Ios: Error 401 in iOS App

I have same problem and it is reported by multiple user using iOS Application Version 2.25.6.9 .

Server Configuration:

Operating system:
"Debian GNU/Linux 10 (buster)"

Web Server:
Apache/2.4.38

Database:
Ver 15.1 Distrib 10.3.17-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

PHP version:
PHP 7.3.11-1~deb10u1

Nextcloud version:
16.0.7

We do not use LDAP

Same here on last update from 6.02.2020
IOS - 13.3.1
Iphone Xs

Server - Centos 7
Nextcloud 17.0.3

I have the same Problem
IOS - 13.3.1
Iphone XR
App-Version 2.25.6.9

Server - Debian 9.11
Nextcloud 17.0.3

Same here since the last iOS app update, but just with LDAP accounts.

iOS - 13.3
iphone 8
App-Version 2.25.6.9

Server - centOS 8 nginx php-FPM
Nextcloud 18.0.1 RC1

Same issue with a Nextcloud user and also no file upload possible.

{"reqId":"wdk064ruaGusnkwCFsmj","level":2,"time":"2020-02-09T20:14:43+01:00","remoteAddr":"x.x.x.x","user":"--","app":"core","method":"PROPFIND","url":"/remote.php/webdav","message":"Login failed: 'User' (Remote IP: 'x.x.x.x')","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6","version":"17.0.3.1","id":"5e405a23debad"}

IOS 13.3.1
iPhone X
App-Version 2.25.6.9

Server- Ubuntu Server 16.04 nginx php-fpm
Nextcloud Server 17.0.3

Same here:
iOS - 13.3
iphone 7
App-Version 2.25.6.9

Server - Debian 10.2 apache
Nextcloud 18.0.1 RC1

Same problem on my side, with multiple nextcloud instances v16 - v18, on multiple iOS clients with the latest app update.

After update of the iOS client on several iPads, I have the same problem.

• PHP Version : 7.2.24
• mysql Version : 5.7.29
• Ubuntu : 18.04
• Apache

The users are now case sensitive, when i type in the user like its written in AD it works

Yes that's it, the users are case sensitive now.
It works for me.

Is there anything in then nextcloud.log about the failed auth attempt?

Same issue here with Version 14 of NC.

[Justus Bisser] We have the same Error. Correct case does not help. We also tried QR login that also does not work…

