HTTP Transmission error - LDAP External Storage issue

Good Day everyone.

Just thought I would reach out since I have been dealing with this for a bit, but I am getting the feeling from my research on the issue I wont get much help. But here goes nothing?

So I have been hosting a next cloud server since … I dont know … 2013? ish? But it was only recently that I got real serious around 2016 and setup an ESXi Host with the VM installed and connected it to a 2012 r2 AD with an Exchange Mail server and File Server running 2008 r2 (has since been migrated to 2012 r2)

So since I was learning a lot on this server (just a private lab for family and friends) I did a lot of experimenting. So, recently my server, at random intervals would delete everything in my account from one of the synced (sp?) computers. It was like they had some sort of ‘old info’ that would suddenly become ‘current’ and the account would sync to it. Never could figure out who, or why. But I would just wake up one morning and have no files lol.

So rather than try to figure this out (started on 10 with ubuntu LTS16.04) I just decided to start fresh :slight_smile:

Well here I am. So I just finished using couple of tutorials to get this done:



https://docs.nextcloud.com/server/18/admin_manual/configuration_user/user_auth_ldap.html

had to adjust a few things (looking at you Rigis!!!) but got it working. Well I started installing it on my various computers that i use for work and home (total of 5 running 10 or 7 pro x64) and I am now getting that error that many have reported. But it only started when I started syncing the client. Now I can see that some are noting that it may be a bug or because of sharing external storage files that they did not have access to or other ‘credential based errors’ … I checked AD logs and found these little gems:

The computer attempted to validate the credentials for an account.

Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:	A363A5EC-FBDB-****-BF7D-5812851BC2AF
Source Workstation:	CLOUD
Error Code:	0xC0000064

Okay that is weird … … and then looking at ‘users’ I see this:


What is with all the SIDs?

I replicated the AD Sync and the settings say ‘okay’ but I am getting those “Icewind\SMB\Exception\ForbiddenException” errors in the event viewer, and this one:

[user_ldap] Warning: Configuration Error (prefix s01): either no password is given for the user agent or a password is given, but not an LDAP agent.

HEAD /remote.php/webdav/Family%20Media%20(F)/Pictures/AutoUploads/CharlesandAileenHix/2020/01/
from 50.206.170.140 at 2020-01-30T01:27:32+00:100

So there is ‘something’ wrong with AD sync.

So I joined the server to the domain (the other one was) no change.

my only thought was that maybe there was something to do with the expiring SSL on the server for SLDAP, but it is not until later this month… Should i create a new one?

Then again… I am not using SLDAP to connect:

So there it is… what do you guys think i did wrong?

Here is the requested information from the template:

Nextcloud version : 18.0.0
Operating system and version : Ubuntu 18.04 LTS
Apache or nginx version : Apache 2.4.25
PHP version : 7.2.24, Memory limit (2GB)

Is this the first time you’ve seen this error? : Yes

Steps to replicate it:

  1. Install Windows Desktop Sync 2.6.2
  2. log in
  3. Profit

The output of your Nextcloud log in Admin > Logging:

[no app in context] Error: Icewind\SMB\Exception\ForbiddenException: Invalid request for / (ForbiddenException) at <<closure>>

