nextcloud
[Bug]: iOS Configuration Profile DAAccountValidationDomain-Error 100.
⚠️ This issue respects the following points: ⚠️
- [x] This is a bug, not a question or a configuration/webserver/proxy issue.
- [x] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- [x] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- [x] I agree to follow Nextcloud's Code of Conduct.
Bug description
I am using the most recent version of Nextcloud Snap on Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-130-generic x86_64)
When I try to integrate my iPhone's calendar and contacts by using the Nextcloud App's configuration profile, I will be presented with the option to enter a password. No matter if I
- enter mine
- leave it blanc
- generate an App password, which I then enter there
I will be presented with a "DAAccountValidationDomain-Fehler 100.", which I assume translates to "DAAccountValidationDomain-Error 100.".
This issue first appeared after I enabled TOTP 2FA for my account. I already tried disabling 2FA for my account in the meantime but no luck. The error is still there.
Steps to reproduce
- Install Nextcloud
- Install TOTP App
- Enable TOTP for your user
- Use iOS Nextcloud App to get a configuration profile
- Try to enable the profile <- this is where the error occurs
- Disable TOTP for your user (the app is still active because I need the Admin account which doesn't need to be integrated anywhere is under maximum security)
- Load new config profile
- Try to enable it <- the same error still occurs
Expected behavior
I think it's fair to fail when TOTP is enabled since there is no way to enter the code but it should work with an App password, which it doesn't.
In a perfect world I'd expect the Nextcloud App, which is already authenticated as your user, to generate and include an app password in the configuration profile. I don't know about the limitations from Apple's side in this regard though.
More than anything I'd expect for the authentication to work at all ^^
Nextcloud Server version
30
Operating system
Debian/Ubuntu
PHP engine version
None
Web server
None
Database engine version
None
Is this bug present after an update or on a fresh install?
None
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- [x] Default user-backend (database)
- [ ] LDAP/ Active Directory
- [ ] SSO - SAML
- [ ] Other
Configuration report
nextcloud@nextcloud:~$ sudo nextcloud.occ config:list system
{
"system": {
"apps_paths": [
{
"path": "\/snap\/nextcloud\/current\/htdocs\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/snap\/nextcloud\/current\/nextcloud\/extra-apps",
"url": "\/extra-apps",
"writable": true
}
],
"supportedDatabases": [
"mysql"
],
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0
},
"log_type": "file",
"logfile": "\/var\/snap\/nextcloud\/current\/logs\/nextcloud.log",
"logfilemode": 416,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"***REMOVED SENSITIVE VALUE***",
"***REMOVED SENSITIVE VALUE***",
"***REMOVED SENSITIVE VALUE***"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "30.0.4.1",
"overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance": false,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"app_install_overwrite": [
"caniupdate"
],
"default_phone_region": "DE",
"opcache.interned_strings_buffer": "16",
"opcache.save_comments": "1",
"opcache.revalidate_freq": "60",
"loglevel": 2,
"mail_smtpsecure": "ssl",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"theme": "",
"maintenance_window_start": 1
}
}
nextcloud@nextcloud:~$
List of activated Apps
nextcloud@nextcloud:~$ sudo nextcloud.occ app:list
Enabled:
- activity: 3.0.0
- announcementcenter: 7.0.1
- app_api: 4.0.3
- bruteforcesettings: 3.0.0
- calendar: 5.0.8
- cfg_share_links: 6.1.1
- checksum: 1.2.5
- circles: 30.0.0
- cloud_federation_api: 1.13.0
- comments: 1.20.1
- contacts: 6.1.3
- contactsinteraction: 1.11.0
- dashboard: 7.10.0
- dav: 1.31.1
- end_to_end_encryption: 1.16.1
- event_update_notification: 2.5.0
- external: 5.5.2
- federatedfilesharing: 1.20.0