Here are sime lines from our access.log, hope that helps

anon@cloud:/var/log/apache2# tail -f access.log -n100
1.1.1.1 - USERNAME [10/Feb/2020:15:07:58 +0100] "PROPFIND /nextcloud/remote.php/dav/files/02156451-6546545645-45564-465-4650116546/ HTTP/1.1" 207 1374 "-" "Mozilla/5.0 (Windows) mirall/2.6.2stable-Win64 (build 20191224) (Nextcloud)"
1.1.1.1 - USERNAME [10/Feb/2020:15:08:05 +0100] "PROPFIND /nextcloud/remote.php/dav/files/02156451-6546545645-45564-465-4650116546/ HTTP/1.1" 207 1375 "-" "Mozilla/5.0 (Windows) mirall/2.6.2stable-Win64 (build 20191224) (Nextcloud)"
1.1.1.1 - [email protected] [10/Feb/2020:15:08:16 +0100] "GET /nextcloud/ocs/v2.php/cloud/user?format=json HTTP/1.1" 200 2176 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6"
1.1.1.1 - 02156451-6546545645-45564-465-4650116546 [10/Feb/2020:15:08:16 +0100] "REPORT /nextcloud/remote.php/dav/files/[email protected] HTTP/1.1" 404 905 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6"
1.1.1.1 - [email protected] [10/Feb/2020:15:08:16 +0100] "GET /nextcloud/ocs/v1.php/cloud/capabilities?format=json HTTP/1.1" 200 4413 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6"
1.1.1.1 - 02156451-6546545645-45564-465-4650116546 [10/Feb/2020:15:08:16 +0100] "GET /nextcloud/index.php/avatar/[email protected]/128 HTTP/1.1" 404 935 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6"
1.1.1.1 - [email protected] [10/Feb/2020:15:08:16 +0100] "SEARCH /nextcloud/remote.php/dav HTTP/1.1" 207 2579 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6"
1.1.1.1 - [email protected] [10/Feb/2020:15:08:16 +0100] "GET /nextcloud/ocs/v2.php/apps/files_sharing/api/v1/shares HTTP/1.1" 200 2529 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6"
1.1.1.1 - [email protected] [10/Feb/2020:15:08:16 +0100] "GET /nextcloud/ocs/v2.php/apps/notifications/api/v2/notifications?format=json HTTP/1.1" 200 1686 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6"
1.1.1.1 - USERNAME [10/Feb/2020:15:08:28 +0100] "PROPFIND /nextcloud/remote.php/dav/files/02156451-6546545645-45564-465-4650116546/ HTTP/1.1" 207 1374 "-" "Mozilla/5.0 (Windows) mirall/2.6.2stable-Win64 (build 20191224) (Nextcloud)"
1.1.1.1 - USERNAME [10/Feb/2020:15:08:37 +0100] "PROPFIND /nextcloud/remote.php/dav/files/02156451-6546545645-45564-465-4650116546/ HTTP/1.1" 207 1375 "-" "Mozilla/5.0 (Windows) mirall/2.6.2stable-Win64 (build 20191224) (Nextcloud)"
1.1.1.1 - USERNAME [10/Feb/2020:15:08:58 +0100] "PROPFIND /nextcloud/remote.php/dav/files/02156451-6546545645-45564-465-4650116546/ HTTP/1.1" 207 1374 "-" "Mozilla/5.0 (Windows) mirall/2.6.2stable-Win64 (build 20191224) (Nextcloud)"
1.1.1.1 - USERNAME [10/Feb/2020:15:09:01 +0100] "GET /nextcloud/ocs/v2.php/apps/notifications/api/v2/notifications?format=json HTTP/1.1" 304 219 "-" "Mozilla/5.0 (Windows) mirall/2.6.2stable-Win64 (build 20191224) (Nextcloud)"
1.1.1.1 - USERNAME [10/Feb/2020:15:09:09 +0100] "PROPFIND /nextcloud/remote.php/dav/files/02156451-6546545645-45564-465-4650116546/ HTTP/1.1" 207 1375 "-" "Mozilla/5.0 (Windows) mirall/2.6.2stable-Win64 (build 20191224) (Nextcloud)"

@halloamt all entries in the access.log are fine, none reports an error related to this issue. Is there anything in the nextcloud.log (in you data directory, or via Admin Settings → Logging)?

@WillixJ Nc 14 reached end of life last summer https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule

And, do all of you affected login with email address?

Only user, if i use the users email address there is no problem, if i use the user like its written in AD there is no problem, if you dont use it like that, everything in upper case for example, you get a 401 in apache. This is a nasty bug because the users lock there AD accounts because of this
Only in IOS app and in all nextcloud installations (13-18)
This issue wasnt present last week

Same problem here, after deleting and reinstalling NC app no account can be registered, neither with AD or local account managed by Nextcloud.
Accounts that were existing before updating to iOS 13.3.1 may get a 401 when accessing any file.

getting the same error
NC 17.0.3
LDAP + database cached passwords
no matter if I type case-sensitive username or not
access is possible but the error (screenshots above) pops up every ~3rd time I open a directory
with Version 2.25.5 there was no problem

We are using the LDAP username. We are not using the email address. The problem still persist.

The error message on ipad is displayed on the screen a couple of seconds and disapears. The problem looks like a time out error for us.

NC 17.0.3, LDAP login

Related warnings in the log are numerous:

[core] Warning: Login failed: 'my LDAP userId' (Remote IP: 'our gw')
PROPFIND /nextcloud/remote.php/webdav from 'our gw IP' at 2020-02-11T11:18:41+00:00

Funnily the Adroid Client works perfectly well. I cannot look at nextcloud.log at the moment. we tried E-Mail and LDAP username and neither worked.
I'll send you some log lines later or tomorrow.

