有回复时邮件通知我查看: 4317|回复: 3
求助centos+svn+http+域认证搭建问题
本帖最后由 Truda 于
11:29 编辑
求助centos+svn+http+域认证搭建问题
svn服务器操作系统:centos6.5、IP：192.168.0.2
2003域控名称：、IP：192.168.0.1
yum 安装了subversion、mod_dav_svn、httpd
svn数据路路径、/home/svn/it) x& x! r4 v8 a: d$ Y# r& c( L
关闭了防火墙
/etc/sysconfig/network-scripts/ifcfg-eth0配置如下：
=================================% ^+ d9 H1 M5 A, k0 o0 _/ n1 `0 e
DEVICE=&eth0&" u' r% g, C& H* c! t9 j
BOOTPROTO=&static&
HWADDR=&00:0C:29:A3:18:AE&) A3 q7 b* i% C3 A. m/ [
IPV6INIT=&yes&! P8 s( e/ s) E2 D
NM_CONTROLLED=&yes&
ONBOOT=&yes&2 H! z2 Q! M8 C% X
TYPE=&Ethernet&
UUID=&775dde-8e9b-a869c6f4095b&
BROADCAST=192.168.0.255
IPADDR=192.168.0.2
NETMASK=255.255.255.01 P+ ?$ J2 Q+ D9 z% X7 A
GATEWAY=192.168.0.1! g' V) @&&h9 Y; ~& R
DNS1=192.168.0.1
DNS2=192.168.0.1& && && && && && & #正常3 U) z- ]! C5 Y& p" I% W+ V
=================================
/etc/httpd/conf.d/subversion.conf配置如下：1 S4 b9 ~, y7 s8 e$ W2 i
==================================
&Location /svn/&4 i7 A+ a&&v, t' p: e) c8 n
DAV svn. ~3 S$ ~5 R% o8 N- F3 t
SVNParentPath /home/svn
SVNListParentPath On
#控制文件位置后面编辑
AuthzSVNAccessFile /home/svn/.access
AuthzLDAPAuthoritative off
AuthType Basic
AuthName &subversion server&/ \) C. i- f( F! d6 G7 _&&m4 H
#认证方式使用LDAP' ~( @/ R4 f( e, L& O# X; o' x
AuthBasicProvider ldap
#设置能连接域的用户和密码
AuthLDAPBindDN &cn=svnadmin,ou=svnuser,dc=clearcase,dc=com& #这里的svnadmin是域用户，svnuser是组织单位，且svnadmin在svnuser下
AuthLDAPBindPassword &123456*&
#设置LDAP 服务器位置配置如下
AuthLDAPURL &ldap://192.168.0.1:389/dc=svn,dc=com?sAMAccountName?sub?(objectClass=*)& #域名
Require valid-user
&/Location&
===================================
/home/svn/.access配置如下：( o7 F&&u7 g8 ]
* N, A) H- ^4 U" N8 u4 D&&v
===================================0 Z( J# g4 R. j* I
[groups]& t5 ?/ G6 y7 R# K' H& U. i2 ~
svnadmins = svnadmin,svn
[/]. ^&&p; d4 P) D" K! u
* = rw1 C% J0 ~4 f& J9 B6 U
* = r% ?+ n. G8 t! v* l* I" S4 |- g
@svnadmins = rw' J* D; O. F0 c9 Q
# o: x* m/ u2 c9 U# a' W&&R2 W
===================================
也执行了chmod -R 777 /home/svn 和setfacl -R -m apache:rwx /home/svn
7 A& c& m, L&&B7 @8 J8 H
最终无论是通过网页（）还是客户端形式访问都是一直弹出登录框，已经确认用户名和密码正确
页面报错信息如下：
===================================2 x& {7 R* J( }6 b8 ~5 _
Internal Server Error
8 I# ]2 X3 }* D0 I, ?- \; C( u
The server encountered an internal error or misconfiguration and was unable to complete your request.
$ w/ x, @- x/ C; H4 Z8 g
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
- Q( L! L$ C& B# y$ b7 H
More information about this error may be available in the server error log.
Apache/2.2.15 (CentOS) Server at 192.168.0.2 Port 80
, G4 u2 v( N- O' b&&v
==============================================; M+ i* Z3 w! p, ^
/etc/httpd/logs/error日志显示如下：! v" u( S; g) d
====================================================) ^8 `! f3 ^. c
[Wed May 07 19:15:58 2014] [notice] caught SIGTERM, shutting down
[Wed May 07 19:15:58 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed May 07 19:15:58 2014] [notice] Digest: generating secret for digest authentication ...
