Docker / SMB / User authentification

nox309 · May 22, 2023, 1:14pm

Hello all,

I’m getting back into the topic of Nextcloud, after I stayed away from the whole topic for years.

Today I have the following problem which I have not yet solved.
It is about the login to an External Storage/SMB via login data of the user.

About the environment:
Ubuntu 22.04 minimal installation
Docker/Docker Compose / Portainer in the latest versions
Custom Dockerimage with SMBclient
Connection of our AD to the Nextcloud

So far so good, the following is our goal:
We want to include a specific directory in the Nextcloud where each user sees but only what he is allowed to see.

For this we have made the following configuration.

When I test I have taken my user and logged him into the Nextcloud. This user has access to the said share.
Unfortunately this does not work I get the following error in the log:

Warnung	no app in context	Icewind\SMB\Exception\Exception: Unknown error (NT_STATUS_OBJECT_NAME_INVALID) for /
/var/www/html/apps/files_external/3rdparty/icewind/smb/src/Exception/Exception.php - line 49:

Icewind\SMB\Exception\Exception::unknown("/", "NT_STATUS_OBJECT_NAME_INVALID")

/var/www/html/apps/files_external/3rdparty/icewind/smb/src/Wrapped/Parser.php - line 92:

Icewind\SMB\Exception\Exception::fromMap([ "Icewind\\ ... "], "NT_STATUS_OBJECT_NAME_INVALID", "/")

/var/www/html/apps/files_external/3rdparty/icewind/smb/src/Wrapped/Share.php - line 479:

Icewind\SMB\Wrapped\Parser->checkForError([ "NT_STATUS ... "], "/")

/var/www/html/apps/files_external/3rdparty/icewind/smb/src/Wrapped/Share.php - line 215:

Icewind\SMB\Wrapped\Share->parseOutput([ "NT_STATUS ... "], "/")

/var/www/html/apps/files_external/lib/Lib/Storage/SMB.php - line 191:

Icewind\SMB\Wrapped\Share->stat("/")

/var/www/html/apps/files_external/lib/Lib/Storage/SMB.php - line 348:

OCA\Files_External\Lib\Storage\SMB->getFileInfo("/")

/var/www/html/lib/private/Files/Storage/Common.php - line 462:

OCA\Files_External\Lib\Storage\SMB->stat("")

/var/www/html/apps/files_external/lib/Lib/Storage/SMB.php - line 729:

OC\Files\Storage\Common->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php - line 471:

OCA\Files_External\Lib\Storage\SMB->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php - line 471:

OC\Files\Storage\Wrapper\Wrapper->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php - line 471:

OC\Files\Storage\Wrapper\Wrapper->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php - line 69:

OC\Files\Storage\Wrapper\Wrapper->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php - line 83:

OC\Files\Storage\Wrapper\Availability->updateAvailability("*** sensiti ... *")

/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php - line 92:

OC\Files\Storage\Wrapper\Availability->isAvailable()

/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php - line 445:

OC\Files\Storage\Wrapper\Availability->checkAvailability()

/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php - line 596:

OC\Files\Storage\Wrapper\Availability->getMetaData("")

/var/www/html/lib/private/Files/Cache/Scanner.php - line 116:

OC\Files\Storage\Wrapper\Wrapper->getMetaData("")

/var/www/html/lib/private/Files/Cache/Scanner.php - line 153:

OC\Files\Cache\Scanner->getData("")

/var/www/html/lib/private/Files/View.php - line 1509:

OC\Files\Cache\Scanner->scanFile("")

/var/www/html/lib/private/Files/Node/Folder.php - line 101:

OC\Files\View->getDirectoryContent("/", "", [ "OC\\Files ... "])

/var/www/html/lib/private/Share20/DefaultShareProvider.php - line 696:

OC\Files\Node\Folder->getDirectoryListing()

/var/www/html/lib/private/Share20/Manager.php - line 1310:

OC\Share20\DefaultShareProvider->getSharesInFolder("C87ECEFC-8F ... A", [ "OC\\Files\\Node\\Folder"], true, true)

<<closure>>

OC\Share20\Manager->OC\Share20\{closure}("*** sensiti ... *")

/var/www/html/lib/private/Share20/Manager.php - line 1319:

array_reduce([ "*** sensi ... ]], [ "Closure"], "*** sensiti ... *")

/var/www/html/apps/dav/lib/Connector/Sabre/SharesPlugin.php - line 138:

