Single user receives "access forbidden" when using desktop sync client

Hi All,

I’ve had a quick search and found people with issues similar to mine but not quite the same so I hope a new post is ok.

I have an owncloud server that I recently updated to 10.0.10. This caused me quite a bit of pain but it seems to be working fine now for all but 1 of my users. The users are synced via ldap from a samba domain controller. Machine in question is a 64gib Win 7 Pro.

If I browse to the server and login everything is fine
If I use the desktop sync client it gives the “Access Forbidden by server” error.

I have updated the sync client on the machine in question to 2.5, the problem persists (not sure what version it was before the update but probably 2.3.?).
I have tried on a different machine (also win7 pro) and have the same result.
I have reset the users AD password and that change has propagated to the web interface.

Ubuntu 14.04.5, Apache2, PHP 5.6.38, Mysql 14.14


The relavent bit of client log (I think) is this. I’ve had to put the url’s out so I could post but it’s all https

10-15 12:09:58:161 [ info gui.wizard ]: Connect to url: “owncloud”
10-15 12:09:58:162 [ info sync.accessmanager ]: 6 “PROPFIND” “owncloud/remote.php/webdav/” has X-Request-ID “9b4703c1-91fe-40b5-a8f1-9a0229c8bdb1”
10-15 12:09:58:163 [ info sync.networkjob ]: OCC::PropfindJob created for “owncloud” + “/” “OCC::OwncloudSetupWizard”
10-15 12:09:58:565 [ warning sync.credentials.http ]: Stop request: Authentication failed for “owncloud/remote.php/webdav/”
10-15 12:09:58:566 [ warning sync.networkjob ]: QNetworkReply::NetworkError(OperationCanceledError) “Operation canceled” QVariant(Invalid)
10-15 12:09:58:566 [ info sync.networkjob.propfind ]: PROPFIND of QUrl(“owncloud/remote.php/webdav/”) FINISHED WITH STATUS “OperationCanceledError Operation canceled”
10-15 12:09:58:566 [ warning sync.networkjob.propfind ]: not successful, http result code is 0 “”

Web server error.log, again, the relavent line I think is;
[Mon Oct 15 11:29:32.754265 2018] [negotiation:error] [pid 19661] [client MYIPADDRESS:63192] AH00687: Negotiation: discovered file(s) matching request: /var/www/owncloud/settings/users (None could be negotiated).

Ok, so I did some more digging and it is now working after I generated an app specific password. Not sure why this has only affected one of my users but he does at least seem to be back up and running.

Can anyone confirm if I can turn this option off? 30 odd users all with up to 3 devices is going to be a bit of a support headache if I have to start generating loads of passwords for them

Please check the owncloud.log for a line that contains the X-Request-ID 9b4703c1-91fe-40b5-a8f1-9a0229c8bdb1

Checking now. That file is 86gb so it’s going to take a while.

I guess I also need to look into ways to get owncloud to do some log rotation!

Ok, got a hit on that line;
{“reqId”:“9b4703c1-91fe-40b5-a8f1-9a0229c8bdb1”,“level”:2,“time”:“2018-10-15T11:09:59+00:00”,“remoteAddr”:“MYIPADDRESS”,“user”:"–",“app”:“core”,“method”:“PROPFIND”,“url”:"/remote.php/webdav/",“message”:“Login failed: ‘USERNAME’ (Remote IP: ‘MYIPADDRESS’)”}

Check here:

@dmitry seems like your LDAP ninja skillz are needed here…

I would try resetting the users password to the same password, also make sure he is not locked because of many login attempts.

Hey Dmitry, I have tried both of those as well as changing password to something totally different.

Have you installed the latest update on the win 7 pro machine?

Yes, downloaded and installed 2.5.0 this morning.

I don’t mean the client, I mean the OS.

Does your windows 7 machine have the latest windows update?

As, sorry. Mostly up to date, just a couple of optional.

  1. MSSE definitions
  2. USB controller driver
  3. .NET framework secuity and quality rollup (KB4459922)
  4. .NET framework 4.7.2 (KB4054530) pending…

(I’m running them through now and will test again)

Updates done, machine restarted, No dice…

I might see if I have a slightly older version of the client on a machine somewhere and try that.

sync client 2.4.1 on win10 64bit has the same issue.
user_a syncs fine with normal un/pw combination
user_b is forbidden but is still able to logon via web interface.

Any other ideas @dmitry?

Not really.

I think you won’t get more help here.

I suggest you open a ticket in the ownCloud client repository where developers can help you out.

1 Like

Will do.

Thanks for trying @michaelstingl and @dmitry

Should I mark this thread as closed but not resolved somehow?

Just in case anyone else hits this, I’ve opened a ticket on github;

1 Like

Not really.

Since it’s not solved you can’t / should not mark it as solved.

It can stay open.

Thanks for creating the issue here and at GitHub.

1 Like

No problem.

Thanks again for the help

1 Like