Client login fails with 401

Hi guys,
yesterday I upgraded my Raspberry Pi 3 from Jessie to Stretch.
Since this time I have problems logging in with android client or desktop client (Linux) and get the 401 error (unauthorized). Web-Login works as expected.
I upgraded from nc13.0.0 to nc13.0.1 today, but it didn’t change anything.
I also deleted all bruteforce entries and authtokens.

How can I solve this issue? I already searched the web, but found nothing helpful.

Thanks

the error seems to be with apache2 using mpm_event / php7.0-fpm by using php7.0 everything works fine

For better performance I would like to use mpm_event. Can somebody direct me to a working configuration?

too soon too happy

Now is all I get a 7 and don’t know any differences

got the 7. It was at the beginning of the config.php

Now I am at the start of the thread. I can login with my browser, but with no client (desktop, android, thunderbird for calendar or contacts)

I don’t have any suggestions, but I’m having what seems to be the same problem, also using Apache (2.4.19), mpm_event, and php-fpm (though php 7.2, not 7.0)–although I’m seeing it when running under FreeBSD 11.1. Nothing is written to nextcloud.log even when set at log level 1 (info), but when I set the log level to debug, I get this:

{"reqId":"xKofwVyOupn2Y5ypWNqA","level":0,"time":"2018-03-23T11:26:28-04:00","remoteAddr":"192.168.3.2","user":"--","app":"webdav","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":"Exception:
{\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Message\":\"No
'Authorization: Basic' header found. Either the client didn't send one,
or the server is misconfigured, No 'Authorization: Bearer' header found.
Either the client didn't send one, or the server is
mis-configured\",\"Code\":0,\"Trace\":\"#0 [internal function]:
Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request),
Object(Sabre\\\\HTTP\\\\Response))\\n#1
\\\/usr\\\/local\\\/www\\\/apache24\\\/data\\\/nextcloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105):
call_user_func_array(Array, Array)\\n#2
\\\/usr\\\/local\\\/www\\\/apache24\\\/data\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466):
Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3
\\\/usr\\\/local\\\/www\\\/apache24\\\/data\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254):
Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request),
Object(Sabre\\\\HTTP\\\\Response))\\n#4
\\\/usr\\\/local\\\/www\\\/apache24\\\/data\\\/nextcloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(80):
Sabre\\\\DAV\\\\Server->exec()\\n#5
\\\/usr\\\/local\\\/www\\\/apache24\\\/data\\\/nextcloud\\\/remote.php(164):
require_once('\\\/usr\\\/local\\\/www\\\/...')\\n#6
{main}\",\"File\":\"\\\/usr\\\/local\\\/www\\\/apache24\\\/data\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php\",\"Line\":168}","userAgent":"Mozilla\/5.0
(Macintosh) mirall\/2.3.3 (build 84) (Nextcloud)","version":"13.0.1.1"}

The username and password entered are correct; if I enter an incorrect password, I get an authentication failure.

i have the feeling it has something to do with this problem here:

How is your server (apache2) configured?

for the fpm I added those lines

<FilesMatch "\.php$">
        SetHandler "proxy:unix:/var/run/php/php7.0-fpm.sock|fcgi://localhost/"
</FilesMatch>
<Proxy "fcgi://localhost/">
</Proxy>

I also get this log message (but without your further lines):

**{“reqId”:“YN3JCoOUYTXYid3IVeRj”,“level”:0,“time”:“2018-03-23T15:42:27+00:00”,“remoteAddr”:“192.168.2.8”,“user”:"–",“app”:“webdav”,“method”:“PROPFIND”,“url”:"/remote.php/webdav/",“message”:“Exception: {“Exception”:“Sabre\\DAV\\Exception\\NotAuthenticated”,“Message”:“No ‘Authorization: Basic’ header found. Either the client didn’t send one, or the server is misconfigured, No ‘Authorization: Bearer’ header found. Either the client didn’t send one, or the server is mis-configured”,“Code”:0,“Trace”:”#0 [internal function]: Sabre\\DAV\\Auth\\Plugin->beforeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#1 \/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#2 \/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(466): Sabre\\Event\\EventEmitter->emit(‘beforeMethod’, Array)\n#3 \/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(254): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#4 \/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php(80): Sabre\\DAV\\Server->exec()\n#5 \/var\/www\/nextcloud\/remote.php(164): require_once(’\/var\/www\/nextcl…’)\n#6 {main}",“File”:"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php",“Line”:168}",“userAgent”:“Mozilla/5.0 (Linux) mirall/2.3.3 (Nextcloud)”,“version”:“13.0.1.1”}
**

I have this in the vhost:

ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/$1 

Edit: I see that the manual calls for uncommenting the lines in the php-fpm config file (www.conf in my case) that set the environment variables. I hadn’t done that, but doing so (and restarting php-fpm) doesn’t seem to help things.

Edit 2: This post on the owncloud forums sure sounds like it’s describing the same behavior.

Edit 3: This bug suggests that adding this:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

to your virtual host configuration will fix the issue. And, indeed, I can log in using the desktop client if I add it. But lots of files aren’t syncing, and I’m having trouble figuring out why. It’s looking like progress though…

You made my night. Your RewriteCond and -Rule made it. I also enabled the module “headers”, which was missing. don’t know if it is really needed, but sounds like it could.

Thanks

I got the same problems. This entry in my vhost blows all troubles away:

<FilesMatch \.php$>
    SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>

After adding this I discarded the RewriteRules and it works fine :slight_smile:

There seems to be a problem using ProxyPassMatch (described here).