OC\Share20\Manager->getSharesInFolder("C87ECEFC-8F ... A", [ "OC\\Files\\Node\\Folder"], true)

/var/www/html/apps/dav/lib/Connector/Sabre/SharesPlugin.php - line 195:

OCA\DAV\Connector\Sabre\SharesPlugin->getSharesFolder([ "OC\\Files\\Node\\Folder"])

/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:

OCA\DAV\Connector\Sabre\SharesPlugin->handleGetProperties([ "Sabre\\DAV\\PropFind"], [ "OCA\\DAV\\Files\\FilesHome"])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 1052:

Sabre\DAV\Server->emit("propFind", [ [ "Sabre\\ ... ]])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 984:

Sabre\DAV\Server->getPropertiesByNode([ "Sabre\\DAV\\PropFind"], [ "OCA\\DAV\\Files\\FilesHome"])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 1662:

Sabre\DAV\Server->getPropertiesIteratorForPath("files/C87EC ... A", [ "{DAV:}get ... "], 1)

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 1647:

Sabre\DAV\Server->writeMultiStatus([ "Sabre\\Xm ... "], [ "Generator"], false)

/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 346:

Sabre\DAV\Server->generateMultiStatus([ "Generator"], false)

/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:

Sabre\DAV\CorePlugin->httpPropFind([ "Sabre\\HTTP\\Request"], [ "Sabre\\HTTP\\Response"])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 472:

Sabre\DAV\Server->emit("method:PROPFIND", [ [ "Sabre\\ ... ]])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 253:

Sabre\DAV\Server->invokeMethod([ "Sabre\\HTTP\\Request"], [ "Sabre\\HTTP\\Response"])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 321:

Sabre\DAV\Server->start()

/var/www/html/apps/dav/lib/Server.php - line 366:

Sabre\DAV\Server->exec()

/var/www/html/apps/dav/appinfo/v2/remote.php - line 35:

OCA\DAV\Server->exec()

/var/www/html/remote.php - line 172:

require_once("/var/www/ht ... p")

	2023-05-22T15:04:07+0200
Warnung	no app in context	Icewind\SMB\Exception\Exception: Unknown error (NT_STATUS_OBJECT_NAME_INVALID) for /
/var/www/html/apps/files_external/3rdparty/icewind/smb/src/Exception/Exception.php - line 49:

Icewind\SMB\Exception\Exception::unknown("/", "NT_STATUS_OBJECT_NAME_INVALID")

/var/www/html/apps/files_external/3rdparty/icewind/smb/src/Wrapped/Parser.php - line 92:

Icewind\SMB\Exception\Exception::fromMap([ "Icewind\\ ... "], "NT_STATUS_OBJECT_NAME_INVALID", "/")

/var/www/html/apps/files_external/3rdparty/icewind/smb/src/Wrapped/Share.php - line 479:

Icewind\SMB\Wrapped\Parser->checkForError([ "NT_STATUS ... "], "/")

/var/www/html/apps/files_external/3rdparty/icewind/smb/src/Wrapped/Share.php - line 215:

Icewind\SMB\Wrapped\Share->parseOutput([ "NT_STATUS ... "], "/")

/var/www/html/apps/files_external/lib/Lib/Storage/SMB.php - line 191:

Icewind\SMB\Wrapped\Share->stat("/")

/var/www/html/apps/files_external/lib/Lib/Storage/SMB.php - line 348:

OCA\Files_External\Lib\Storage\SMB->getFileInfo("/")

/var/www/html/lib/private/Files/Storage/Common.php - line 462:

OCA\Files_External\Lib\Storage\SMB->stat("")

/var/www/html/apps/files_external/lib/Lib/Storage/SMB.php - line 729:

OC\Files\Storage\Common->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php - line 471:

OCA\Files_External\Lib\Storage\SMB->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php - line 471:

OC\Files\Storage\Wrapper\Wrapper->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php - line 471:

OC\Files\Storage\Wrapper\Wrapper->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php - line 69:

OC\Files\Storage\Wrapper\Wrapper->test()

/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php - line 83:

OC\Files\Storage\Wrapper\Availability->updateAvailability("*** sensiti ... *")

/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php - line 92:

OC\Files\Storage\Wrapper\Availability->isAvailable()

/var/www/html/lib/private/Files/Storage/Wrapper/Availability.php - line 445:

OC\Files\Storage\Wrapper\Availability->checkAvailability()

