SMB/LDAP not updating new AD-Groups and rights


#1

After adding a user to a new AD-Group the rights in Nextcloud are not updated

Nextcloud version (eg, 12.0.2): Nextcloud 15.0.4
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.29
PHP version (eg, 7.1): PHP 7.2

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

Hi I have a clean install of nextcloud 15.04 on Ubuntu 18.04. I followed the Installation Guide and configured everything, so that the nextcloud self check is Ok. (HTTPS, OPcache etc)

I also configured the LDAP Integration, and all users that are in our AD-Group “Cloud-Users” are imported and can login.
Also the Access to the SMB Shares is working fine. The user only has Access where the correct NFTS Grouppermissions are set.

But when i change a users Groups in the AD, it don’t update the new rights in nextcloud. If i open the folder I only get the message “No Files available”. But there are files in this folder.

Other Users who had the right to access this folder on their first login to nextcloud, can access it.

The output of your Nextcloud log in Admin > Logging:

There are no logging Events at the Time the User tries to access the folder.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'xxxxxxxx',
  'passwordsalt' => 'xxxxx',
  'secret' => 'xxxx',
  'trusted_domains' =>
  array (
          0 => '172.18.6.51',
          1 => 'cloud.xxxx.de',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '15.0.4.0',
  'overwrite.cli.url' => 'http://172.18.6.51/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'db-nextcloud',
  'dbpassword' => 'xxxxxx',
  'installed' => true,
  'updater.release.channel' => 'production',
  'mail_from_address' => 'Cloud',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'xxxx.de',
  'mail_smtphost' => '172.18.6.13',
  'mail_smtpport' => '25',
  'memcache.local' => '\OC\Memcache\APCu',
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'overwrite.cli.url' => 'https://cloud.xxxxx.de/',
  'htaccess.RewriteBase' => '/',
);

The output of your Apache/nginx/system log in /var/log/____:

Apache access.log:
::1 - - [13/Feb/2019:07:54:50 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:51 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:52 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:53 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:54 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:55 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:56 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:57 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:58 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
::1 - - [13/Feb/2019:07:54:59 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g (internal dummy connection)"
172.18.0.239 - - [13/Feb/2019:08:06:40 +0000] "GET /nextcloud/index.php/csrftoken HTTP/1.1" 200 977 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:16:46 +0000] "GET /nextcloud/index.php/login HTTP/1.1" 404 521 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:16:46 +0000] "GET /favicon.ico HTTP/1.1" 404 506 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:16:51 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:16:51 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 200 3623 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:39 +0000] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:39 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:41 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:41 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:41 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:41 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:41 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:41 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:42 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"
172.18.0.239 - - [13/Feb/2019:08:17:43 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://cloud.xxxx.de/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0"



Apache error.log is empty

#2

Yes. Without a new scan NC will not know that the user got added …


#3

How can I do such a scan?


#4

I just clicked through the whole AD Configuration. Still don’t have access to the folder.

So I removed the AD User from the Group “Cloud Users” so that the user was removed automatically from the Users list in nextcloud, and can’t login anymore.

Now I added him to the Group again, and he could login again. But he still can not access the SMB Share through nextcloud.

So nextcloud should have done an AD-Scan, but still does not update the “Access” AD-Group membership or does not update the Folder view.

Is it possible that some Cache is active and does not update the folder?


#5

Check in the documentation for “files:scan” rescan filesystem
Actually thinking about it, you might need to touch a file in the folder in question so it actually gets scanned otherwise it comes from the cache … if any file changes the scan should work …