Same error here with NC 17.0.3 and 18.0.1RC2

I'm encountering the same bug on with Nextcloud for iOS 2.25.6.9, pointed to Nextcloud Server 17.0.2. I use LDAP authentication on my server, and this has worked perfectly fine for several months. Please note that I'm not encountering any issues with either the web interface, or the macOS desktop app.

After enabling debug logs on my server, I found something interesting about the LDAP queries.

When authentication works, I see logs like this:

{
    "reqId":"[redacted]",
    "level":0,
    "time":"2020-02-11T20:03:08+00:00",
    "remoteAddr":"[redacted]",
    "user":"[redactedUID]",
    "app":"user_ldap",
    "method":"PROPFIND",
    "url":"\/remote.php\/dav\/files\/[redactedUID]\/",
    "message":"initializing paged search for  Filter (&(objectClass=inetOrgPerson)(ou:dn:=users)(supportedApplication=nextcloud)(mail=[redactedEmailAddress])) base Array\n(\n    [0] => ou=directory\n)\n attr Array\n(\n    [0] => entryuuid\n    [1] => nsuniqueid\n    [2] => objectguid\n    [3] => guid\n    [4] => ipauniqueid\n    [5] => dn\n    [6] => uid\n    [7] => samaccountname\n    [8] => memberof\n    [9] => mail\n    [10] => cn\n    [11] => jpegphoto\n    [12] => thumbnailphoto\n)\n limit 500 offset 0",
    "userAgent":"Mozilla\/5.0 (Macintosh) mirall\/2.6.2stable (build 20191224) (Nextcloud)",
    "version":"17.0.2.1"
}

But when authentication fails, I see logs like this instead:

{
    "reqId":"[redacted]",
    "level":0,
    "time":"2020-02-11T19:58:39+00:00",
    "remoteAddr":"[redacted]",
    "user":"--",
    "app":"user_ldap",
    "method":"PROPFIND",
    "url":"\/remote.php\/webdav",
    "message":"initializing paged search for  Filter (&(objectClass=inetOrgPerson)(ou:dn:=users)(supportedApplication=nextcloud)(mail=[redactedUID])) base Array\n(\n    [0] => ou=directory\n)\n attr Array\n(\n    [0] => entryuuid\n    [1] => nsuniqueid\n    [2] => objectguid\n    [3] => guid\n    [4] => ipauniqueid\n    [5] => dn\n    [6] => uid\n    [7] => samaccountname\n    [8] => memberof\n    [9] => mail\n    [10] => cn\n    [11] => jpegphoto\n    [12] => thumbnailphoto\n)\n limit 500 offset 0",
    "userAgent":"Mozilla\/5.0 (iOS) Nextcloud-iOS\/2.25.6",
    "version":"17.0.2.1"
}

I took the liberty to pretty print the JSON logs, as well as redacting some private information. Namely, I redacted my email address with [redactedEmailAddress] (and that's what I normally use in the Username or email text field of the login form), and I redacted the internal ID Nextcloud uses for that account with [redactedUID] (I'm referring to the hexadecimal ID with the following format
ab0cd123-e4f5-6789-0a12-3b4c5d67e890).

For reference, in the "Login Attributes" tab of the LDAP settings of my Nextcloud instance, I entered the following LDAP query:

(&(objectClass=inetOrgPerson)(ou:dn:=users)(supportedApplication=nextcloud)(mail=%uid))

So what's clearly wrong in the failed LDAP authentication case here is that the %uid format specifier of this query was replaced with the generated UID for my account (which, again, looks like ab0cd123-e4f5-6789-0a12-3b4c5d67e890), whereas it should have been replaced with my email address.

Another interesting difference between these two logs is that only the log for the authentication failure shows:

    "user":"--",

Does this help track down the root cause of these authentication issues?

@JoeKun the interesting part is in the LDAP filter. When authenticated, the lookup went via mail=[redactedEmailAddress, which totally makes sense. In the failing case it was compared with an uid mail=[redactedUID], which expectedly does not yield the correct user.

@blizzz I'm far from being an expert of the underpinnings of Nextcloud, but I'm not sure this makes a lot of sense to me. Isn't this LDAP query meant to be executed before and in order to get the authentication result?

What I'm getting at is this: if we don't even run the correct LDAP query to actually authenticate the user, then what chance do we have of successfully authenticating the user?

