Hi,
I recently enabled TOTP and everything worked fine, until I tried to access my files using webdav.
I properly reconfigured my webdav client, using an app password, but it won’t access my files. The client displays : “HTTP Error: Unauthorised”. The server shows a few errors in the logs. You can find both screenshots linked to this message.
I tried to disable TOTP authentication to see if it was really the cause of the problem, and I could now access my files.
Has anyone got an idea?
Thanks,
Best regards,
Miocastoor
Nextcloud version : Nextcloud 11.0.1 (stable)
Operating system and version :
- Client: Fedora 25, nautilus (webdav client) and the Online Accounts functionality.
- Server: Debian 8.7
nginx version : 1.6.2-5+deb8u4
PHP version : 5.6.30+dfsg-0+deb8u1
dev0
2
you need to use the app-password function for webdavclients.
Thanks for your answer, but as I said, I’ve already tried to use an app password, unsuccessfully.
dev0
5
if you disable TOTP, does then the app-password work too?
I just tried and it seems to work.
So there is no way to make it work with webdav?
Lars_M
8
can you explain how you use the App-Password? For me it works very good with every client.
I open the menu, then Personal -> App passwords, I create a new app password (which I called “Fedora Online Accounts”), and I use the generated password when authenticating in Online Accounts in the settings panel of gnome.
Lars_M
10
Curious. I can’t try it with Linux desktop, I use Windows. Has the Server any error log?
dev0
11
I have linux too, and used cadaver (a command line webdav-tool) and thunar (in XFCE) both worked with totp and app-password.
Only the logs provided in my first message, which appear when TOTP is enabled.
ndom91
14
I’m having the same problem. Can’t get webdav to connect from Thunar / Gigolo when TOTP is enabled even though I’ve generated an app pw. Simply says “Login failed…” in the logs
dev0
15
which version of nc are you using?
Is your username correct? I use IMAP for authentication with the domain set in the configuration. Depending on how I log in the username that the app passwords are created as changes
Kra3h
17
Hi, it did not work for the normal mount command, however after putting the credentials under /etc/davfs/secrets i was able to mount the folders 
Same Problem. My theory: I connected to the same account before without totp.
I tried with another account where i used totp at first connection and everything went fine.
el_lobo
19
…facing same issue, I can confirm
New users with TOTP active before first connect -> works.
Existing users who previously connected and activated TOTP later -> fails.
Both users have a device/session token (not using their nc password).
1 Like
tflidd
21
Does it work for an existing user but on a different client system (so perhaps the client system somehow tries to use the old password).
TL;DR: It does work for an existing user on a different client system, however the different client I used was also a different platform (iOS NextCloud app), so it’s always possible that it works on iOS and not on Ubuntu, or that the app password works in a NextCloud app, but not with WebDAV.
Here’s how I tested:
- Set up a NextCloud account (running NextCloud snap version 20 on Ubuntu Core on a Raspberry Pi).
- Created my user account, not using TOTP.
- In GNOME Settings, added my NextCloud account.
- In “Files” app, mounted my NextCloud instance. Mounted as expected.
- Logged into NextCloud in my browser, installed and turned on TOTP. Confirmed I can log out and back in using one-time password in Firefox (tested on Ubuntu laptop and a few other devices).
- In GNOME Settings, removed my NextCloud account (clicked the big red “Remove” button).
- In NextCloud > Settings > Security, created an app password.
- In GNOME Settings, clicked NextCloud, entered my URL, username, and the app password and clicked “Connect”. Ubuntu accepted the credentials. (Note: I don’t know what happens if I deliberately enter bad credentials).
- Navigated to File app, right-click my URL in the sidebar, select “mount”.
Expected result:
- My NextCloud files appear in the Files app
Actual result:
Then, I tested another client:
- Downloaded the NextCloud app from the App Store onto my iPad Pro
- In NextCloud (in a browser), created an app password for the iPad
- Ran the NextCloud app on the iPad, selecting the option to use an app token
- Entered my username and app password
Login succeeded as expected.
Notes:
- In NextCloud > Settings > Security > Devices & sessions, I revoked the previous sessions from my Ubuntu device - I suspected that maybe either Ubuntu had a session token or NextCloud was expecting a session token from the device; that is, one side or the other wasn’t expecting the app password. This didn’t resolve the issue.
- I’m unable to mount a WebDAV drive in GNOME. I haven’t tried accessing contacts or calendars.
- I’m able to mount the WebDAV URL if I use davfs from the command line. This would seem to support the theory that GNOME is caching the old password:
# This works
sudo apt install davfs2 # Select Yes when prompted to let users mount drives
mkdir $HOME/nc
echo "https://NEXTCLOUD_DOMAIN/remote.php/dav/files/NEXTCLOUD_USERNAME/ $HOME/nc davfs user 0 0" | sudo tee -a /etc/fstab
usermod -a -G davfs2 $LOGNAME
mount $HOME/nc # Will prompt for nextcloud username and password
#Store secrets so you're not prompted
mkdir ~/.davfs2
echo "$HOME/nc NEXTCLOUD_USERNAME NEXTCLOUD_APP_PASSWORD" >> ~/.davfs2/secrets
chmod 600 ~/.davfs2/secrets
