Domain Users not able to log in

Steps to reproduce

1. Try to login via web address with active directory account

Expected behaviour

Tell us what should happen
User should be able to login and see their files.

Actual behaviour

Tell us what happens instead
Browser gives wheel of death and eventually returns “err_empty_response”

Server configuration

Operating system:
Ubuntu 14.04LTS

Web server:
Apache (I think)

Database:
Unknown

PHP version:
5.5

ownCloud version: (see ownCloud admin page)
9.1
Updated from an older ownCloud or fresh install:

Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

No errors found

The content of config/config.php:
This option isn’t available and I get Sorry get an error could not open input file: occ from comand line

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system

{
    "system": {
        "updatechecker": false,
        "instanceid": "ocow55fosl6g",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "mecloud.mysite.com",
            "192.168.10.132",
            "localhost",
            "svr-cloud"
        ],
        "datadirectory": "\/mnt\/dfsMeCloud\/data",
        "overwrite.cli.url": "https:\/\/mecloud.mysite.com\/owncloud",
        "dbtype": "mysql",
        "version": "9.1.0.15",
        "dbname": "oc",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "mail_smtpmode": "smtp",
        "ldapIgnoreNamingRules": false,
        "mail_from_address": "mecloud",
        "mail_domain": "mysite.com",
        "mail_smtphost": "mysite-com.mail.protection.outlook.com",
        "mail_smtpport": "25",
        "loglevel": 3,
        "log_rotate_size": 104857600,
        "maintenance": false,
        "enable_certificate_management": true,
        "mail_smtpsecure": "tls"
    }
}

List of activated apps:
Sorry get an error could not open input file: occ

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Enabled:
  - activity: 2.3.2
  - dav: 0.2.5
  - federatedfilesharing: 0.3.0
  - files: 1.5.1
  - files_pdfviewer: 0.8.1
  - files_sharing: 0.10.0
  - files_trashbin: 0.9.0
  - files_videoplayer: 0.9.8
  - provisioning_api: 0.5.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1
  - user_ldap: 0.9.0
Disabled:
  - comments
  - encryption
  - external
  - federation
  - files_antivirus
  - files_external
  - files_texteditor
  - files_versions
  - firstrunwizard
  - gallery
  - notifications
  - systemtags
  - user_external

Are you using external storage, if yes which one: local/smb/sftp/…
yes smb.
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…

yes LDAP (active directory)

LDAP configuration (delete this part if not used)

Sorry get an error could not open input file: occ

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config




from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:
Edge / Chrome
Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

Apart from asking me to supply things I can’t supply… Here’s the story.
This is an elderly version of OwnCloud (I know this), On friday we installed the latest windows updates and rebooted all our servers (including our domain controllers). Since then only users created on the OwnCloud system itself i.e. standalone users are able to login.
I’ve run tests from within OwnCloud to prove the connection via LDAP with the domain controller and these all pass. I am at a complete loss as to know what isn’t working or how to fix it.

I should add that if I am logged in with an Admin account and I try to list the users nothing happens and eventually it gives up.

Please help!

Kind regards,

Paul.

Hi Paul,

sounds to me like a LDAP app configuration error.

You say that it worked before you updated your windows servers?

Sorry get an error could not open input file: occ

This might be one of your issues. You have to execute the occ commands inside your ownCloud folder.

Hi, thanks for your reply. The LDAP settings haven’t changed and were working just fine. If I hit the get users /groups button it tells me it has found 46 users which is about right.

It was working at some point, I can’t say for sure when it stopped working but the last thing that has happened is we’ve deployed windows updates to our windows VMs. The file storage is hosted on a Windows file server but I’ve no evidence that has anything to do with anything.

I know some users have been moving files off the platform but again I’ve no evidence to suggest that has anything to do with it either.

removed as added above.

oC 9 is really old, so I don’t know if there was an occ command to show you the ldap config, but if there is - you can post it in here.

If the configuration has not changed that something on the windows side changed.

Do you connect via LDAP or LDAPS with a certificate?

Equally concerning is Ubuntu 14.04 LTS, as its immediate LTS successor, 16.04, is already end of life.

The effort to get the current installation working might be better expended on a migration to both a current OS and application version.

YMMV

Yes Dmitry as I mentioned “an elderly system” the connection is via LDAP and it tests fine. If I go to the users tab and click the test button it tells me it’s found 56 users which corresponds to the correct number of users so it would appear to be doing the directory lookup. I’m fairly convinced this isn’t an LDAP issue. What I don’t know is what OwnCloud does after the login phase or what it needs to do when I click the Users option on the Admin page. It is those pages that are hanging… Could it be a problem with reading a database table ? Is there a way of determining that ? The trouble is now that I’ve mentioned the possible / or not link with Windows servers being updated there is a tendency is to automatically decide that this is the cause of the issue (it might be but equally it may not be). What I need is a way to determine what the issue is and then try to determine a way to fix it.

