<!--
Thanks for reporting issues back to Nextcloud!
Note: This is the **issu…e tracker of Nextcloud**, please do NOT use this to get answers to your questions or get help for fixing your installation. This is a place to report bugs to developers, after your server has been debugged. You can find help debugging your system on our home user forums: https://help.nextcloud.com or, if you use Nextcloud in a large organization, ask our engineers on https://portal.nextcloud.com. See also https://nextcloud.com/support for support options.
Nextcloud is an open source project backed by Nextcloud GmbH. Most of our volunteers are home users and thus primarily care about issues that affect home users. Our paid engineers prioritize issues of our customers. If you are neither a home user nor a customer, consider paying somebody to fix your issue, do it yourself or become a customer.
Guidelines for submitting issues:
* Please search the existing issues first, it's likely that your issue was already reported or even fixed.
- Go to https://github.com/nextcloud and type any word in the top search/command bar. You probably see something like "We couldn’t find any repositories matching ..." then click "Issues" in the left navigation.
- You can also filter by appending e. g. "state:open" to the search string.
- More info on search syntax within github: https://help.github.com/articles/searching-issues
* This repository https://github.com/nextcloud/server/issues is *only* for issues within the Nextcloud Server code. This also includes the apps: files, encryption, external storage, sharing, deleted files, versions, LDAP, and WebDAV Auth
* SECURITY: Report any potential security bug to us via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/) instead of filing an issue in our bug tracker.
* The issues in other components should be reported in their respective repositories: You will find them in our GitHub Organization (https://github.com/nextcloud/)
* You can also use the Issue Template app to prefill most of the required information: https://apps.nextcloud.com/apps/issuetemplate
-->
### How to use GitHub
* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are affected by the same issue.
* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
* Subscribe to receive notifications on status change and new comments.
### Steps to reproduce
1. Configure an external storage for SMB/CIFS with Kerberos authentification
2.
3.
### Expected behaviour
The icon should become green and the share can be accessed
### Actual behaviour
The icon is red
### Server configuration
**Operating system:**
Debian 10
**Web server:**
Apache/2.4.38 (Debian)
in separate Proxmox lxc container
**Database:**
10.3.17-MariaDB-0+deb10u1 Debian 10
in separate Proxmox lxc container
**PHP version:**
10.3.17-MariaDB-0+deb10u1 Debian 10
**Nextcloud version:** (see Nextcloud admin page)
Nextcloud 20.0.3
**Updated from an older Nextcloud/ownCloud or fresh install:**
**Where did you install Nextcloud from:**
```
No errors have been found.
```
</details>
**List of activated apps:**
<details>
<summary>App list</summary>
```
Enabled:
- accessibility: 1.6.0
- activity: 2.13.4
- cloud_federation_api: 1.3.0
- comments: 1.10.0
- contactsinteraction: 1.1.0
- dashboard: 7.0.0
- dav: 1.16.1
- federatedfilesharing: 1.10.1
- federation: 1.10.1
- files: 1.15.0
- files_external: 1.11.1
- files_pdfviewer: 2.0.1
- files_rightclick: 0.17.0
- files_sharing: 1.12.0
- files_trashbin: 1.10.1
- files_versions: 1.13.0
- files_videoplayer: 1.9.0
- firstrunwizard: 2.9.0
- logreader: 2.5.0
- lookup_server_connector: 1.8.0
- nextcloud_announcements: 1.9.0
- notifications: 2.8.0
- oauth2: 1.8.0
- password_policy: 1.10.1
- photos: 1.2.1
- privacy: 1.4.0
- provisioning_api: 1.10.0
- recommendations: 0.8.0
- serverinfo: 1.10.0
- settings: 1.2.0
- sharebymail: 1.10.0
- support: 1.3.0
- survey_client: 1.8.0
- systemtags: 1.10.0
- text: 3.1.0
- theming: 1.11.0
- twofactor_backupcodes: 1.9.0
- updatenotification: 1.10.0
- user_ldap: 1.10.2
- user_saml: 3.3.1
- user_status: 1.0.1
- viewer: 1.4.0
- weather_status: 1.0.0
- workflowengine: 2.2.0
Disabled:
- admin_audit
- encryption
- smb_test
- twofactor_totp
```
</details>
**Nextcloud configuration:**
<details>
<summary>Config report</summary>
```
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"192.168.1.123",
"nextcloud.xxx.net",
"cloud2.xxx.net",
"cloud.xxx.net"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "20.0.3.2",
"overwrite.cli.url": "http:\/\/cloud2.xxx.net\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\APCu",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_sendmailmode": "smtp",
"mail_smtpsecure": "tls",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "PLAIN",
"mail_smtpport": "25",
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"maintenance": false,
"theme": "",
"log_type": "file",
"logfile": "var\/log\/nextcloud.log",
"logfilemode": 416,
"loglevel": 1,
"updater.secret": "***REMOVED SENSITIVE VALUE***"
