Unable to login with database user after server migration

Nextcloud version (eg, 18.0.2): 18.0.4
Operating system and version (eg, Ubuntu 20.04): Centos 8
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.37
PHP version (eg, 7.1): 7.3.5

The issue you are facing:
After mirgration to a new server I got login issues for database stored nextcloud users.

Is this the first time you’ve seen this error? (Y/N):
Yes

Steps to replicate it:

  1. Maintenance mode on old server
  2. Created database dump
  3. Created file backup
  4. Transferd data to new server
  5. Imported database dump to a new clean database
  6. Imported files to directoryroot of the vhost
  7. Tested access with maintenance mode on - successfull
  8. Tested login with maintenance mode off - unsuccessfull with nextcloud database user; successfull with LDAP user

The output of your Nextcloud log in Admin > Logging:

[no app in context] Warning: Login failed: *username* (Remote IP: XXX.XXX.XXX.XXX)

POST /index.php/login
from XXX.XXX.XXX.XXX at 2020-05-06T10:11:59+02:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => '',
    1 => '',
  ),
  'datadirectory' => '/html/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '18.0.4.2',
  'overwrite.cli.url' => '',
  'dbname' => 'nextcloud',
  'dbhost' => '',
  'dbport' => '',
  'dbtableprefix' => '',
  'mysql.utf8mb4' => true,
  'dbuser' => '',
  'dbpassword' => '',
  'installed' => true,
  'tempdirectory' => '/html/data/tmp/',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'maintenance' => false,
  'skeletondirectory' => '',
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' =>
  array (
  ),
  'twofactor_enforced_excluded_groups' =>
  array (
  ),
  'updater.release.channel' => 'stable',
  'theme' => '',
  'loglevel' => 1,
  'logtimezone' => 'Europe/Berlin',
  'memcache.local' => '\\OC\\Memcache\\ArrayCache',
  'mail_from_address' => '',
  'mail_domain' => '',
  'mail_smtpauth' => ,
  'mail_smtphost' => '',
  'mail_smtpport' => '',
  'mail_smtpname' => '',
  'mail_smtppassword' => '',
  'data-fingerprint' => '',
  'mail_smtpsecure' => '',
  'mail_smtpauthtype' => '',
);

The output of your Apache log in /var/log/____:

Nothing

How about LDAP? Could be that you are using Authentication via external LDAP, is this configured to the new server?

Yes LDAP is working fine. There is no problem with the LDAP users

Sorry, did not read it firstly…

Can you reset the password and check if it works afterwards? There was a ticket that after upgrade some at least application passwords could be vanished… But you did not done any upgrade.

Hey,

yes I can set a new password manually. Then a login is possible. My idea is that through the migration a part of a salted piece changed. Could this be?

Thats can be true if you did not copy your config.php from the old server, I thought it was done on step 6.

Basically those tree should be keept the same if you move NC to the new server:

$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',

As per Docu: The salt used to hash all passwords, auto-generated by the Nextcloud installer. (There are also per-user salts.) If you lose this salt you lose all your passwords. This example is for documentation only, and you should never use it. https://docs.nextcloud.com/server/18/admin_manual/configuration_server/config_sample_php_parameters.html#default-parameters

You absolutly understand it in the right way. I copied the config.php and only updated the directory path and the database credentials.

Hi there,

is there any news on this? I’m facing the exact same problem: after moving the installation from one server to another - no user can log on to the new server. No LDAP in place.

What happend and how can I solve/prevent this, because I have further server migrations to do…

Ok, I resetted the password of one user to the exact same password using the occ user:resetpassword command and I can login again with this user!

Interestingly the password hash has changed in the users table - hence I guess the salt somehow changed between servers? I also migrated the config.php, so instanceid, passwordsalt and secret stayed the same (I just changed data path and db credentials).

Where does the different password salt comes from? I am on NextCloud v17.0.2

TIA & Cheers

To be honest, I moved already few times, and it was easy via simple Backup and Restore. Have no idea why it causing problems here.

I had exact the same behavoir. I used the situation to switch all users to use their LDAP credentials…

Ok, seems that argon2 support is missing on the new server, which comes with Plesk! And Plesk’s PHP version is not compiled with argon2 support:

Now I am aware of two possible solutions:

  1. let all users reset their passwords - buh!
  2. as PHP is part of Plesk, try to patch it somehow?

Is there any more you can think of?

TIA & Cheers

@mnemonic That saved my day! I switched from Cent OS 7 to Alma Linux 8, but the build-in php 7.4 does not have argon2 support:

php -r 'echo password_hash("password", PASSWORD_ARGON2I), PHP_EOL;'

PHP Warning:  Use of undefined constant PASSWORD_ARGON2I - assumed 'PASSWORD_ARGON2I' (this will throw an Error in a future version of PHP) in Command line code on line 1
PHP Warning:  password_hash(): Unknown password hashing algorithm: PASSWORD_ARGON2I in Command line code on line 1

Then I switched to remi-php:

sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo dnf module list php
sudo dnf module reset php
sudo dnf module enable php:remi-7.4
sudo dnf install php

Now it works like expected and login is possible again:

php -r 'echo password_hash("password", PASSWORD_ARGON2I), PHP_EOL;'

$argon2i$v=19$m=65536,t=4,p=1$zGLtxdy7JYdVLT6mm3Bkyg$fpGGN4Ewgzez8g9Of6yr0sa3KXw0NYPpS7Y5/DCaOf0

Thanks a lot for that hint.

1 Like