Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"rclone serve webdav" with password auth can't be mounted on windows #6596

Closed
cwyc opened this issue Dec 3, 2022 · 9 comments
Closed

"rclone serve webdav" with password auth can't be mounted on windows #6596

cwyc opened this issue Dec 3, 2022 · 9 comments
Labels
doc fix Remote: WebDAV

Comments

@cwyc
Copy link

cwyc commented Dec 3, 2022
edited

Output of rclone version

rclone v1.61.0-DEV
- os/version: nixos 22.11 (Raccoon) (64 bit)
- os/kernel: 5.15.80 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.19.3
- go/linking: dynamic
- go/tags: none

Describe the issue

rclone serve webdav shares can't be mounted by Windows 10 if password auth is enabled, but works if password auth is disabled.

To replicate:

  • Open port 8080 on firewall
  • Run htpasswd -c -B htpasswd user and enter a password
  • Run rclone serve webdav . --addr :8080 --htpasswd htpasswd
  • On a Windows machine, select Explorer > This PC > Map network drive
  • Enter http://<server address>:8080/ in "Folder" field and select "Finish"
  • A dialog appears: https://imgur.com/a/AYsqEuc
    --
  • Run rclone serve webdav . --addr :8080
  • On a Windows machine, select Explorer > This PC > Map network drive
  • Enter http://<server address>:8080/ in "Folder" field and select "Finish"
  • The network drive is successfully mounted
@ncw
Copy link
Member

ncw commented Dec 3, 2022

Is windows expecting you to put the username / password in the URL?

So this (for windows to prompt for the password)

http://user@<server address>:8080/

Or maybe this (including the password).

http://user:password@<server address>:8080/

Does that help?

@cwyc
Copy link
Author

cwyc commented Dec 4, 2022
edited

Neither of these address schemes work. There is also an option "Connect using different credentials", which brings up a prompt for username and password, but the same error appears afterward.

@ncw
Copy link
Member

ncw commented Dec 4, 2022

Can you run rclone with -vv --dump bodies and see what windows is sending rclone. I think that works, if not a packet capture would be great.

@ncw
Copy link
Member

ncw commented Dec 5, 2022

I had a mess about with this some more and I managed to replicate the problem

Here is a packet capture

09:16:58.026306 IP 10.2.0.9.47684 > 10.2.0.9.8080: Flags [S], seq 3261449191, win 65495, options [mss 65495,sackOK,TS val 2953791138 ecr 0,nop,wscale 7], length 0
09:16:58.026322 IP 10.2.0.9.8080 > 10.2.0.9.47684: Flags [S.], seq 1820723973, ack 3261449192, win 65483, options [mss 65495,sackOK,TS val 2953791138 ecr 2953791138,nop,wscale 7], length 0
09:16:58.026332 IP 10.2.0.9.47684 > 10.2.0.9.8080: Flags [.], ack 1, win 512, options [nop,nop,TS val 2953791138 ecr 2953791138], length 0
09:16:58.026621 IP 10.2.0.9.47684 > 10.2.0.9.8080: Flags [P.], seq 1:163, ack 1, win 512, options [nop,nop,TS val 2953791139 ecr 2953791138], length 162: HTTP: PROPFIND / HTTP/1.1
09:16:58.026629 IP 10.2.0.9.8080 > 10.2.0.9.47684: Flags [.], ack 163, win 511, options [nop,nop,TS val 2953791139 ecr 2953791139], length 0
09:16:58.026753 IP 10.2.0.9.8080 > 10.2.0.9.47684: Flags [P.], seq 1:214, ack 163, win 512, options [nop,nop,TS val 2953791139 ecr 2953791139], length 213: HTTP: HTTP/1.1 401 Unauthorized
09:16:58.026767 IP 10.2.0.9.47684 > 10.2.0.9.8080: Flags [.], ack 214, win 511, options [nop,nop,TS val 2953791139 ecr 2953791139], length 0

Windows does a PROPFIND / but gets a 401 Unauthorized back and gives up.

A bit of searching to come up with a solution came up with this which points the finger at Windows

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/credentials-prompt-access-webdav-fqdn-sites

(Note the site works properly with auth when used in Exporer, just not mapped as a drive).

@piyushgarg
Copy link
Contributor

I am able to get it work,
To change the Basic Authentication Level:

Locate the following directory:

  1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
  2. Locate value BasicAuthLevel.
    The Value data box should be set to 2.
    If the value is not 2, right click it and then select 'Modify'.
    Change it to 2.

@ncw
Copy link
Member

ncw commented Dec 9, 2022

@piyushgarg good work.

Would you like to add this to the rclone serve webdav docs?

This needs to go in the source code here

rclone/cmd/serve/webdav/webdav.go

Line 62 in 450c366

  • I'd suggest starting a new section ### Mounting webdav with auth on Windows

@piyushgarg
Copy link
Contributor

piyushgarg commented Dec 12, 2022
edited

bonus tip
To access Office applications over webdav, refer to:
https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-blank-from-sharepoint

@ncw plz give me sometime, I will send a merge request.

@ncw
Copy link
Member

ncw commented Dec 12, 2022

bonus tip To access Office applications over webdav, refer to: https://learn.microsoft.com/en-us/office/troubleshoot/powerpoint/office-opens-blank-from-sharepoint

Ha! That's sharepoint.

@ncw plz give me sometime, I will send a merge request.

👍

@piyushgarg
Copy link
Contributor

piyushgarg commented Dec 29, 2022
edited

@piyushgarg good work.

Would you like to add this to the rclone serve webdav docs?

This needs to go in the source code here

rclone/cmd/serve/webdav/webdav.go

Line 62 in 450c366

  • I'd suggest starting a new section ### Mounting webdav with auth on Windows

Pull Request #6660

@ncw ncw closed this as completed in 98fa93f Dec 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
doc fix Remote: WebDAV
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@piyushgarg @ncw @Animosity022 @cwyc