AD Auth - one user can't sign in

Nextcloud version (eg, 10.0.2): 12
Operating system and version (eg, Ubuntu 16.04): Appliance
Can you reliably replicate it? (If so, please outline steps): yes

The issue you are facing:

Greetings,

I have a fresh installation of the NextCloud 12 appliance. I created a user account with a user name that matches the user’s AD account. I then added our AD as an external auth source. I then removed the duplicated user account. The user is unable to sign in with AD credentials. Other AD accounts work just fine.

Any suggestions where I should look? The error in the log is
Warning core Login failed: ‘user.name’ (Remote IP: ‘172.16.X.X’) 2017-08-01T11:39:32-0500
Warning user_ldap Bind failed: 49: Invalid credentials 2017-08-01T11:39:32-0500

I’ve removed all references from the DB for the original local account username.

And the only filesystem reference (by file name) was in /var/ncdata/appdata_ocab8j3aaavu/avatar/user.name and I removed that as well.

I’m baffled here and this is a show stopper for my deployment :frowning:

Could be a bug @blizzz

Update. I rebuilt the whole appliance from scratch. The same user can’t authenticate, and at least one other user that is unable to as well.

So now the problem is just an auth issue, some AD users are unable to authenticate, but I can’t find a similarity to the users who can’t.

Would image a configuration setup first. The described handling with the local user is awkward, but should not cause it. Then, there are typical scenarios to check for, i.e. whether the password is correct, whether the username is correct, whether the user matches the login filter, whether AD denies the bind for some reason, etc. Revisiting config and logs can help further.

You might gather more information if you check the Active Directory logs. In Event Viewer, open Windows Logs -> Security, then filter by Audit Failure keyword. For better performance you can narrow it down to last 7 days, etc.