The Basics
- Nextcloud Server version (e.g., 29.x.x):
- 31.0.8
- Operating system and version (e.g., Ubuntu 24.04):
- Ubuntu 24.04
- Web server and version (e.g, Apache 2.4.25):
- 2.4.65
- Reverse proxy and version _(e.g. nginx 1.27.2)
- 1.29.0
- PHP version (e.g, 8.3):
- 8.3.25
- Is this the first time you’ve seen this error? (Yes / No):
- Yes
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Docker Compose
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
- No
Summary of the issue you are facing:
NextCloud uses LDAP authorization.
Each user has its own external SMB/CIFS (External storage) storage mounted only for him from a Windows file server. The login and password for accessing the storage are used from the user’s session and stored in the NextCloud database.
From this mounted storage, users provide access (sharing) to files via a URL link.
The settings of the test sharing can be seen by requesting the database:
Issue:
If the user changed the password in Active Directory, but after that did not log in to NextCloud with the new password, then when someone trying to access the previously provided URL link, there is no access to the file “Page not found“ (which is logical, since the password stored in the NextCloud database are outdated and not suitable for accessing SMB storage), but the link is deleted on the file, that is, sharing for the file is deleted.
If we correctly understand the internal mechanics of NextCloud in this situation, then when trying to access a file using the link URL, access to the file is checked, and if it is not available, the link is deleted.
Steps to replicate it:
-
Create a link to a file in the mounted SMB storage from Windows server, which is accessed from under the username and password of the user obtained from his web session and stored in the database.
-
Change a user’s password in Active Directory
-
If the user does not login into NextCloud with the new password, the sharing settings for file will be deleted when someone try to access it via the link to the document (approximately 5 minutes after changing the password - after resetting the cache of the previous password).
Log entries
Nextcloud
Configuration
Nextcloud
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"upgrade.disable-web": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nc.example.ru"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "31.0.8.1",
"overwrite.cli.url": "https:\/\/nc.example.ru",
"overwriteprotocol": "https",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"defaultapp": "files",
"app_install_overwrite": [],
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_smtpauth": true,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_sender_name": "Example Nextcloud",
"maintenance": false,
"skeletondirectory": false,
"loglevel": 0
}
}
Apps
The output of occ app:list (if possible).
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_accesscontrol: 2.0.0
- files_downloadlimit: 4.0.0
- files_external: 1.23.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- richdocuments: 8.7.4
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- updatenotification: 1.21.0
- user_ldap: 1.22.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- workflow_script: 2.0.0
- workflowengine: 2.13.0
Disabled: - admin_audit: 1.21.0
- encryption: 2.19.0
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0