Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Matija, OK - after a lot of fiddling around I think the problem is that you started trying to do this with 2.5.03 then upgraded to 2.5.04 without deleting the passwd file and starting again. If you start with 2.5.04 the error messages make the problem very clear. The alternative is that you only wrote half the error message and the problem is actually RunAsUser. I strongly recommend that you start by reading the manual: http://cvsnt.org/manual/html/Remote-repositories.html#Password-authentic ated What you said you did was this: > 1. I create a repository - set it as default and initialise. > 2. in the console I set "cvsroot=:sspi:host:/repository" > 3. add cvsuser: "cvs passwd -a cvsuser" and set its password > 4. I create alias users: "cvs passwd -r cvsuser -a user1" > 5. set "cvsroot=:pserver:user1 at host:/repository" > 6. try to login with "cvs login" That simply cannot work. Basically you can either use 'system authentication' (ie: windows active directory) or you can use passwd authentication. You can optionally use passwd authentication but there still needs to be an active directory user. So following your steps I get clear error messages indicating the problem: C:\Documents and Settings\Administrator.T3>set CVSROOT=:sspi:xp64test:/repo C:\Documents and Settings\Administrator.T3>echo %CVSROOT% :sspi:xp64test:/repo C:\Documents and Settings\Administrator.T3>cvs passwd -a cvsuser Adding user cvsuser at xp64test New Password: Verify Password: cvs server: *WARNING* CVS user 'cvsuser' will not be able to log in until they are aliased to a valid system user. C:\Documents and Settings\Administrator.T3>cvs passwd -r cvsuser -a user1 Adding user user1 at xp64test New Password: Verify Password: cvs [server aborted]: User 'cvsuser' is not a real user on the system. Now I can turn systemauth off in CVSROOT/config at which point I should in theory be able to log in as cvsuser, but clarly that wont work: C:\Documents and Settings\Administrator.T3>set CVSROOT=:pserver:cvsuser at xp64test:/repo C:\Documents and Settings\Administrator.T3>cvs login Logging in to :pserver:cvsuser at xp64test:2401:/repo CVS Password: Fatal error, aborting. cvs [login aborted]: cvsuser: no such user So I also need to use the CVSNT Server Control Panel Server Settings tab to change the "run as user" setting to something other than "client user". If I do that I get a new error: C:\Documents and Settings\Administrator.T3>cvs login Logging in to :pserver:cvsuser at xp64test:2401:/repo CVS Password: Fatal error, aborting. cvs [login aborted]: XP64TEST\Administrator: Switch to user failed due to configuration error. Contact your System Administrator. And the ServerTraceFile shows: 21:43:18: S -> Checking protocol pserver 21:43:18: S -> Checking key PserverProtocol 21:43:18: S -> Authentication protocol :pserver: returned user cvsuser 21:43:18: S -> User in CVSROOT/passwd, password correct 21:43:18: S -> Host user is cvsuser 21:43:18: S -> win32switchtouser(XP64TEST\Administrator) 21:43:18: S -> win32getpwnam(XP64TEST\Administrator) 21:43:18: S -> Find netapi32.dll with the symbol DsGetDcNameW 21:43:18: S -> Call GetComputerNameW 21:43:18: S -> Authenticating server: (local) 21:43:18: S -> Trying S4u... 21:43:18: S -> S4U untranslated name: XP64TEST\Administrator 21:43:18: S -> IADS query failed: Name translation: Could not find the name or insufficient right to see name. 21:43:18: S -> S4U login returned 00000001 21:43:18: S -> Trying Setuid helper... (XP64TEST\Administrator) 21:43:18: S -> SuidGetImpersonationToken returned 00000554 21:43:18: S -> Trying NTCreateToken... 21:43:18: S -> NTCreateToken failed 21:43:18: S -> Eraseing pserver As can be seen it is the NTCreateToken function that is failing. The user right SeCreateTokenPrivilege (Create a Token) is requited to call NTCreateToken - on most/many editions of Windows this is already assigned to the local system account. On XP x64 I believe that you may need to add it using the Local Security Policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment. Once that is done then restart the computer and then open the CVSNT Server Control Panel and set the RunAsUser on the Server Settings tab to a "normal" domain user (not an admin account). I couldn't get it to work unless the RunAsUser was set to a domain account - but that may be because I'm on a domain... Now alternatively if I follow the "normal" procedure and create an alias user to a system user (with systemauth=yes and runasuser=clientuser) then it all works OK without any of that fiddling around with RunAsUser and Token rights: C:\Documents and Settings\Administrator.T3\CVSROOT>set CVSROOT=:sspi:xp64test:/repo C:\Documents and Settings\Administrator.T3\CVSROOT>cvs passwd -r abarrett -a cvszuser Adding user cvszuser at xp64test New Password: Verify Password: C:\Documents and Settings\Administrator.T3\CVSROOT>set CVSROOT=:pserver:cvszuser at xp64test:/repo C:\Documents and Settings\Administrator.T3\CVSROOT>cvs login Logging in to :sspi:Administrator at xp64test:2401:/repo CVS Password: > The problem persist only on win xp pro 64bit. The same > procedure on the same machine on xp pro 32bit works > without a problem - but the 32bit system is > not an option... I suspect what you are seeing with the 32 bit system is 2.5.03 performing badly - as far as I can tell 2.5.04 on x32 and x64 are both performing identically and correctly. It may be easier to bypass all this token stuff if we switched from using setuid.dll to use cyglsa64.dll and modify the calling codein trysuid() of cvsnt/Windows-NT/win32.cpp: http://cygwin.com/cgi-bin/cvsweb.cgi/src/winsup/lsaauth/?cvsroot=src All my testing was done using the 2.5.04 minimum server installer form the web site and a clean install of XP x64 (no patches or servicepacks). Regards, Arthur Barrett