moboter
September 15, 2021, 6:08am
1
Zur ErklĂ€rung alle Benutzer haben ein Ablaufdatum fĂŒr Ihr Passwort
ist es möglich fĂŒr einen (Dienst) Account einen Benutzer anzulegen bei dem das Passwort nicht ablĂ€uft?
Der Dienst Account soll nur fĂŒr die Synchronisation mit der Cloud von allen Workstations dienen.
gas85
September 15, 2021, 12:09pm
2
Create an application password, it will never expired and designed for this purpose. https://FQDN/index.php/settings/user/security
or Settings â Security â Create application password.
moboter
September 16, 2021, 11:41am
3
Super Tip
Ich habe einen Benutzer angelegt und den Code erzeugt
jetz wollte ich mich mit dem Benutzernamen und dem erzeugten Code mit der Nextcloud SyncApp anmelden die macht aber ein Browserfenster auf wo ich mich mit dem Benutzernamen und dem Normalen PAsswort anmelden muss um das GerÀt zu authorisieren.
Jetzt Frage ich mich wo sonnst kann ich den Code eingeben?
moboter
September 16, 2021, 12:03pm
4
Leider scheint es da auch einen nicht geheilten BUG zu geben
opened 10:04PM - 14 Jul 20 UTC
bug
1. to develop
feature: ldap
feature: authentication
I am using nextcloud 18.0.6 and recently upgraded from 18.0.3.
The additional⊠app passwords from security -> devices & sessions are not working. Passwords are generated over the "Create new app password" button.
I created a new app password, the android nextcloud app responds with incorrect credentials, same by using a browser and the app login.
The log says:
```
Info core Bruteforce attempt from â****â detected for action âloginâ.
Warning no app in context Login failed: **** (Remote IP: ****)
```
I cleared the database bruteforce attempt entry with my IP address, but at the first login attempt with the correct (generated) _app login_ credentials, a new bruteforce attempt entry is created in the database and the login is rejected with "Wrong username or password. "
Update:
**_Just tested on a nextcloud hoster with 18.0.6 (updated from 18.0.3), with the same problem!_**
### Steps to reproduce
1. maybe upgrade from18.0.3. to 18.0.6
2. "Create new app password"
3. Login with the generated password inside browser or android nextcloud app
### Expected behaviour
Login successful.
### Actual behaviour
Error Message "Wrong username or password. "
### Server configuration
Debian buster
**Web server:**
Apache 2.4.38-3+deb10u3
**Database:**
MariaDB
**PHP version:**
php 7.3
**Nextcloud version: 18.0.6
**Updated from an older Nextcloud/ownCloud or fresh install:**
18.0.3.
**Where did you install Nextcloud from:**
https://nextcloud.com/install/
**Signing status:**
<details>
<summary>Signing status</summary>
```
Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.
```
No errors have been found.
```
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder
```
```
Enabled:
- accessibility: 1.4.0
- activity: 2.11.0
- admin_audit: 1.8.0
- calendar: 2.0.3
- cloud_federation_api: 1.1.0
- comments: 1.8.0
- contacts: 3.3.0
- dav: 1.14.0
- federatedfilesharing: 1.8.0
- files: 1.13.1
- files_pdfviewer: 1.7.0
- files_rightclick: 0.15.2
- files_trashbin: 1.8.0
- files_versions: 1.11.0
- files_videoplayer: 1.7.0
- firstrunwizard: 2.7.0
- logreader: 2.3.0
- lookup_server_connector: 1.6.0
- nextcloud_announcements: 1.7.0
- notes: 3.6.0
- notifications: 2.6.0
- oauth2: 1.6.0
- password_policy: 1.8.0
- photos: 1.0.0
- privacy: 1.2.0
- provisioning_api: 1.8.0
- recommendations: 0.6.0
- serverinfo: 1.8.0
- settings: 1.0.0
- sharebymail: 1.8.0
- support: 1.1.1
- survey_client: 1.6.0
- systemtags: 1.8.0
- text: 2.0.0
- theming: 1.9.0
- twofactor_backupcodes: 1.7.0
- updatenotification: 1.8.0
- viewer: 1.2.0
- workflowengine: 2.0.0
Disabled:
- encryption
- federation
- files_external
- files_sharing
- user_ldap
```
**Nextcloud configuration:**
<details>
<summary>Config report</summary>
```
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder
```
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"192.168.***.**",
"*****.de"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/192.168.***.**\/nextcloud",
"dbtype": "mysql",
"version": "18.0.6.0",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"forcessl": true,
"forceSSLforSubdomains": true,
"loglevel": 0,
"theme": "",
"memcache.local": "\\OC\\Memcache\\APCu",
"maintenance": false,
"updatechecker": false,
"appstoreenabled": true,
"trashbin_retention_obligation": "auto",
"htaccess.RewriteBase": "\/nextcloud",
"mysql.utf8mb4": true,
"updater.secret": "***REMOVED SENSITIVE VALUE***"
}
}
```
gas85
September 20, 2021, 11:49am
5
Du gibst deiner Normale Kennwort, es wird aber fĂŒr bestimmte Client neue App Kennwort erzeugt, sodass du es im Security Einstellungen sehen kannst.
moboter
September 29, 2021, 11:58am
6
Macht fĂŒr mich wenig Sinn die Aussage. Maybe something got Lost in Translation?
Unter Persönlich Sicherheit GerÀte und Sitzungen Erstelle ich unter App Name (Freies Feld) ein neues Passwort und das wird dann im Zufallsprinzip einer App zugewiesen?
devnull
September 29, 2021, 12:14pm
7
Ich glaube fĂŒr die angeschlossenen GerĂ€te bzw. Apps werden gar keine Passwörter verwendet. Wobei es gibt wohl Unterschiede z. B. bei 2FA.
https://docs.nextcloud.com/server/latest/user_manual/de/session_management.html