External Storage CIFS/SMB with AD #9758
Description
Steps to reproduce
- when connect external storage (windows DFS) and this have the folder DfsrPrivate the user cant connect or folder show empty
Expected behaviour
Sometime some users can access but other not. If delete the DfsrPrivate folder all user can access de files.
Actual behaviour
Tell us what happens instead
Server configuration
Operating system: centos7
Web server: apache24u
Database: mariadb101u
**PHP version:**70u
Nextcloud version: (see Nextcloud admin page)
13.0.2
Updated from an older Nextcloud/ownCloud or fresh install:
fresh install
Where did you install Nextcloud from: nextcloud site
Signing status:
Signing status
Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.
No errors have been found.
List of activated apps:
App list
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder
Enabled:
- activity: 2.6.1
- comments: 1.3.0
- dav: 1.4.6
- federatedfilesharing: 1.3.1
- federation: 1.3.0
- files: 1.8.0
- files_external: 1.4.1
- files_sharing: 1.5.0
- files_texteditor: 2.5.1
- files_trashbin: 1.3.0
- files_versions: 1.6.0
- files_videoplayer: 1.2.0
- firstrunwizard: 2.2.1
- gallery: 18.0.0
- logreader: 2.0.0
- lookup_server_connector: 1.1.0
- nextcloud_announcements: 1.2.0
- notifications: 2.1.2
- oauth2: 1.1.0
- password_policy: 1.3.0
- provisioning_api: 1.3.0
- serverinfo: 1.3.0
- sharebymail: 1.3.0
- survey_client: 1.1.0
- systemtags: 1.3.0
- theming: 1.4.5
- twofactor_backupcodes: 1.2.3
- updatenotification: 1.3.0
- user_ldap: 1.3.1
- workflowengine: 1.3.0
Disabled:
- admin_audit
- encryption
- files_pdfviewer
- user_external
Nextcloud configuration:
Config report
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.example.com"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/cloud.example.com\/nextcloud",
"dbtype": "mysql",
"version": "13.0.2.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"skeletondirectory": "",
"logtimezone": "America\/Santiago",
"maintenance": false,
"ldapIgnoreNamingRules": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"memcache.distributed": "\\OC\\Memcache\\Memcached",
"memcached_servers": [
[
"localhost",
11211
]
],
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
}
}
}
or
Insert your config.php content here.
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)
Are you using external storage, if yes which one: local/smb/sftp/... yes SMB/CIFS
Are you using encryption: yes/no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
yes LDAP/AD
LDAP configuration (delete this part if not used)
LDAP config
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder
+-------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | |
+-------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=LDAD cloud,OU=DFS,DC=example,DC=com |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | DC=example,DC=com |
| ldapBaseGroups | DC=example,DC=com |
| ldapBaseUsers | DC=example,DC=com |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=group))(|(cn=DFS_CLOUD))) |
| ldapGroupFilterGroups | DFS_CLOUD |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | group |
| ldapGroupMemberAssocAttr | member |
| ldapHost | example.com |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=person)(objectclass=user))(|(|(memberof=CN=DFS_CLOUD,OU=DFS,DC=example,DC=com)(primaryGroupID=4143))))(|(sAMAccountName=%uid))) |
| ldapLoginFilterAttributes | sAMAccountName |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=person)(objectclass=user))(|(|(memberof=CN=DFS_CLOUD,OU=DFS,DC=example,DC=com)(primaryGroupID=4143)))) |
| ldapUserFilterGroups | DFS_CLOUD |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | person;user |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------+
Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
Client configuration
Browser: explorer,edge,chrome/firefox
Operating system:
Logs
Web server error log
Web server error log
Insert your webserver log here
Nextcloud log (data/nextcloud.log)
Nextcloud log
Insert your Nextcloud log here
{"reqId":"Wxagz2ybwkif9@RHkrJzvQAAAM0","level":3,"time":"2018-06-05T10:40:15-04:00","remoteAddr":"190.153.181.210","user":"BEAA2369-3AF6-4ADD-BDF1-44ED56162435","app":"core","method":"P
ROPFIND","url":"/nextcloud/remote.php/webdav/","message":"Exception while scanning storage "smb::userAD@dfs//Intranet//": Icewind\SMB\Exception\ForbiddenException
: Invalid request for /DfsrPrivate (ForbiddenException)","userAgent":"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko","version":"13.0.2.1"}
Browser log
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...