/var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php - line 596:

OC\Files\Storage\Wrapper\Availability->getMetaData("")

/var/www/html/lib/private/Files/Cache/Scanner.php - line 116:

OC\Files\Storage\Wrapper\Wrapper->getMetaData("")

/var/www/html/lib/private/Files/Cache/Scanner.php - line 153:

OC\Files\Cache\Scanner->getData("")

/var/www/html/lib/private/Files/View.php - line 1509:

OC\Files\Cache\Scanner->scanFile("")

/var/www/html/lib/private/Files/Node/Folder.php - line 101:

OC\Files\View->getDirectoryContent("/", "", [ "OC\\Files ... "])

/var/www/html/apps/dav/lib/Connector/Sabre/Directory.php - line 262:

OC\Files\Node\Folder->getDirectoryListing()

/var/www/html/apps/dav/lib/Connector/Sabre/CommentPropertiesPlugin.php - line 67:

OCA\DAV\Connector\Sabre\Directory->getChildren()

/var/www/html/apps/dav/lib/Connector/Sabre/CommentPropertiesPlugin.php - line 112:

OCA\DAV\Connector\Sabre\CommentPropertiesPlugin->cacheDirectory([ "OCA\\DAV\\Files\\FilesHome"])

/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:

OCA\DAV\Connector\Sabre\CommentPropertiesPlugin->handleGetProperties([ "Sabre\\DAV\\PropFind"], [ "OCA\\DAV\\Files\\FilesHome"])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 1052:

Sabre\DAV\Server->emit("propFind", [ [ "Sabre\\ ... ]])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 984:

Sabre\DAV\Server->getPropertiesByNode([ "Sabre\\DAV\\PropFind"], [ "OCA\\DAV\\Files\\FilesHome"])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 1662:

Sabre\DAV\Server->getPropertiesIteratorForPath("files/C87EC ... A", [ "{DAV:}get ... "], 1)

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 1647:

Sabre\DAV\Server->writeMultiStatus([ "Sabre\\Xm ... ]], [ "Generator"], false)

/var/www/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 346:

Sabre\DAV\Server->generateMultiStatus([ "Generator"], false)

/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:

Sabre\DAV\CorePlugin->httpPropFind([ "Sabre\\HTTP\\Request"], [ "Sabre\\HTTP\\Response"])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 472:

Sabre\DAV\Server->emit("method:PROPFIND", [ [ "Sabre\\ ... ]])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 253:

Sabre\DAV\Server->invokeMethod([ "Sabre\\HTTP\\Request"], [ "Sabre\\HTTP\\Response"])

/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php - line 321:

Sabre\DAV\Server->start()

/var/www/html/apps/dav/lib/Server.php - line 366:

Sabre\DAV\Server->exec()

/var/www/html/apps/dav/appinfo/v2/remote.php - line 35:

OCA\DAV\Server->exec()

/var/www/html/remote.php - line 172:

require_once("/var/www/ht ... p")

And the user gets this message:
grafik

A test to include the share “fixed” in which I specify the login data has also not worked, here it always says “insufficient data no login credentials saved”.

Can someone tell me where I am doing something wrong? I know that it is always difficult to solve something like this from the outside, so if you need more information just let me know.

Thank you in advance

nox309 · June 8, 2023, 11:59am

Hi,
does no one have an idea or point of departure? would like to stay Docker as a base as this makes management and updates very easy.
If no one has an idea I will have to switch to a native Ubuntu.

wwe · June 8, 2023, 6:41pm

I never user external share with AD only with “workgroup”-like NAS. And this experience was not good so I stopped… if you say AD is used you might be required to provide domain name as well. try different formats like UPN \samaccountname etc. Check the logs of Nextcloud and File Server (maybe you need to raise the log level)… honestly I have no idea what to look for… often you see the error once go through the logs. MS made some changes regarding NTLM auth ~~shortly~~ some time ago so Nextclouds SMB client might be incompatible… hardest and potentially most powerful tool would be network capture analyzing what happens on the wire…

MaHoef · September 4, 2023, 6:01am

I think this is related to my topic here:

The question is why the login data can not be saved in the database when the user/passwd is queried using LDAP …

nox309 · January 2, 2024, 10:41am

So, after putting the project on the back burner, I now have my solution.

I have installed Nextcloud on my own VM and no longer in Docker and everything works here.

I now have a different phenomenon with the ACL test, but I’m opening a new topic for it!