[Wed May 07 19:15:58 2014] [notice] Digest: done- q4 |" ~9 J2 Y1 H1 C. `
[Wed May 07 19:15:58 2014] [warn] ./mod_dnssd.c: No services found to register- u4 o8 u, ], ?, V
[Wed May 07 19:15:58 2014] [notice] Apache/2.2.15 (Unix) DAV/2 SVN/1.6.11 configured -- resuming normal operations, q1 f! j. q9 p2 x" @' l, E0 o7 n
[Wed May 07 19:15:59 2014] [notice] caught SIGTERM, shutting down' Z: ^; O+ D- ~6 E
[Wed May 07 19:15:59 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed May 07 19:15:59 2014] [notice] Digest: generating secret for digest authentication .../ D' }&&F&&b&&r& w) w
[Wed May 07 19:15:59 2014] [notice] Digest: done
[Wed May 07 19:15:59 2014] [warn] ./mod_dnssd.c: No services found to register& W* K" B% x&&F- R/ b( a
[Wed May 07 19:15:59 2014] [notice] Apache/2.2.15 (Unix) DAV/2 SVN/1.6.11 configured -- resuming normal operations' g- x, C' P' G3 D
[Wed May 07 19:16:00 2014] [notice] caught SIGTERM, shutting down7 C+ O& I) u6 a: u9 E9 q6 x
[Wed May 07 19:16:01 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed May 07 19:16:01 2014] [notice] Digest: generating secret for digest authentication ...) k$ g$ Z& b( d" Y" x7 ^
[Wed May 07 19:16:01 2014] [notice] Digest: done/ X! V! |* t! g3 K1 `9 Y/ v/ C
[Wed May 07 19:16:01 2014] [warn] ./mod_dnssd.c: No services found to register
[Wed May 07 19:16:01 2014] [notice] Apache/2.2.15 (Unix) DAV/2 SVN/1.6.11 configured -- resuming normal operations
====================================================
补充说一下，如果将文件/etc/httpd/conf.d/subversion.conf中的Require valid-user注释掉，是可以正常访问，也可以上传文件，但是有如下错误：/ d9 @+ ^8 ?4 x) p' A
[Wed May 07 18:32:25 2014] [error] [client 192.168.0.2] Could not fetch resource information.&&[301, #0]
[Wed May 07 18:32:25 2014] [error] [client 192.168.0.2] Requests for a collection must have a trailing slash
补充，在不断输入用户名密码验证后，log日志信息如下：( z5 G% H/ ?: W0 Z
[Wed May 07 04:49:53 2014] [error] [client 192.168.0.2] user svn: authentication failure for &/svn/it&: Password Mismatch
[Wed May 07 04:50:03 2014] [error] [client 192.168.0.2] user svn: authentication failure for &/svn/it&: Password Mismatch
[Wed May 07 04:50:11 2014] [error] [client 192.168.0.2] user svn: authentication failure for &/svn/it&: Password Mismatch" }5 @# I! x) ]; A. y
[Wed May 07 04:50:18 2014] [error] [client 192.168.0.2] user svn: authentication failure for &/svn/it&: Password Mismatch/ L# Y1 H+ R4 d0 z
[Wed May 07 04:50:24 2014] [error] [client 192.168.0.2] user svnadmin: authentication failure for &/svn/it&: Password Mismatch
[Wed May 07 04:50:34 2014] [error] [client 192.168.0.2] user svn: authentication failure for &/svn/it&: Password Mismatch
[Wed May 07 04:50:43 2014] [error] [client 192.168.0.2] user clearcase\\svn: authentication failure for &/svn/it&: Password Mismatch" E' u$ V/ U1 N: e% Q3 l# o
" z3 F6 \. C6 D9 ^# B; f$ a+ a
( }0 |. M& s" P+ @, D
查了好多资料，仍未解决啊，请高手指点。
&Location /svn/&+ I# C5 [( V1 q&&D) ~
& &DAV svn7 ^. R8 ?9 T; Q7 {7 ^( c2 `( B0 Z1 X
& &SVNParentPath /home/svn, t7 s9 A+ ]7 |# q% l
& &SVNListParentPath On
SVNPathAuthz on
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL &ldap://XXXXXXXXX&
AuthLDAPBindDN ldap_name. ~9 }0 T& r$ N1 L3 E5 m7 W
AuthLDAPBindPassword ldap_passwd
& &Options Indexes MultiViews
& &Order allow,deny
& &allow from all
#& &# Limit write permission to list of valid users.4 w/ k$ c0 N6 ]" k9 J&&b+ [; x& Y&&v4 I1 e
#& &&LimitExcept GET PROPFIND OPTIONS REPORT&
#& && &# Require SSL connection for password protection.
