New AD user cannot log into Nextcloud 10

Don_Robertson · November 22, 2016, 9:18pm

Hi,

I have a Samba 4.3.4 AD directory running, and using it for my Nextcloud users. Everything has been running fine. My directory server is running on a Zentyal community edition server, and is managed through the Zentyal Web interface.

Today I added a new user to the AD directory, but that user cannot log in. If I accidentally use the incorrect password, it gives a password error, so am assuming NC correctly queries the AD server. If I log into NC as an Admin user, the new user shows up on the users page.

I have another user in the AD database that I don’t think had ever logged into NC. When that user logged in, a new user directory got created in the NC data directory for the user - \servername\user (that directory did not exist before - but my NC server is an upgrade of an OC server with a new data directory, and that user had logged into the OC server)

Anyway - I do not see any difference between the users - file permissions seem to be the same on home directories, NC permissions seem to be correct in the data directory, AD settings, group memberships etc are the same. I tried copying the working users data directory for the new user, but that did not work.

The error I get on the web page after trying to log in is:

Internal Server Error

The server encountered an internal error and was unable to complete your request.

Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.

More details can be found in the server log.

Technical details

Remote Address: 10.0.0.158
Request ID: rrWuYriWaylzEYqnF3Dt

In the log file, I get

{“reqId”:“7YeIsBaepZ3zD6DY8otc”,“remoteAddr”:“10.0.0.158”,“app”:“PHP”,“message”:“opendir(/home/harry/cache): failed to open dir: Permission denied at /var/www/cloud/lib/private/Files/Storage/Local.php#112”,“level”:3,“time”:“2016-11-22T20:30:55+00:00”,“method”:“POST”,“url”:“/index.php/login?redirect_url=%252Findex.php%252Fapps%252Ffiles%252F”,“user”:“harry”}
{“reqId”:“7YeIsBaepZ3zD6DY8otc”,“remoteAddr”:“10.0.0.158”,“app”:“index”,“message”:“Exception: {"Exception":"OCP\\Files\\NotFoundException","Message":"","Code":0,"Trace":"#0 \/var\/www\/cloud\/lib\/private\/Files\/Node\/Node.php(223): OC\\Files\\Node\\Node->getFileInfo()\n#1 \/var\/www\/cloud\/lib\/private\/Files\/Node\/Node.php(106): OC\\Files\\Node\\Node->getPermissions()\n#2 \/var\/www\/cloud\/lib\/private\/Files\/Node\/Folder.php(140): OC\\Files\\Node\\Node->checkPermissions(4)\n#3 \/var\/www\/cloud\/lib\/private\/Files\/Node\/Root.php(352): OC\\Files\\Node\\Folder->newFolder(‘\/files’)\n#4 \/var\/www\/cloud\/lib\/private\/Server.php(869): OC\\Files\\Node\\Root->getUserFolder(‘harry’)\n#5 \/var\/www\/cloud\/lib\/private\/User\/Session.php(400): OC\\Server->getUserFolder(‘harry’)\n#6 \/var\/www\/cloud\/lib\/private\/User\/Session.php(455): OC\\User\\Session->prepareUserLogin()\n#7 \/var\/www\/cloud\/lib\/private\/User\/Session.php(291): OC\\User\\Session->loginWithPassword(*** sensitive parameters replaced )\n#8 \/var\/www\/cloud\/core\/Controller\/LoginController.php(237): OC\\User\\Session->login( sensitive parameters replaced )\n#9 [internal function]: OC\\Core\\Controller\\LoginController->tryLogin( sensitive parameters replaced ***)\n#10 \/var\/www\/cloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(160): call_user_func_array(Array, Array)\n#11 \/var\/www\/cloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(90): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OC\\Core\\Controller\\LoginController), ‘tryLogin’)\n#12 \/var\/www\/cloud\/lib\/private\/AppFramework\/App.php(111): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OC\\Core\\Controller\\LoginController), ‘tryLogin’)\n#13 \/var\/www\/cloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(47): OC\\AppFramework\\App::main(‘LoginController’, ‘tryLogin’, Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#14 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#15 \/var\/www\/cloud\/lib\/private\/Route\/Router.php(293): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#16 \/var\/www\/cloud\/lib\/base.php(967): OC\\Route\\Router->match(‘\/login’)\n#17 \/var\/www\/cloud\/index.php(48): OC::handleRequest()\n#18 {main}","File":"\/var\/www\/cloud\/lib\/private\/Files\/Node\/Node.php","Line":86}”,“level”:3,“time”:“2016-11-22T20:30:56+00:00”,“method”:“POST”,“url”:“/index.php/login?redirect_url=%252Findex.php%252Fapps%252Ffiles%252F”,“user”:“harry”}

None of my users have a cache file in their /home/user directory. They do have a cache directory in their NC data directory.

I’ve run out of ideas. Anybody else got any suggestions. Do I need a tool to interrogate the AD directory server?

Don_Robertson · November 28, 2016, 3:57am

Well, did some digging concluded something wasn’t right with the LDAP directory server. I already had phpldapadmin installed on the Zentyal 4.2 machine, so interrogated the server. I saw the new users were added without a homedrive attribute and a homedirectory attribute of the form /home/username. The older entries had homedirectory attributes in the form \\servername.domain.name\username\

I edited the LDAP entries manually, and the new user appears to be working fine. Not entirely sure why it makes a difference … but seems to. Glad I don’t add users often.

It might just be time to jump to Nethserver or Clearos. I’ve been testing Nethserver in a VM and am liking it. There is an addon for Nextcloud too. Zentyal is … IDK. Seems to have stalled. I mean - I’d post about this on the Zentyal forums if I thought I’d get a reply.

Now to turn all my Apps back on. Cheers

Don