Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
[Tony Hoyle] | NT Security enforces permission checks on impersonated accounts | that mean that | you can't access the network. I'm surprised it works in pserver, since it | shouldn't (unless you have impersonation disabled, which would | normally affect | sspi too). Impersonation is in fact disabled, and as I said, pserver works fine, SSPI doesn't. The strange thing is that in SSPI mode the network is accessed by CvsNT (the CVSROOT/config file on the shared resource is demonstrably accessed), but a checkout returns with permission denied. [Tony Hoyle] | There is a way around it on Active Directory - you can give the user (or | service, can't remember which) delegation authority which gives | network access | as an impersonated user, however this weakens the security model | somewhat and | admins are understandably reluctant to do it. I'm the administrator of this configuration, and I just want it to work before I consider the security implications. [Tony Hoyle] | Basically, if you want to put the repository on a shared drive, | despite all | the recommendations against it, you must: | | (a) run the service as a normal user with access to the shared resource, | (b) disable impersonation That's what I do! I've even tried to run the service as the same user as the one logging on to CVS in addition to granting that user all administrator priviliges. Still won't work. Any more ideas? Thanks. -- Thomas ************************************************************************* Copyright ERA Technology Ltd. 2003. (www.era.co.uk). All rights reserved. The information supplied in this Commercial Communication should be treated in confidence. No liability whatsoever is accepted for any loss or damage suffered as a result of accessing this message or any attachments. ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________