Yes LinkP as already stated this is an elderly system. We are trying to get the users to move their data off it so it can be decommissioned I hadn’t banked on it decommissioning itself. So while you are undoubtedly right that it’s an old system on an old operating system, it doesn’t help me fix THIS problem.

I’ve had similar problems with some £100,000 + CNC milling machines which have a Windows XP control system and people tell me they should be upgraded… Well good luck trying to sell that to my board of directors.

Yes, saying that “it’s already stated” does not mitigate the issue

Outdated systems are not supported, this is a fact that can not be simply pushed away by saying “I know this is an outdated system” as well as a car without an insurance can not be covered by insurance by saying “I know I don’t have insurance”

In Addition - Updating one component but keeping the other one as is, is not a good strategy.

Lastly, if you have enough users that you need an LDAP server then maybe you need a support subscription

I’m not saying it mitigates the issue, I am saying that you’ve simply restated something I’d already stated so your point is moot.

I’ve inherited this system so I’ve no idea whether 46 (not 56 as previously stated) is enough for a subscription, then again why would you not use LDAP if you have an AD capable of doing the authentication for you, regardless of how many users are using it? I still don’t know why you keep thinking that LDAP is the issue when I’m fairly sure the issue is post authentication i.e. after the LDAP lookup has been done.

I know it’s an old system and I know it’s an old OS and is therefore not supported (it’s one of the reasons for asking for help from the community) but that doesn’t change the fact that last week (as far as I know) it was working and now it isn’t.

Lastly given the lack of support I’ve received so far if you were me would you be looking to a. upgrade the system and or b. pay for a support contract if this is the sort of response I’m going to get ?

Because usually you only need AD if you have many users that need to be synched up, separated in to groups with certain permissions. Local users would do just fine for small businesses, and if it’s the authentication you are worried about, we do have 2FA.

Keep in mind that this is a user forum, for users from users. You getting here and ignoring what ownCloud recommends, like having at least the last LTS as a server OS and at least ownCloud 10, is not a great start

The support you will get here is limited by the people who notice your post and read it and will have time to answer. Payed support will provide you with a professional help.

Anyway, there is still a chance that someone with a similar issue will notice this post and help you out.

Sorry it doesn’t make much sense having an AD more than capable of doing authentication and then reinventing the wheel and having OwnCloud also do it… My users even if there were only 1 would find it a right pain to login to their Windows machines and then login again to owncloud. Using the built in LDAP functionality of OwnCloud means they can use the same login they’re used to using… and to repeat I’m not convinced that is the issue but I’ve no idea how to determine that.

I might have mentioned (can’t remember now) we’re looking to decommission the system and move users to sharepoint.

If we were upgrading or implementing a new version of Owncloud then I’d definitely be looking to do paid support. I realise it’s a user to user forum completely and I’m grateful for constructive help.

My issue currently is that the only solution anyone has been able to suggest is to upgrade my system to a new version. That is counter-intuitve given the direction of travel and doesn’t resolve THIS issue. I prefixed my ticket with the fact that I knew it was an old and out of date system.

To borrow your analogy, it’s like owning a very old car and when it breaks down someone telling you, you should buy a newer car. I’m still stuck at the side of the road and have to walk home.

So to sum up, you want help with your current old ownCloud to get it working so you can switch to microsoft Sharepoint?

If you don’t want to help then don’t. I don’t know how long it will take users to migrate their data to the other system on current form it could be months, it wasn’t my decision to migrate away from owncloud. All I’m interested in is getting the thing that was working, working again.

This conversation is pointless and it will be my last reply to you.

Right, so that others can benefit from it should you ever find yourself in this situation… I did what I should have done right from the get go. I asked the user who originally reported this issue what they were trying to do when the problem appeared. They advise that they’d done a select all (checking the check box at the top) and had then clicked “Delete”. They then got a wheel of death and a yellow error message (though he couldn’t tell me what it said).

So to resolve the issue I removed the users account. Since then the system has come back to life and I can now view all (the rest) users.

I’m not sure why what he did had this affect but clearly there’s some sort of database/system issue.

Thanks for following up to let others know what you did.

As for using LDAP, I agree with you on its benefits no matter how few users are in play. If you have standardized on a central directory it makes sense to use it. I’m not about to waste my time managing ad-hoc local users when they already exist in my existing central identity management service that readily integrates with ownCloud.

Best of luck on your migration.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.