Please let me know if that assumption of mine was incorrect, and if in fact this "Login Attributes" LDAP query is meant to be used after the authentication process has completed.

@JoeKun we on the server side can only pass in the query what we receive as login name. So it might be, that the app mixes up login name and user id… but right now we do not know where and why this could be. Also, til now we could not reproduce this behaviour.

Hi all, who can create a test account for me for help we to find the problem ?

Hi, I have just send test account information in your mail.

Could it be a webdav bug?
remote.php/dav/files/user1/ gives not found
remote.php/dav/files/User1/ is found

There's another error we've found when an iOS device was migrated from iOS 12 to 13 and Nextcloud is accessed via Files app. In that case it seems to be a WebDAV connection made by iOS. In case the user had to change his password (as forced in lot of LDAP/AD environmehts) NC App worked fine but the Files app didn't unless it was deleted and installed new.
I've gut two iOS devices. The iPad had this error, too, unless I did a hard reset and installed all apps from scratch. After that I couldn't reproduce this error any more.

The current error can be reproduced on my iPhone (migrated from iOS 12.x to 13.3.1 in steps) but not on the iPad (migrated from iOS 12 to 13.3, hard reset, migrated to 13.3.1).
The same QR-code that does not work on the iPhone works on the iPad. The same network, the same NC Instance, the same user account, the same iOS and NC App versions, the only difference I can see is the hard reset after migrating from iOS 12 to 13.

@Volker-K please report that as separate issues and keep this one for the ldap related login errors.

Same here:
iOS - 13.3.1
iPhone X
App-Version 2.25.7.0

Server - Ubuntu 18.04 LTS
Apache 2.4.29
PHP 7.2.24
Nextcloud 18.0.0

Same Server with local User and no SMB = no Problem
Maybe it's related to the LDAP or SMB access

We are using LDAP
Same as iNoels for me :

• without SMB folder = OK

• with SMB folder = NOT OK

We use SMB folders, too. I can confirm, it is not working.

We do not user SMB folders, although IOS app is not working with LDAP/AD anymore, as @benschhold described we have to use case sensitive usernames in IOS APP to get it working.

No SMB here ☺️

@bnavigator We're using LDAP/AD auth.
The latest App version works with both my devices, at the device of a coworker it doesn'n. I'll try to catch some log records tomorrow to see which errors I will find.

Same for me! Its annoying! It works as expected on my Android phone, so I suspect the issue to be within the IOS app.

No SMB and all lowercase uids here. It's clearly as described by @JoeKun in https://github.com/nextcloud/ios/issues/1147#issuecomment-584838480: The iOS app sends the generated UUID instead of the entered username (or e-mail in his case).

This error is under investigation, please stop and wait a solution.

thanks

Fixed, soon available, version 2.25.8 (TestFlight & Apple Store)

After update to version 2.25.8 IOS App, we got the Error 404, while the ios tries to access the url:

https://xxxxxxx/ remote.php/dav/files/[email protected]

@QJarhead verify that exists the /files/[email protected] in your server because it's used for the searchrequest (where userID == [email protected])

Hey @marinofaggiana ,
currently all folders in /var/www/html/data/ are created as the UID of the Users.
001AD1BE-C2ED-4709-8679-AF4178ED32A1 37E92B40-BF59-4CD8-8FE3-16FABA8AD97D.....

Issue is still present, users are still case sensitive

Issue is still present, users are still case sensitive

where it is written that it must be Case insensitive?

First check: red box is gone. Not using LDAP. Need to check logs when having access to the server. Endpoint (App v2.25.8) looks good after few minutes testing.

This issue is still present for our iOS users, too.

Issue is still present, users are still case sensitive

where it is written that it must be Case insensitive?

nowhere but it would be strange if only apple users are have to do so

After the update the red box is gone. Now the next error message appears 😂

After the update the red box is gone. Now the next error message appears 😂

If you want, open another issue , please follow only this thread.

