[details]
Nextcloud version (eg, 12.0.2): 16.03
Operating system and version (eg, Ubuntu 17.04): Ubuntu 18.04
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.29
PHP version (eg, 7.1): 7.2.19
We have two access points for NC
- internal Network
- over Internet behind a WebApplicationFirewall (WAF) with reverse proxy
On both access point we trie using the Browser, Webdav on Windows and Linux and NetUse on Windows.
We have configured NC to Access via SSO over Kerberos to our MS AD and using LDAPs for Authentication.
On internal Network everything is working with Browser (https), WebDavSecure and NetUse on all Operating System
On External (Internet) we can use only the Browser but not WebDav or NetUse.
WAF konfigurtion is configured on Firewall (Sophos) with reverse Proxy Authentication.
User open the Browser, get the login Page from the FW and if he is allowed he get directly connection to NC over SSO / Kerberos connection.
Internal Browser Link example: https://server.local.com//index.php/login?direct=1
ExternaI Browser Link example: https://server.com//index.php/login?direct=1
Internal WebDav Link example: https://server.local.com//remote.php/dav/files/ACCOUNT/
or on Linux: davs://server.local.com//index.php/login?direct=1
External WebDav Link example: https://server.com//remote.php/dav/files/ACCOUNT/
For NetUse almost the same like WebDav
Apache Config:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.local.com.crt
SSLCertificateKeyFile /etc/ssl/private/server.local.com.key
# Pfad zu den Webinhalten
DocumentRoot /vol1/nc/
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
</IfModule>
<Location "/index.php/login?direct=1">
Options -Indexes
Order allow,deny
Allow from all
AuthType Kerberos
AuthName "TRZ-Cloud-Authentication"
KrbAuthRealms LOCAL.COM
KrbServiceName HTTPS/server.local.com
Krb5Keytab /etc/krb5_nc.keytab
KrbMethodNegotiate On
KrbMethodK5Passwd On
require valid-user
</Location>
</VirtualHost>
Our config.php
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'instanceid' => 'oct306',
'passwordsalt' => 'pwd',
'secret' => 'pwd',
'trusted_domains' =>
array (
0 => '192.168.10.10',
1 => 'server.local.com',
2 => 'server.com',
),
'datadirectory' => '/vol1/nc/data',
'dbtype' => 'mysql',
'version' => '16.0.3.0',
'overwrite.cli.url' => 'https://server.local.com',
'dbname' => 'nc',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nc',
'dbpassword' => 'pwd',
'installed' => true,
'mail_from_address' => 'nc',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'db.de',
'mail_smtphost' => 'smtp.net',
'mail_smtpport' => '25',
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
);
So if we use the external Webdav oder NetUse Link we get the Message “der angegebene Ordner ist ungültig. wählen Sie einen anderen Ordner”
I’am not sure but could it be a different link for WebDav/NetUse if we using SSO like on Browser?
I have search man other post but can’t find any solution.
So if someone has a idea for us?
Thank you very much
wrbrgds TheBob