#& && &# SSLRequireSSL& u( k- @&&[3 d6 |0 B9 m: K
#) G3 [/ y5 `+ Q
& && &AuthType Basic; F$ T. t3 \! H" U! t# G) R4 m3 Y
& && &AuthName &Subversion&
& && &AuthzSVNAccessFile /home/svn/.access
& && &Require valid-user
#& &&/LimitExcept&
&/Location&
Powered by1087人阅读
linux（6）
前提，svn已配好，apache已配好，httpd+svn的配置已正常工作。只是更改svn的认证为linux本地密码认证方式。
1，yum安装httpd-devel
2，安装mod_authnz_external，这个yum源上没有，只有下载安装包手工安装
从/p/mod-auth-external/ 选择对应的版本
查看本地Apache版本为2.2,则安装3.2.6版本的mod-auth-external
解压后执行
#apxs -c mod_authnz_external.c&& (编译）
#apxs -i -a mod_authnz_external.la (安装)
3，安装最关键的pwauth这个也在yum源上没有，
从/p/pwauth/downloads/list选择一个版本2.3.10
解压后更改config.h配置文件，设置这行、
&& #define SERVER_UIDS 48（这个数字是svnrepo目录的访问group id,比如这里是apache）
& 也可以是几个group的id&
&#define SERVER_UIDS 12,48,501
得到pwauth，可以copy到指定目录比如/usr/local/bin/pwauth,注意这个文件的权限一定是root， chmod 755否则可能不能访问/etc/shadow/
4，配置subversion.conf
&&& AddExternalAuth pwauth /usr/local/bin/pwauth
&&& SetExternalAuthMethod pwauth pipe
&&& &Location /svnroot&
&&&&&&& DAV svn
&&&&&&& SVNPath /var/svn/repo
&&&&&&& AuthType Basic
&&&&&&& AuthNAme &Restricted&
&&&&&&& AuthBasicProvider external
&&&&&&& AuthExternal pwauth
&&&&&&& require valid-user
&&&&&&& require group svnusers
&&& &/Location&
5,重启httpd服务
&&相关文章推荐
* 以上用户言论只代表其个人观点，不代表CSDN网站的观点或立场
访问：22061次
排名：千里之外
原创：11篇
(3)(1)(1)(2)(2)(3)使用http代理svn访问
时间： 20:11:57
&&&& 阅读：131
&&&& 评论：
&&&& 收藏：0
标签：本文适用于已经安装SVN后想用http访问SVN的情况！一定要关闭selinx，一定要关闭selinx，一定要关闭selinx，重要的事情说三遍！！！关闭SELINUXvi /etc/selinux/config#SELINUX=enforcing #注释掉#SELINUXTYPE=targeted #注释掉SELINUX=disabled #增加:wq! #保存退出setenforce 0 #使配置立即生效好了，现在说正事安装Apacheyum install httpd apr apr-util httpd-devel&yum install mod_dav_svncd /etc/httpd/modules/[ modules]# ll |grep mod_dav_svn.so-rwxr-xr-x. 1 root root 155360 Aug 17 &2015 mod_dav_svn.so[ modules]# ll |grep mod_authz_svn.so-rwxr-xr-x. 1 root root &13456 Aug 17 &2015 mod_authz_svn.so已经看到mod_dav_svn.so&mod_authz_svn.so证明已经安装成功了。配置svn支持http访问htpasswd -cm /home/svn/conf/http_passwd XXXXXXX注意：/home/svn/conf/目录下面passwd文件是svnserve独立服务器使用的认证文件，密码没有加密，明文显示。/home/svn/conf/目录下面http_passwd文件是Apache的http模式使用的认证文件，密码使用MD5加密。passwd和http_passwd文件中，账号密码必须设置相同。设置Apache配置文件vi /etc/httpd/conf.d/subversion.conf #编辑，在最后添加以下代码&Location /svn&DAV svn#SVNPath /home/svn & #访问单一文件夹的SVNParentPath /home/svn &#访问多个文件夹的# # Limit write permission to list of valid users.# &LimitExcept GET PROPFIND OPTIONS REPORT&# # Require SSL connection for password protection.# # SSLRequireSSL#AuthType BasicAuthName "Authorization SVN"AuthzSVNAccessFile /home/svn/conf/authzAuthUserFile /home/svn/conf/http_passwdRequire valid-user# &/LimitExcept&&/Location&:wq! #保存退出设置目录权限chown apache:apache /home/svn -R #设置svn目录所有者为Apache服务运行账号apache以上内容参考了 本文出自 “” 博客，请务必保留此出处标签：
&&国之画&&&& &&&&chrome插件
版权所有 京ICP备号-2
迷上了代码！centos下安装svn服务器(已验证)_百度文库
两大类热门资源免费畅读
续费一年阅读会员，立省24元！
centos下安装svn服务器(已验证)
阅读已结束，下载文档到电脑
想免费下载本文？
定制HR最喜欢的简历
下载文档到电脑，方便使用
还剩5页未读，继续阅读
定制HR最喜欢的简历
你可能喜欢