}
}
```
</details>
**Are you using external storage, if yes which one:** local/smb/sftp/...
Try to use SMB/CIFS with Kerberos authentification
**Are you using encryption:** yes/no
**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
openLDAP
in separate Proxmox lxc container
<details>
<summary>LDAP config</summary>
```
+-------------------------------+-----------------------------------------------------------------------------------------------------------+
| Configuration | s02 |
+-------------------------------+-----------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 0 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=admin,dc=lan,dc=xxx,dc=net |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | ou=users,dc=lan,dc=xxx,dc=net |
| ldapBaseGroups | ou=groups,dc=lan,dc=xxx,dc=net |
| ldapBaseUsers | ou=users,dc=lan,dc=xxx,dc=net |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 1 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | ldap2.xxx.net |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(objectclass=inetOrgPerson)(memberof=ou=nextcloud,ou=services,dc=lan,dc=xxx,dc=net))(uid=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapMatchingRuleInChainState | unknown |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(objectclass=inetOrgPerson)(memberof=ou=nextcloud,ou=services,dc=lan,dc=xxx,dc=net)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+-----------------------------------------------------------------------------------------------------------+
```
</details>
### Client configuration
**Browser:**
Firefox 84.0 in Proxmox VM
**Operating system:**
Ubuntu 18.04
### Logs
#### Web server error log
I have added some error_log statements in php code. Maybe it helps you.
<details>
<summary>Web server error log</summary>
```
==> /var/log/apache2/nextcloud-ssl-error.log <==
[Thu Dec 17 11:29:20.810591 2020] [ssl:info] [pid 9616] [client 192.168.1.130:54496] AH01964: Connection to child 4 established (server cloud2.xxx.net:443)
[Thu Dec 17 11:29:20.855522 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] SMB->getFileInfo
[Thu Dec 17 11:29:20.856284 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] NativeFileInfo->getSize
[Thu Dec 17 11:29:20.856315 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] NativeFileInfo->stat
[Thu Dec 17 11:29:20.856383 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496]
[Thu Dec 17 11:29:20.856417 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] NativeShare->getAttribute
[Thu Dec 17 11:29:20.856457 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] Icewind\\SMB\\Native\\NativeShare Object\n(\n [server:Icewind\\SMB\\Native\\NativeShare:private] => Icewind\\SMB\\Native\\NativeServer Object\n (\n [state:protected] => Icewind\\SMB\\Native\\NativeState Object\n (\n [state:protected] => \n [handlerSet:protected] => \n [connected:protected] => \n )\n\n [host:protected] => srv.xxx.net\n [auth:protected] => Icewind\\SMB\\KerberosAuth Object\n (\n )\n\n [system:protected] => Icewind\\SMB\\System Object\n (\n [paths:Icewind\\SMB\\System:private] => Array\n (\n )\n\n )\n\n [timezoneProvider:protected] => Icewind\\SMB\\TimeZoneProvider Object\n (\n [timeZones:Icewind\\SMB\\TimeZoneProvider:private] => Array\n (\n )\n\n [system:Icewind\\SMB\\TimeZoneProvider:private] => Icewind\\SMB\\System Object\n (\n [paths:Icewind\\SMB\\System:private] => Array\n (\n )\n\n )\n\n )\n\n [options:protected] => Icewind\\SMB\\Options Object\n (\n [timeout:Icewind\\SMB\\Options:private] => 20\n )\n\n )\n\n [name:Icewind\\SMB\\Native\\NativeShare:private] => nextcloud\n [state:Icewind\\SMB\\Native\\NativeShare:private] => \n [forbiddenCharacters:Icewind\\SMB\\AbstractShare:private] => Array\n (\n [0] => ?\n [1] => <\n [2] => >\n [3] => :\n [4] => *\n [5] => |\n [6] => "\n [7] =>
[Thu Dec 17 11:29:20.856554 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] NativeState->init
[Thu Dec 17 11:29:20.856609 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] connected:
[Thu Dec 17 11:29:20.857122 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] Username: dummy
[Thu Dec 17 11:29:20.857170 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] Workgroup: dummy
[Thu Dec 17 11:29:20.857202 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] Password:
[Thu Dec 17 11:29:20.857238 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] Arguments: -k
[Thu Dec 17 11:29:20.857272 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] result: 1
[Thu Dec 17 11:29:20.857302 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] connected: 1
