Files_external storage not accessible for some ldap users

garblixa · November 13, 2020, 10:25am

Nextcloud version: 20.0.1
Operating system and version: Debian 10.6
Apache or nginx version: Apache/2.4.38 (Debian)
PHP version: 7.4.12

The issue you are facing:
The External Storage is not available for some users, although they have the permission to use it.
A test with one of the denied user and smbclient on the nextcloud server has access to the share.
Also if the option “Safe credentials in session” is selected, the access works.

Only with “Save credentials in database” the access does not work.
Is it possible to reset the stored credentials?

Is this the first time you’ve seen this error?: Y

Steps to replicate it:

The behavior is not reproducible. If a new user is created in LDAP with the same permissions, the access works.

The output of your Nextcloud log in Admin > Logging:

Warning	no app in context	OCP\Files\StorageAuthException: Storage unauthorized. Invalid request for / (ForbiddenException)	
2020-11-13T11:17:40+0100
Warning	no app in context	External storage not available: Storage unauthorized. Invalid request for / (ForbiddenException)	
2020-11-13T11:17:40+0100
Error	no app in context	Icewind\SMB\Exception\ForbiddenException: Invalid request for / (ForbiddenException)	
2020-11-13T11:17:40+0100

The output of your Apache/nginx/system log in /var/log/____:

No errors are logged. Only http 200 Status

gerardjm · November 14, 2020, 10:00am

Hi, we have the same problem…

sbermanmail · February 4, 2021, 10:45pm

We are also having the same problem, we are on 20.0.3, have you had any luck fixing this. So far we have seen ones standard domain user and 1 administrator account with the same problem. We can confirm that setting the external storage share to save in session, enter the password for the whole share, or enter the password when prompted, always works. It never works for these users when the password is saved to database. we have tried resetting the user’s password, removing and re-adding the AD bindings, removing the user mappings. External Storage shares need to be set to use credentials saved in database in order for OnlyOffice to work properly. I haven’t found instructions on forcing the user to resync or resetting their, presumably, corrupted local (to nextcloud) copy of their credentials.

sbermanmail · February 5, 2021, 6:54pm

i just upgraded our nextcloud to 20.0.7 and the problem and also reset affected users’ passwords in active directory. the problem seems to have gone away now and the users can log in using their network accounts and browse external smb shares using the ‘saved in database’ credentials option in NC.