> FindPrototocol(BEGIN SSPI) 12:02:34: S -> EnumerateProtocols: C:\PROGRA~1\CVSNT/protocols 12:02:34: S -> Loading protocol sspi as sspi.dll 12:02:34: S -> CLibraryAccess::Load loading C:\PROGRA~1\CVSNT/protocols/sspi.dll 12:02:34: S -> Checking protocol sspi 12:02:34: S -> Checking key SspiProtocol 12:02:35: S -> Unloading sspi 12:02:35: S -> Couldn't find a matching authentication protocol I have read in previous posts that there was a problem with earlier versions of the CVSNT server (2.0.x) that could be solved by forcing the sspi protocol to use NTLM instead of Kerberos, but I have forced sspi to use both NTLM and Kerberos successfully so I don't think that I'm having the same problem. Is anyone else having similar issues? Does anything in the above listings seem like it is misconfigured? thanks, Nathan