@marinofaggiana I just opened a new issue to track the 404 error. See https://github.com/nextcloud/ios/issues/1159

Hi,
before the update I had both 401 error and 404.

the 401 part seems solved (https://github.com/nextcloud/ios/issues/1153), but not the 404 error as it is still occurring even with the update.
I have taken some time to debug this.
It has been a while the ios app is giving some difficulties for users from ldap db using a uuid as identifier.
First ability to mark as favorite or remove, then ability to edit existing text files, and recently errors when trying to to anything from navigating to opening a file. (https://github.com/nextcloud/ios/issues/223)
If you check in the nextcloud apps this is logged as failure to login, while the app is well logged in and able to navigating ( while throwing 401 and 404 errors mentioned above).

if you take care at the apache access_log you then understand what is happening

let's say you have user mylogin which has been linked from ldap db with a uuid 5279b38a-b8ed-1031-9373-cf418e4c8c3b (default behaviour of nextcloud)

if you try to access a file from the web interface you will hit at a moment the search for your avatar :
GET /nextcloud/index.php/avatar/5279b38a-b8ed-1031-9373-cf418e4c8c3b/128

but the app does

GET /nextcloud/index.php/avatar/mylogin/128
and hits a 404

"GET /nextcloud/index.php/avatar/mylogin/128 HTTP/1.1" 404 - "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.8"
"REPORT /nextcloud/remote.php/dav/files/mylogin HTTP/1.1" 404 225 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.8"

As I said for the 401 part seems fixed for now
"PROPFIND /nextcloud/remote.php/webdav HTTP/1.1" 401 343 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.6"
"PROPFIND /nextcloud/remote.php/webdav HTTP/1.1" 207 1183 "-" "Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.8"
normal, either mylogin does not exist or is not the same user for nextcloud.
further more as default behaviour uuid is not supposed to be used as a login name, only the username and email from the ldap dp are accepted.

So the real fix would be to get the ios app translate the login used to the nextcloud uuid and start creating again all the URL with it instead of the login used.

a workaround is something proposed on some forum post, ie modify the default behaviour of ldap nextcloud implementation and risking collision between usernames from different db.

references:
https://bugs.contribs.org/show_bug.cgi?id=10876
https://help.nextcloud.com/t/ios-2-17-nc-11-0-3-error-404-with-ldap-users-and-favorites-folder-solved/11772/5
https://github.com/nextcloud/ios/issues/223#issuecomment-299940245

and yes I can say that both this issue and 223 are related and are fixed the same way :+1: I tested migrating all my ldap users on one instance of nextcloud I control and not on the others, guess what, the one where I changed the ldap integration (which again is not suitable to do ) has stop throwing errors as reported here, and also fixed the #223 issue before updating the ios app.

everything used to work in the past, so something must have changed either in the ios app or in the server code to not translate login name to correct user uuid, and it would be good to reverse this.

use https://github.com/nextcloud/ios/issues/1159 for 404

Hi! @marinofaggiana However in version 2.25.9, 401 occurs frequently. After I switch to other app for several minutes, I got 401 error and the nextcloud app popup a window to ask me to log in again. And when I check the log file created by caddy, it shows that "SEARCH /remote.php/dav HTTP/2.0 401 343". However in a short time zone just after I enter my nextcloud password on my iPhone( maybe several minutes), log shows that "SEARCH /remote.php/dav HTTP/2.0 207 6062".

iOS - 13.4
iPhone X
App-Version 2.25.9

Server - Debian 9
Caddy 2.4.29
PHP-FPM 7.3
Nextcloud 17.0.5

you may notice from the image that every time I open the nextcloud, it asked me to log in, and create a new device login record.
Thanks!

Can't open the ios pps got 401 error on first authentication !

iOS version 13.4.1
App version 2.25.69

Server :
Docker Version 19.03.8
PHP_VERSION 7.3.17
MARIADB_VERSION 1:10.4.12+maria~bionic
NEXTCLOUD_VERSION 18.0.4

So why close the issue ?

Try with the version 3 in TestFlight

Try with the version 3 in TestFlight

No improvement with v3 still get 401 error

info : no LDAP, only 2 local user, fresh install to test Nextcloud

Works fine on desktop with any web client Chrome/Firefox
and with web client safari/chrome on phone.

V3:

Chrome iOS