Access denied and authentication failed

Server
1

Steps to reproduce

  1. start server
  2. login via website with my mainly used ownclouduser
  3. try Android owncloud Sync-App with same user

Expected behaviour

Cloud data should show normally

Actual behaviour

The website tells me “Access denied” (“Zugriff verboten”) and no further information.
The Android App says “authentication failed” (“Authentifizierung fehlgeschlagen”)
If I try another user or the admin user I can login to owncloud normally.

Server configuration

Operating system:
Raspbian GNU/Linux 9.11 (stretch)
Web server:
nginx
Database:
mariadb
PHP version:
7.0
ownCloud version: (see ownCloud admin page)
10.3.2
Updated from an older ownCloud or fresh install:
update
Where did you install ownCloud from:
http://download.owncloud.org/download/repositories/production/Debian_9.0/
Signing status (ownCloud 9.0 and above):

No errors have been found.

The content of config/config.php:

{
    "system": {
        "updatechecker": false,
        "instanceid": "oc8qkd98rg6k",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "192.168.178.27",
            "myserver.dyndns.org"
        ],
        "datadirectory": "\/var\/www\/owncloud\/data",
        "overwrite.cli.url": "http:\/\/192.168.178.27",
        "dbtype": "mysql",
        "version": "10.3.2.2",
        "dbname": "owncloud",
        "dbhost": "127.0.0.1: 3306",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "Europe\/Berlin",
        "logfile": "\/var\/log\/owncloud.log",
        "loglevel": 2,
        "installed": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "maintenance": false,
        "theme": "",
        "singleuser": false
    }
}

List of activated apps:

Enabled:
  - brute_force_protection: 1.0.1
  - calendar: 1.6.3
  - comments: 0.3.0
  - configreport: 0.2.0
  - contacts: 1.5.5
  - dav: 0.5.0
  - federatedfilesharing: 0.5.0
  - federation: 0.1.0
  - files: 1.5.2
  - files_external: 0.7.1
  - files_mediaviewer: 1.0.1
  - files_sharing: 0.12.0
  - files_trashbin: 0.9.1
  - files_versions: 1.3.0
  - firstrunwizard: 1.2.0
  - gallery: 16.1.1
  - market: 0.5.0
  - notifications: 0.5.0
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.4.0
Disabled:
  - encryption
  - external
  - updatenotification
  - user_external

Are you using external storage, if yes which one: local/smb/sftp/…
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
no

Client configuration

Browser:
Firefox
Operating system:
Mageia Linux

Logs

Web server error log

2020/03/02 17:24:15 [notice] 30490#30490: signal process started
2020/03/02 22:07:57 [error] 30496#30496: *4071 open() "/var/www/owncloud/favicon.ico" failed (2: No such file or directory), client: 195.14.202.115, server: myserver.dyndns.org, request: "GET /favicon.ico HTTP/1.1", host: "myserver.dyndns.org"

ownCloud log (data/owncloud.log)