 0. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php line 62
    Icewind\SMB\Exception\Exception::fromMap({1: "Icewind\\SM ... "}, 1, "/")
 1. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php line 74
    Icewind\SMB\Native\NativeState->handleError("/")
 2. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php line 184
    Icewind\SMB\Native\NativeState->testResult(false, "smb://hix-server2016/Users/")
 3. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php line 133
    Icewind\SMB\Native\NativeState->stat("smb://hix-server2016/Users/")
 4. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php line 112
    Icewind\SMB\Native\NativeShare->getStat("/")
 5. /var/www/html/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php line 179
    Icewind\SMB\Native\NativeShare->stat("/")
 6. /var/www/html/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php line 297
    OCA\Files_External\Lib\Storage\SMB->getFileInfo("/")
 7. /var/www/html/nextcloud/lib/private/Files/Storage/Common.php line 456
    OCA\Files_External\Lib\Storage\SMB->stat("")
 8. /var/www/html/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php line 613
    OC\Files\Storage\Common->test()
 9. /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php line 472
    OCA\Files_External\Lib\Storage\SMB->test()
10. /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php line 472
    OC\Files\Storage\Wrapper\Wrapper->test()
11. /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php line 472
    OC\Files\Storage\Wrapper\Wrapper->test()
12. /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Availability.php line 69
    OC\Files\Storage\Wrapper\Wrapper->test()
13. /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Availability.php line 83
    OC\Files\Storage\Wrapper\Availability->updateAvailability("*** sensitive parameters replaced ***")
14. /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Availability.php line 92
    OC\Files\Storage\Wrapper\Availability->isAvailable()
15. /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Availability.php line 441
    OC\Files\Storage\Wrapper\Availability->checkAvailability()
16. /var/www/html/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php line 582
    OC\Files\Storage\Wrapper\Availability->getMetaData("")
17. /var/www/html/nextcloud/lib/private/Files/Cache/Scanner.php line 113
    OC\Files\Storage\Wrapper\Wrapper->getMetaData("")
18. /var/www/html/nextcloud/lib/private/Files/Cache/Scanner.php line 151
    OC\Files\Cache\Scanner->getData("")
19. /var/www/html/nextcloud/lib/private/Files/View.php line 1484
    OC\Files\Cache\Scanner->scanFile("")
20. /var/www/html/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php line 265
    OC\Files\View->getDirectoryContent("/")
21. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Tree.php line 195
    OCA\DAV\Connector\Sabre\Directory->getChildren()
22. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 899
    Sabre\DAV\Tree->getChildren("files/A363A5EC- ... F")
23. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 978
    Sabre\DAV\Server->generatePathNodes(Sabre\DAV\PropFind {}, [Sabre\DAV\PropF ... }])
24. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 1666
    Sabre\DAV\Server->getPropertiesIteratorForPath("files/A363A5EC- ... F", ["{DAV:}resource ... "], 1)
25. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 355
    Sabre\DAV\Server->generateMultiStatus(Generator {}, false)
26. <<closure>>
    Sabre\DAV\CorePlugin->httpPropFind(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
27. /var/www/html/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105
    call_user_func_array([Sabre\DAV\CorePlugin {},"httpPropFind"], [Sabre\HTTP\Requ ... }])
28. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 479
    Sabre\Event\EventEmitter->emit("method:PROPFIND", [Sabre\HTTP\Requ ... }])
29. /var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 254
    Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
30. /var/www/html/nextcloud/apps/dav/lib/Server.php line 319
    Sabre\DAV\Server->exec()
31. /var/www/html/nextcloud/apps/dav/appinfo/v2/remote.php line 35
    OCA\DAV\Server->exec()
32. /var/www/html/nextcloud/remote.php line 165
    require_once("/var/www/html/n ... p")

PROPFIND /remote.php/dav/files/A363A5EC-FBDB-40D5-BF7D-5812851BC2AF/
from 74.202.141.227 by A363A5EC-FBDB-40D5-BF7D-5812851BC2AF at 2020-01-30T01:03:35+00:00

Output of config.php

<?php
$CONFIG = array (
  'instanceid' => '[redacted]',
  'passwordsalt' => '[redacted]',
  'secret' => '[redacted]',
  'trusted_domains' =>
  array (
    0 => 'cloud.hixfamily.us',
    1 => '[redacted]',
    2 => '[redacted]',
    3 => '[redacted]',
  ),
  'datadirectory' => '/var/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '18.0.0.10',
  'overwrite.cli.url' => 'https://cloud.hixfamily.us',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '[redacted]',
  'dbpassword' => '[redacted]',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => true,
  'redis' =>
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.0,
  ),
  'htaccess.RewriteBase' => '/',
  'maintenance' => false,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
);

The output of your Apache/nginx/system log in /var/log/apache2/error.log:

[Wed Jan 29 06:25:02.749172 2020] [mpm_prefork:notice] [pid 8725] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Wed Jan 29 06:25:02.749233 2020] [core:notice] [pid 8725] AH00094: Command line: '/usr/sbin/apache2'
[Wed Jan 29 10:49:57.341643 2020] [php7:error] [pid 2670] [client 145.239.69.74:36786] script '/var/www/html/wp-login.php' not found or unable to stat
[Wed Jan 29 11:25:47.081247 2020] [php7:error] [pid 2668] [client 13.73.159.163:55999] script '/var/www/html/xmlrpc.php' not found or unable to stat
[Wed Jan 29 11:30:23.904244 2020] [php7:error] [pid 2666] [client 46.101.150.9:50486] script '/var/www/html/wp-login.php' not found or unable to stat
[Wed Jan 29 18:14:39.957387 2020] [php7:error] [pid 2668] [client 193.57.40.38:41600] script '/var/www/html/index.php' not found or unable to stat
[Thu Jan 30 01:03:30.941027 2020] [access_compat:error] [pid 16021] [client 74.202.141.227:11571] AH01797: client denied by server configuration: /var/www/html/nextcloud/config
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory
cat: /etc/ntp.conf: No such file or directory

