search

icewind1991 / SMB

PHP wrapper for smbclient
MIT License
136 stars 54 forks source link

Kerberos ticket auth apache mode not working with libsmbclient-php in Nextcloud #118

Open MBPotier opened 2 years ago

MBPotier commented 2 years ago

Hello,

I am having issues with kerberos ticket apache mode authentication for SMB external storage in Nextcloud when using libsmbclient-php instead of the standard system smbclient. Kerberos ticket apache mode auth is working for mounting external SMB storage when using the system smbclient, but does not when I switch to libsmbclient-php. Both the system smbclient and libsmbclient-php work with NTLMv2 via the log-in credentials external storage authentication mode in Nextcloud. The web server configuration is Apache with a php7.4-fpm backend hosted on Ubuntu 20.04.

Here is how the share is configured in Nextcloud:

share_setup

How I installed libsmbclient-php:

# apt -y install smbclient cifs-utils libsmbclient-dev php-dev make
# pecl install smbclient
# echo 'extension=smbclient.so' >> /etc/php/7.4/fpm/php.ini
# systemctl restart php7.4-fpm

The relevant section nextcloud.log file:

{"reqId":"qE3EHVG8DvCHk0r7VtVl","level":3,"time":"2022-07-28T13:56:25+00:00","remoteAddr":"10.1.1.163","user":"B42D3742-E62F-4C2F-8566-09D148E2846A","app":"no app in context","method":"GET","url":"/index.php/apps/files_external/userglobalstorages/9?testOnly=false","message":"Error while getting file info","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0","version":"23.0.7.2","exception":{"Exception":"Icewind\\SMB\\Exception\\ForbiddenException","Message":"Invalid request for / (ForbiddenException)","Code":1,"Trace":[{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":75,"function":"fromMap","class":"Icewind\\SMB\\Exception\\Exception","type":"::"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":92,"function":"handleError","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":351,"function":"testResult","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php","line":305,"function":"getxattr","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php","line":43,"function":"getAttribute","class":"Icewind\\SMB\\Native\\NativeShare","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php","line":69,"function":"stat","class":"Icewind\\SMB\\Native\\NativeFileInfo","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php","line":114,"function":"getSize","class":"Icewind\\SMB\\Native\\NativeFileInfo","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":189,"function":"stat","class":"Icewind\\SMB\\Native\\NativeShare","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":342,"function":"getFileInfo","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Common.php","line":458,"function":"stat","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":717,"function":"test","class":"OC\\Files\\Storage\\Common","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/MountConfig.php","line":130,"function":"test","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Controller/StoragesController.php","line":288,"function":"getBackendStatus","class":"OCA\\Files_External\\MountConfig","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/files_external/lib/Controller/UserGlobalStoragesController.php","line":126,"function":"updateStorageStatus","class":"OCA\\Files_External\\Controller\\StoragesController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":217,"function":"show","class":"OCA\\Files_External\\Controller\\UserGlobalStoragesController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":126,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1008,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Exception/Exception.php","Line":44,"CustomMessage":"Error while getting file info"}}
{"reqId":"qE3EHVG8DvCHk0r7VtVl","level":2,"time":"2022-07-28T13:56:25+00:00","remoteAddr":"10.1.1.163","user":"B42D3742-E62F-4C2F-8566-09D148E2846A","app":"no app in context","method":"GET","url":"/index.php/apps/files_external/userglobalstorages/9?testOnly=false","message":"External storage not available: Storage unauthorized. Invalid request for / (ForbiddenException)","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0","version":"23.0.7.2"}
{"reqId":"qE3EHVG8DvCHk0r7VtVl","level":2,"time":"2022-07-28T13:56:25+00:00","remoteAddr":"10.1.1.163","user":"B42D3742-E62F-4C2F-8566-09D148E2846A","app":"no app in context","method":"GET","url":"/index.php/apps/files_external/userglobalstorages/9?testOnly=false","message":"Storage unauthorized. Invalid request for / (ForbiddenException)","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0","version":"23.0.7.2","exception":{"Exception":"OCP\\Files\\StorageAuthException","Message":"Storage unauthorized. Invalid request for / (ForbiddenException)","Code":4,"Trace":[{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":198,"function":"throwUnavailable","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":342,"function":"getFileInfo","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Common.php","line":458,"function":"stat","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":717,"function":"test","class":"OC\\Files\\Storage\\Common","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/MountConfig.php","line":130,"function":"test","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Controller/StoragesController.php","line":288,"function":"getBackendStatus","class":"OCA\\Files_External\\MountConfig","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/files_external/lib/Controller/UserGlobalStoragesController.php","line":126,"function":"updateStorageStatus","class":"OCA\\Files_External\\Controller\\StoragesController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":217,"function":"show","class":"OCA\\Files_External\\Controller\\UserGlobalStoragesController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":126,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1008,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","Line":210,"Hint":"Storage is temporarily not available","Previous":{"Exception":"Icewind\\SMB\\Exception\\ForbiddenException","Message":"Invalid request for / (ForbiddenException)","Code":1,"Trace":[{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":75,"function":"fromMap","class":"Icewind\\SMB\\Exception\\Exception","type":"::"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":92,"function":"handleError","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeState.php","line":351,"function":"testResult","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php","line":305,"function":"getxattr","class":"Icewind\\SMB\\Native\\NativeState","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php","line":43,"function":"getAttribute","class":"Icewind\\SMB\\Native\\NativeShare","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeFileInfo.php","line":69,"function":"stat","class":"Icewind\\SMB\\Native\\NativeFileInfo","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Native/NativeShare.php","line":114,"function":"getSize","class":"Icewind\\SMB\\Native\\NativeFileInfo","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":189,"function":"stat","class":"Icewind\\SMB\\Native\\NativeShare","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":342,"function":"getFileInfo","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Storage/Common.php","line":458,"function":"stat","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Lib/Storage/SMB.php","line":717,"function":"test","class":"OC\\Files\\Storage\\Common","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/MountConfig.php","line":130,"function":"test","class":"OCA\\Files_External\\Lib\\Storage\\SMB","type":"->"},{"file":"/var/www/nextcloud/apps/files_external/lib/Controller/StoragesController.php","line":288,"function":"getBackendStatus","class":"OCA\\Files_External\\MountConfig","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/files_external/lib/Controller/UserGlobalStoragesController.php","line":126,"function":"updateStorageStatus","class":"OCA\\Files_External\\Controller\\StoragesController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":217,"function":"show","class":"OCA\\Files_External\\Controller\\UserGlobalStoragesController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":126,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1008,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/smb/src/Exception/Exception.php","Line":44},"CustomMessage":"--"}}

Please let me know if you need any more information or need me to test anything. Thanks

icewind1991 commented 2 years ago

Do you have the krb5 php module installed?

MBPotier commented 2 years ago

I did not before, but installed it with the following commands.

# apt -y install libkrb5-dev
# pecl install krb5
# echo 'extension=krb5.so' >> /etc/php/7.4/fpm/php.ini
# systemctl restart php7.4-fpm

Unfortunately, I am still getting the same errors in the log file. I have also spun up another testing VM (Ubuntu 22.04) to see if running the latest Nextcloud version on php8.1-fpm made a difference, but it didn't.