{"reqId":"b3a1542f-6da3-4ba7-af6c-141afab97fa0","level":3,"time":"2020-03-02T22:05:39+01:00","remoteAddr":"195.14.202.115","user":"--","app":"webdav","method":"PROPFIND","url":"\/remote.php\/dav\/files\/ownclouduser\/Rollenspiel\/Charaktere%20und%20Gruppenkram\/Numenera\/Musik\/Numeneramusik.txt","message":"Caused by: {\"Exception\":\"OC\\\\User\\\\LoginException\",\"Message\":\"Too many failed login attempts. Try again in 30 minutes.\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Hooks.php(95): OCA\\\\BruteForceProtection\\\\Throttle->applyBruteForcePolicy('ownclouduser', '195.14.202.115')\\n#1 \\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Hooks.php(63): OCA\\\\BruteForceProtection\\\\Hooks->preLoginCallback('ownclouduser')\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Hooks\\\/EmitterTrait.php(99): OCA\\\\BruteForceProtection\\\\Hooks->OCA\\\\BruteForceProtection\\\\{closure}('ownclouduser', '')\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Hooks\\\/PublicEmitter.php(33): OC\\\\Hooks\\\\BasicEmitter->emit('\\\\\\\\OC\\\\\\\\User', 'preLogin', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(518): OC\\\\Hooks\\\\PublicEmitter->emit('\\\\\\\\OC\\\\\\\\User', 'preLogin', Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(333): OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(362): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)\\n#7 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(131): OC\\\\User\\\\Session->logClientIn(*** sensitive parameters replaced ***)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Backend\\\/AbstractBasic.php(106): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->validateUserPass(*** sensitive parameters replaced ***)\\n#9 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(239): Sabre\\\\DAV\\\\Auth\\\\Backend\\\\AbstractBasic->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#10 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(156): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->auth(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#11 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(193): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#12 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(144): Sabre\\\\DAV\\\\Auth\\\\Plugin->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(96): Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(448): Sabre\\\\DAV\\\\Server->emit('beforeMethod:PR...', Array)\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(241): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#16 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Server.php(326): Sabre\\\\DAV\\\\Server->start()\\n#17 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#18 \\\/var\\\/www\\\/owncloud\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#19 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Throttle.php\",\"Line\":101}"}
{"reqId":"cb6b02fa-2568-4ea8-a0a2-d64cb1deba7d","level":3,"time":"2020-03-02T22:05:39+01:00","remoteAddr":"195.14.202.115","user":"--","app":"webdav","method":"PROPFIND","url":"\/remote.php\/dav\/files\/ownclouduser\/Rollenspiel\/Charaktere%20und%20Gruppenkram\/Rollenspiel%20D%26D%203_5\/Atuar%20Brightwood\/talente%20(2).txt","message":"Caused by: {\"Exception\":\"OC\\\\User\\\\LoginException\",\"Message\":\"Too many failed login attempts. Try again in 30 minutes.\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Hooks.php(95): OCA\\\\BruteForceProtection\\\\Throttle->applyBruteForcePolicy('ownclouduser', '195.14.202.115')\\n#1 \\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Hooks.php(63): OCA\\\\BruteForceProtection\\\\Hooks->preLoginCallback('ownclouduser')\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Hooks\\\/EmitterTrait.php(99): OCA\\\\BruteForceProtection\\\\Hooks->OCA\\\\BruteForceProtection\\\\{closure}('ownclouduser', '')\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Hooks\\\/PublicEmitter.php(33): OC\\\\Hooks\\\\BasicEmitter->emit('\\\\\\\\OC\\\\\\\\User', 'preLogin', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(518): OC\\\\Hooks\\\\PublicEmitter->emit('\\\\\\\\OC\\\\\\\\User', 'preLogin', Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(333): OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(362): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)\\n#7 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(131): OC\\\\User\\\\Session->logClientIn(*** sensitive parameters replaced ***)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Backend\\\/AbstractBasic.php(106): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->validateUserPass(*** sensitive parameters replaced ***)\\n#9 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(239): Sabre\\\\DAV\\\\Auth\\\\Backend\\\\AbstractBasic->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#10 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(156): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->auth(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#11 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(193): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#12 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(144): Sabre\\\\DAV\\\\Auth\\\\Plugin->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(96): Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(448): Sabre\\\\DAV\\\\Server->emit('beforeMethod:PR...', Array)\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(241): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#16 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Server.php(326): Sabre\\\\DAV\\\\Server->start()\\n#17 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#18 \\\/var\\\/www\\\/owncloud\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#19 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Throttle.php\",\"Line\":101}"}
{"reqId":"beac70e6-dffc-41c8-9949-b76b6c458bdc","level":3,"time":"2020-03-02T22:05:40+01:00","remoteAddr":"195.14.202.115","user":"--","app":"webdav","method":"PROPFIND","url":"\/remote.php\/dav\/files\/ownclouduser\/Rollenspiel\/Charaktere%20und%20Gruppenkram\/Rollenspiel%20D%26D%203_5\/Atuar%20Brightwood\/talente.txt","message":"Caused by: {\"Exception\":\"OC\\\\User\\\\LoginException\",\"Message\":\"Too many failed login attempts. Try again in 30 minutes.\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Hooks.php(95): OCA\\\\BruteForceProtection\\\\Throttle->applyBruteForcePolicy('ownclouduser', '195.14.202.115')\\n#1 \\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Hooks.php(63): OCA\\\\BruteForceProtection\\\\Hooks->preLoginCallback('ownclouduser')\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Hooks\\\/EmitterTrait.php(99): OCA\\\\BruteForceProtection\\\\Hooks->OCA\\\\BruteForceProtection\\\\{closure}('ownclouduser', '')\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Hooks\\\/PublicEmitter.php(33): OC\\\\Hooks\\\\BasicEmitter->emit('\\\\\\\\OC\\\\\\\\User', 'preLogin', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(518): OC\\\\Hooks\\\\PublicEmitter->emit('\\\\\\\\OC\\\\\\\\User', 'preLogin', Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(333): OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/User\\\/Session.php(362): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)\\n#7 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(131): OC\\\\User\\\\Session->logClientIn(*** sensitive parameters replaced ***)\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Backend\\\/AbstractBasic.php(106): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->validateUserPass(*** sensitive parameters replaced ***)\\n#9 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(239): Sabre\\\\DAV\\\\Auth\\\\Backend\\\\AbstractBasic->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#10 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Auth.php(156): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->auth(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#11 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(193): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Auth->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#12 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(144): Sabre\\\\DAV\\\\Auth\\\\Plugin->check(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(96): Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(448): Sabre\\\\DAV\\\\Server->emit('beforeMethod:PR...', Array)\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(241): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#16 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/Server.php(326): Sabre\\\\DAV\\\\Server->start()\\n#17 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#18 \\\/var\\\/www\\\/owncloud\\\/remote.php(165): require_once('\\\/var\\\/www\\\/ownclo...')\\n#19 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/apps\\\/brute_force_protection\\\/lib\\\/Throttle.php\",\"Line\":101}"}
2

Have you tried temporarily disabling the bruteforce protection app?

occ app:disable brute_force_protection
2 Likes
3

Some weeks ago I had the same problem. That time I had fail2ban wathching for brute-force-attacks. I disabled it and I could login. I activated brute-force-protection app and for a while all went well.

When fail2ban was active it reported me that the “attacks” came from somewhere near. It seemed to me that some of my devices had been involved…?!

4

You can usually set exceptions in fail2ban, but it might not be trivial to set this up if you don’t have static IPs.

1 Like
5

How can I be sure that there is nothing wrong with my devices. For testing purposes I can deactivate brute-force-protection. But as long as I am not sure I don’t want to do this permanently.

By the way - currently all is working well without any changes on my server…
OK - my Laptop is synching my Smartphone is unable to cennect to the server.
Edit: Laptop also not synching anymore…

7

Hey,

maybe the fail2ban rules are not correct and banning your laptop/smartphone incorrectly?

1 Like