Output of the log that Apache2 is referncing “/var/www/html/nextcloud/config”

" ============================================================================
" Netrw Directory Listing                                        (netrw v156)
"   /var/www/html/nextcloud/config
"   Sorted by      name
"   Sort sequence: [\/]$,\<core\%(\.\d\+\)\=\>,\.h$,\.c$,\.cpp$,\~\=\*$,*,\.o$,\.obj$,\.info$,\.swp$,\.bak$,\~$
"   Quick Help: <F1>:help  -:go up dir  D:delete  R:rename  s:sort-by  x:special
" ==============================================================================
../
./
.htaccess
config.php
config.sample.php
config.php.bak

The created UUID for LDAP-imported users is the default behaviour
https://docs.nextcloud.com/server/18/admin_manual/configuration_user/user_auth_ldap.html

It has nothing to do with the errors you are getting (can’t help with the latter)…

1 Like

Hey, thanks none-the-less :slight_smile: I think this may be a good start. Let me check logs and see what changed there

btw, after google searching I used this post to solve my issue, the sAMAccountName was the best solution for my AD.

Not sure why that got marked as a solution… it only resolved the user names… and in the process of doing that adjustment I lost the association of the data that was in my test account. So there is that.

Any one want to chime in on the share issues?

Hey there,

I am experiencing the same issue since switching from local auth to LDAP.
Strange thing is, only at mobile devices(android app).
Locally, browsing the external storage from within the NC webinterface, everything is fine. I can login and search all through my external storage(smb shared folders from my nas).

But trying to dive into an external storage from my android device breaks with the above mentioned Icewind SMB Exception.
It only affects external storages through the android app. Login and doing local stuff in app is working fine.

Any idea about that? I dont want to switch back to local user accounts while using LDAP auth and password management is so much easier :slight_smile:

Thanks and have a nice one
Timo

edit:
The android app is showing “server in maintenance” when browsing one of the external storage folders.

So, I rebuilt the server (again) from scratch and made sure that all the notes of effective files and settings were refrenced and the whole thing went with out a hitch. And the errors in the log file that I referenced erlier seemed to have gone away. And just this morning, I noticed from the Android App that I am getting the “server in maintenance Mode” message when attempting to utilize the ‘auto upload’ feature to a shared drive on my windows server 2016 server.

So, I would have originally stated that this error was resolved but, I can safely say that this must be an issue with either Reddis, php, or v18.0.0… not sure

But here is the error I get when attempting to log in with an AD account

And with the local admin I get the same message.

I can see the following messages in the log (/var/www/html/nextcloud/data/nextcloud.log)
{“reqId”:“D0rG0dNZvGonOQWiUkt9”,“level”:3,“time”:“2020-02-11T05:42:36+00:00”,“remoteAddr”:“10.1.20.83”,“user”:"–",“app”:“PHP”,“method”:“GET”,“url”:"/",“message”:“You are using a fallback implementation of the intl extension. Installing the native one is highly recommended instead. at /var/www/html/nextcloud/3rdparty/patchwork/utf8/src/Patchwork/Utf8/Bootup/intl.php#18”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36”,“version”:""}
{“reqId”:“iJSZarA5xqSZoujiGICM”,“level”:3,“time”:“2020-02-11T05:45:10+00:00”,“remoteAddr”:“10.1.20.83”,“user”:“CloudAdmin”,“app”:“PHP”,“method”:“POST”,“url”:"/index.php",“message”:“You are using a fallback implementation of the intl extension. Installing the native one is highly recommended instead. at /var/www/html/nextcloud/3rdparty/patchwork/utf8/src/Patchwork/Utf8/Bootup/intl.php#18”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36”,“version”:“18.0.0.10”}

Good stuff… Notice that the Domain user account does not even get recognized?

The AD logs (security) just show that someone wants to use SCANS or ADMINSTRADOR on my mail sever… lol no help there… Any other places to check?

rebooting the server allowed me to log in, but check of the logs shows a familiar set of errors…

I am going to attempt to update to 18.0.1 and see if that helps