[Thu Dec 17 11:29:20.857337 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] NativeState->getxattr
[Thu Dec 17 11:29:20.857382 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] Icewind\\SMB\\Native\\NativeState Object\n(\n [state:protected] => Resource id #16\n [handlerSet:protected] => \n [connected:protected] => 1\n)\n
[Thu Dec 17 11:29:20.857415 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] uri: smb://srv.xxx.net/nextcloud/
[Thu Dec 17 11:29:20.857444 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] key: system.dos_attr.*
[Thu Dec 17 11:29:20.964758 2020] [php7:notice] [pid 9616] [client 192.168.1.130:54496] result:
==> /var/log/apache2/nextcloud-ssl-access.log <==
192.168.1.130 - - [17/Dec/2020:11:29:20 +0000] "GET /index.php/apps/files_external/userstorages/4?testOnly=true HTTP/1.1" 200 2291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
```
</details>
#### Nextcloud log (data/nextcloud.log)
<details>
<summary>Nextcloud log</summary>
```
[no app in context] Error: Icewind\SMB\Exception\ForbiddenException: Invalid request for / (ForbiddenException) at <<closure>>
0. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php line 66
Icewind\SMB\Exception\Exception::fromMap({1: "Icewind\\SM ... "}, 1, "/")
1. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php line 78
Icewind\SMB\Native\NativeState->handleError("/")
2. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php line 306
Icewind\SMB\Native\NativeState->testResult("*** sensitive parameter replaced ***", "smb://srv.xxx.net/nextcloud/")
3. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php line 308
Icewind\SMB\Native\NativeState->getxattr("smb://srv.xxx.net/nextcloud/", "system.dos_attr.*")
4. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php line 66
Icewind\SMB\Native\NativeShare->getAttribute("/", "system.dos_attr.*")
5. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php line 87
Icewind\SMB\Native\NativeFileInfo->stat()
6. /var/www/html/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php line 113
Icewind\SMB\Native\NativeFileInfo->getSize()
7. /var/www/html/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php line 189
Icewind\SMB\Native\NativeShare->stat("/")
8. /var/www/html/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php line 337
OCA\Files_External\Lib\Storage\SMB->getFileInfo("/")
9. /var/www/html/nextcloud/lib/private/Files/Storage/Common.php line 458
OCA\Files_External\Lib\Storage\SMB->stat("")
10. /var/www/html/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php line 706
OC\Files\Storage\Common->test()
11. /var/www/html/nextcloud/apps/files_external/lib/MountConfig.php line 264
OCA\Files_External\Lib\Storage\SMB->test("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***")
12. /var/www/html/nextcloud/apps/files_external/lib/Controller/StoragesController.php line 255
OCA\Files_External\MountConfig::getBackendStatus("*** sensitive parameters replaced ***")
13. /var/www/html/nextcloud/apps/files_external/lib/Controller/StoragesController.php line 330
OCA\Files_External\Controller\StoragesController->updateStorageStatus("*** sensitive parameters replaced ***")
14. /var/www/html/nextcloud/apps/files_external/lib/Controller/UserStoragesController.php line 108
OCA\Files_External\Controller\StoragesController->show("4", "*** sensitive parameter replaced ***")
15. /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 169
OCA\Files_External\Controller\UserStoragesController->show("4", "*** sensitive parameter replaced ***")
16. /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 100
OC\AppFramework\Http\Dispatcher->executeController(OCA\Files_Extern ... {}, "show")
17. /var/www/html/nextcloud/lib/private/AppFramework/App.php line 152
OC\AppFramework\Http\Dispatcher->dispatch(OCA\Files_Extern ... {}, "show")
18. /var/www/html/nextcloud/lib/private/Route/Router.php line 308
OC\AppFramework\App::main("OCA\\Files_Exte ... r", "show", OC\AppFramework\ ... {}, {action: null,id ... "})
19. /var/www/html/nextcloud/lib/base.php line 1008
OC\Route\Router->match("/apps/files_external/userstorages/4")
20. /var/www/html/nextcloud/index.php line 37
OC::handleRequest()
GET /index.php/apps/files_external/userstorages/4?testOnly=true
from 192.168.1.130 by test05 at 2020-12-17T11:29:20+00:00
```
</details>
#### Browser log
<details>
<summary>Browser log</summary>
```
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...
```
</details>
### Description
When I do the following on the client or on the web server I can connect to the share
```
kinit test05
smbclient //srv.xxx.net/nextcloud/ -U test05 -k
```
In nextcloud configuration I always get the red icon