OSX CALDAV: 401 not authorized (remote.php) but sync works

Eneas · February 4, 2017, 11:15am

Hello!

I can sync OSX calendar withe nextcloud. However, I always get an error with each sync: 401 not authorized (see below).

I have installed nextcloud in var/www/nextcloud and configured my virtualhost as described:

What I have already tried to fix the issue:

Added http verbs in my virtualhost
Added all recommendations from installation instructions from Nextcloud

What else could I try?

Best regards
Eneas

Nextcloud version (11.0.1):
Operating system and version (Ubuntu 16.04):
Apache or nginx version (Apache 2.4.18):
PHP version (7.0.13-0ubuntu0.16.04.1):
Is this the first time you’ve seen this error and can you replicate it?:
I can replicate it every single time.

The issue you are facing:
Get 401 not authorized in modsec_audit.log

The output of your Nextcloud log in Admin > Logging:
Doesn’t show any error.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'instanceid' => 'o', 'passwordsalt' => '9', 'secret' => 'Zx', 'trusted_domains' => array ( 0 => 'cloud.hostname.com', ), 'datadirectory' => '/mnt/nextcloud', 'overwrite.cli.url' => 'http://cloud.hostname.com', 'dbtype' => 'mysql', 'version' => '11.0.1.2', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'nextclouduser', 'dbpassword' => 'p', 'logtimezone' => 'UTC', 'installed' => true, 'mail_from_address' => 'nextcloud', 'mail_smtpmode' => 'php', 'mail_domain' => 'hostname.com', ); Virtual host file SSL: ServerAdmin webmaster@localhost DocumentRoot /var/www/nextcloud ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # Lets Encrypt SSL certificate SSLCertificateFile /etc/letsencrypt/live/cloud.XXX.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/cloud.XXX.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf ServerName cloud.XXX.com Options +FollowSymlinks AllowOverride All Satisfy Any Dav off SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud # vim: syntax=apache ts=4 sw=4 sts=4 sr noet Virtual host file without SSL: ServerAdmin webmaster@localhost DocumentRoot /var/www/nextcloud ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined #Redirect all traffic to https Redirect permanent / https://cloud.XXX.com/ RewriteEngine on RewriteCond %{SERVER_NAME} =cloud.XXX.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] #Configutation from nextcloud installation instructions Options +FollowSymlinks AllowOverride All Satisfy Any Dav off SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud Header always set Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" SecRuleRemoveById XXXX XXXX XXXX # vim: syntax=apache ts=4 sw=4 sts=4 sr noet The output of your Apache log in `/var/log/modsec_audit.log`: --53db0420-A-- [04/Feb/2017:11:37:58 +0100] WJWvBn8AAAEAAHHUVyEAAAAA XXX.XXX.XXX.XXX 18627 XXX.XXX.XXX.XXX 443 --53db0420-B-- PROPFIND /remote.php/dav/calendars/chriskis/ HTTP/1.1 Host: cloud.XXX.com Content-Type: text/xml Depth: 1 Brief: t Accept: */* Connection: keep-alive Prefer: return=minimal User-Agent: Mac+OS+X/10.12.3 (16D32) CalendarAgent/384 Content-Length: 2217 Accept-Language: de-at Accept-Encoding: gzip, deflate --53db0420-C-- <?xml version="1.0" encoding="UTF-8"?>

<A:propfind xmlns:A="DAV:">
  <A:prop>
    <A:add-member/>
    <C:allowed-sharing-modes xmlns:C="http://calendarserver.org/ns/"/>
    <D:autoprovisioned xmlns:D="http://apple.com/ns/ical/"/>
    <E:bulk-requests xmlns:E="http://me.com/_namespace/"/>
    <B:calendar-alarm xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <D:calendar-color xmlns:D="http://apple.com/ns/ical/"/>
    <B:calendar-description xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <B:calendar-free-busy-set xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <D:calendar-order xmlns:D="http://apple.com/ns/ical/"/>
    <B:calendar-timezone xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <A:current-user-privilege-set/>
    <B:default-alarm-vevent-date xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <B:default-alarm-vevent-datetime xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <A:displayname/>
    <C:getctag xmlns:C="http://calendarserver.org/ns/"/>
    <C:invite xmlns:C="http://calendarserver.org/ns/"/>
    <D:language-code xmlns:D="http://apple.com/ns/ical/"/>
    <D:location-code xmlns:D="http://apple.com/ns/ical/"/>
    <A:owner/>
    <C:pre-publish-url xmlns:C="http://calendarserver.org/ns/"/>
    <C:publish-url xmlns:C="http://calendarserver.org/ns/"/>
    <C:push-transports xmlns:C="http://calendarserver.org/ns/"/>
    <C:pushkey xmlns:C="http://calendarserver.org/ns/"/>
    <A:quota-available-bytes/>
    <A:quota-used-bytes/>
    <D:refreshrate xmlns:D="http://apple.com/ns/ical/"/>
    <A:resource-id/>
    <A:resourcetype/>
    <B:schedule-calendar-transp xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <B:schedule-default-calendar-URL xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <C:source xmlns:C="http://calendarserver.org/ns/"/>
    <C:subscribed-strip-alarms xmlns:C="http://calendarserver.org/ns/"/>
    <C:subscribed-strip-attachments xmlns:C="http://calendarserver.org/ns/"/>
    <C:subscribed-strip-todos xmlns:C="http://calendarserver.org/ns/"/>
    <B:supported-calendar-component-set xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <B:supported-calendar-component-sets xmlns:B="urn:ietf:params:xml:ns:caldav"/>
    <A:supported-report-set/>
    <A:sync-token/>
  </A:prop>
 </A:propfind>
 --53db0420-F--
 HTTP/1.1 401 Unauthorized
Strict-Transport-Security: max-age=15768000; includeSubdomains; preload
Set-Cookie: ocobndx1yhup=2cdm5o14k2kr2i7d56s8f18gi7; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=XXX; path=/; secure; HttpOnly
Content-Security-Policy: default-src 'none';
Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
WWW-Authenticate: Basic realm="XXX"
WWW-Authenticate: Basic realm="XXX"
WWW-Authenticate: Basic realm="XXX"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Length: 555
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/xml; charset=utf-8

--53db0420-E--

--53db0420-H--
Apache-Handler: application/x-httpd-php
Stopwatch: 1486204678725856 30164 (- - -)
Stopwatch2: 1486204678725856 30164; combined=2331, p1=286, p2=1851, p3=48, p4=109, p5=36, sr=26, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/); OWASP_CRS/3.0.0.
Server: Apache
Engine-Mode: "ENABLED"
--53db0420-Z--

Remember, this information may be requested if it isn’t supplied; for fastest response please provide as much as you can Feel free to use a pastebin service, otherwise log files can be indented with 4 spaces on each line to present them in a friendlier way on the forum.

Eneas · February 5, 2017, 10:46pm

Could this problem be related with Basic Auth although I have set ‘Satisfy Any’ in .htaccess?