Authentication error

[traktuner]

Hello, I created an app password to login, because 2 factor authentication is not supported. Unfortunately I can't get it working. Docker container on my Synology was is OK, with port exposed. But when I try to setup the backup in HyperBackup I always get the authentication error. Am I missing something? Help would be greatly appreciated. Thank you very much!

[daftmab]

Set your logging to port:* and check for this error:

AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance

Got it? Bad... Same here. Without full OAuth2 authentication support or admin access to your companys sharepoint server and adfs authentication you are out of luck. so far my research.... your admin is blocking app passwords. struggeling with this, too. my admin switched it couple days ago.

/edit Perhaps @skleeschulte can implement OAuth2 authentication or help out otherwise. I found this But I have only rudimentary understanding of this. I'm not a JS programmer.

[traktuner]

Hello, I have the privilege to be the admin of my own tenant ;) I did generate an app password, but still get the authentication error. So if it should work with app passwords, I don't know what I'm doing wrong. Installed docker container on my Synology NAS (only thing I changed is local port from automatic to 3000 and PROXY_TARGET to my sharepoint-my ... page). Then, in hybperbackup, I used WebDAV and used the following URL http://localhost:3000/personal/account_name/Documents (adapted to my tenant) user - my ms365 user's email address and password - app password. But still auth error. What I also tried is to mess up the URL to see if I get a different error, and that's the case - only if the URL is correct I get the auth error, so there must be a problem with this app password. Maybe you @daftmab can help me with this? Seems like it was working on your end with app passwords. Thank you!

[daftmab]

Sure. I'm currently on vacation with bad internet connection. Next week I can share my config. Remind me if I don't answer till tuesday.

[traktuner]

Sure. I'm currently on vacation with bad internet connection. Next week I can share my config. Remind me if I don't answer till tuesday.

Thank you, would be good to know :) I just created a workaround which is also ok with HyperBackup. I created a virtual machine with ubuntu, installed and configured rclone (compatible out-of-the-box with OneDrive for Business) and installed Apache + WebDAV. Working fine so far!

[hirakujira]

I also have same issue. Tried app password and real password but it shows authentication error. Could you check this?

[DaPadrePedro]

Same here! Is there anyone out there who can confirm this proxy supports app passwords? I've never seen an explicit statement or a clear implicit statement this is the case (except for the OenDrive proxy, but that's another one of course).

I have installed this proxy as a Docker container and would like to use Hyper Backup. I can't seem to connect though. I use these fields in Hyper Backup: Server address: localhost:3000/personal/[account_part]/Documents (with account_part something like NAMEA_NAMEB_DOMAINA_DOMAINB_DOMAINC ) Username: my work e-mail address, which is my external user name Password: generated app password (as MFA is required; I'm an admin and have generated the app password myself)

I get this error: "The operation failed. Please log in to DSM again and retry."

I've tried with and without trailing slash, with and without "/Documents", with and without "http://", etc., but to no avail. For my Docker container I have added PROXY_TARGET as "https://COMPANY-my.sharepoint.com/" (without the ")

I've also played with auth type "adfs", as we use AD FS for interactive authentication. However, AFAIK this isn't necessary when using an app password...

When I put in a wrong user name I get the error "Authentication failed", so it seems it's all about the password... I get this error according when logging everything (DEBUG=*): "2022-02-25T10:37:26.340Z proxy:error [93343/5596] An error occurred during user authentication: TypeError: Cannot read property 'firstChild' of undefined"

Could it be that the proxy for OneDrive for Business doesn't support app passwords, even though the proxy for OneDrive does?

Any help is much appreciated!

Regards, Pedro

[DaPadrePedro]

Same here! Is there anyone out there who can confirm this proxy supports app passwords? I've never seen an explicit statement or a clear implicit statement this is the case (except for the OenDrive proxy, but that's another one of course).

I have installed this proxy as a Docker container and would like to use Hyper Backup. I can't seem to connect though. I use these fields in Hyper Backup: Server address: localhost:3000/personal/[account_part]/Documents (with account_part something like NAMEA_NAMEB_DOMAINA_DOMAINB_DOMAINC ) Username: my work e-mail address, which is my external user name Password: generated app password (as MFA is required; I'm an admin and have generated the app password myself)

I get this error: "The operation failed. Please log in to DSM again and retry."

I've tried with and without trailing slash, with and without "/Documents", with and without "http://", etc., but to no avail. For my Docker container I have added PROXY_TARGET as "https://COMPANY-my.sharepoint.com/" (without the ")

I've also played with auth type "adfs", as we use AD FS for interactive authentication. However, AFAIK this isn't necessary when using an app password...

When I put in a wrong user name I get the error "Authentication failed", so it seems it's all about the password... I get thios error according when logging everything (DEBUG=*): "2022-02-25T10:37:26.340Z proxy:error [93343/5596] An error occurred during user authentication: TypeError: Cannot read property 'firstChild' of undefined"

Could it be that the proxy for OneDrive for Business doesn't support app passwords, even though the proxy for OneDrive does?

Any help is much appreciated!

Regards, Pedro

[skleeschulte]

No time to investigate further currently, sorry, but a hint: The error message TypeError: Cannot read property 'firstChild' of undefined originates from the node-sp-auth package, which is used in version 2.5.7 in basic-to-sharepoint-auth-http-proxy version 0.0.1.

[daftmab]

@all checkout synology cloudsync. works for me with sharepoint and ondrive for business.

[DaPadrePedro]

Yes, I know, Cloud Sync does work with ODfB, but that's a syncing solution, not a backup solution...

[daftmab]

@DaPadrePedro thats why I wrote "works for me". perhaps for somebody else too. sync is all I need. I sync an internal hyper backup "file". i'm backuping my backup.

[DaPadrePedro]

Hi @daftmab

I've thought of this workaround as well, but in my case I need a smart backup (incremental) for a few terabytes. No problem to create this locally and then sync it to the cloud, but doing this could take a while (read: way too long), although it depends of course on how the smart backup actually works: if it just creates a few extra files with every incremental backup without touching the older ones, then that should be ok; otherwise, syncing with Cloud Sync is way too slow, introudcing a few practical problems for me. I should admit I haven't practically tried this workaround to see if it's feasible to me. The reason for this is I still prefer something direct: doing backup directly to the cloud, without an extra step, especially because this seems to be faster for me than syncing the same amount of bytes. That's why I was trying out skeeschulte's proxy for ODfB. Because of the fact an app password doesn't seem to be supported though, I've moved over to Duplicati as a Docker container. Till now this seems to be the best way for me to achieve my goals, although I've experience quite a lot of trouble here as well, especially for my initial (BIG) backup (but I can workaround this in a somewhat acceptable way).

Grtz, Pedro

[beermedlar]

Need disable MFA

[traktuner]

Since I changed my backup strategy, I am going to close that issue now since I guess this repo is unmaintained. If anyone is still searching for a solution, maybe check the forked repos - maybe there is a working integration. (https://github.com/ckho/basic-to-sharepoint-auth-http-proxy/ as an example)