- files: 2.2.0
- files_accesscontrol: 1.20.1
- files_antivirus: 5.6.1
- files_external: 1.22.0
- files_lock: 30.0.1
- files_pdfviewer: 3.0.0
- files_reminders: 1.3.0
- files_sharing: 1.22.0
- files_trashbin: 1.20.1
- firstrunwizard: 3.0.0
- flow_notifications: 1.10.1
- groupfolders: 18.0.8
- integration_paperless: 1.0.4
- lookup_server_connector: 1.18.0
- metadata: 0.21.0
- nextcloud_announcements: 2.0.0
- notes: 4.11.0
- notifications: 3.0.0
- oauth2: 1.18.1
- privacy: 2.0.0
- provisioning_api: 1.20.0
- quota_warning: 1.20.0
- related_resources: 1.5.0
- richdocuments: 8.5.3
- root_cache_cleaner: 0.1.8
- serverinfo: 2.0.0
- settings: 1.13.0
- side_menu: 4.0.1
- suspicious_login: 8.0.0
- systemtags: 1.20.0
- tasks: 0.16.1
- text: 4.1.0
- theming: 2.5.0
- theming_customcss: 1.18.0
- twofactor_backupcodes: 1.19.0
- twofactor_totp: 12.0.0-dev
- viewer: 3.0.0
- weather_status: 1.10.0
- webhook_listeners: 1.1.0-dev
- workflowengine: 2.12.0
Disabled:
- admin_audit: 1.20.0
- appointments: 2.3.5 (installed 2.3.5)
- breezedark: 29.0.0 (installed 29.0.0)
- encryption: 2.18.0
- federation: 1.20.0 (installed 1.14.0)
- files_downloadlimit: 3.0.0 (installed 1.1.0)
- files_versions: 1.23.0 (installed 1.20.0)
- impersonate: 1.17.1 (installed 1.17.1)
- logreader: 3.0.0 (installed 2.12.0)
- maps: 1.5.0 (installed 1.5.0)
- password_policy: 2.0.0 (installed 1.17.0)
- photos: 3.0.2 (installed 1.6.0)
- recommendations: 3.0.0 (installed 1.3.0)
- sharebymail: 1.20.0 (installed 1.14.0)
- support: 2.0.0 (installed 1.10.0)
- survey_client: 2.0.0 (installed 1.12.0)
- timetracker: 0.0.84 (installed 0.0.84)
- twofactor_nextcloud_notification: 4.0.0
- user_ldap: 1.21.0
- user_status: 1.10.0 (installed 1.7.0)
nextcloud@nextcloud:~$
Nextcloud Signing status
No errors have been found.
Nextcloud Logs
Additional info
I left some fiels as none in the info about my setup because I've had this issue since multiple major version upgrades and my current version is not going to affect the outcome. I'm using the Snap so I'm usually auto-updated to the latest available.
I had the same error and these are the things that made it work for me in the end:
- add DNS entries as described in this discussion
- make sure service discovery works. When using a proxy, the proxy should handle the redirect (otherwise the redirect will point to a http address which IOS will not accept, even if it further redirects to https)
- use an app password
- this is embarrassing now, but I'll share it in case it drives anyone else nuts: the settings app needs to have permission to access network.
I think my .well-known redirects me to often, I don‘t know what‘s causing it tho since the config is right and the system diagnose thing doesn‘t seem to care. Any Idea what it could be and how I can find it out? Thanks :)
Well no, wrong issue and has nothing to do with the current topic. I found out what was causing the problem. Thank you for helping me!
This doesn't appear to be a Nextcloud error:
https://www.reddit.com/r/MacOS/comments/1f3e9w8/cant_add_google_account_calendar_to_macos/
This is happening to me, too. Have tried everything that exists on the internet to no avail.
Well no, wrong issue and has nothing to do with the current topic. I found out what was causing the problem. Thank you for helping me!
You were able to solve the DAAccountValidationDomain error 100 — do you remember what the solution was?
For those who are still facing the issue, I am almost certain that it's something about the mobileconfig generated by the app. Yesterday I brute-forced a solution by simply not using the mobileconf and instead manually adding the accounts.
For contacts the following worked (assuming https on default port):
- Server:
<nextcloud FQDN> - Username:
<your username> - Password:
<your app password> - Description: How you want the account to show up in your contacts
- Advanced settings:
- Use SSL:
true - Port:
443 - Account-URL:
https://<nextcloud FQDN>/remote.php/dav
- Use SSL:
Using the same settings for calendar, it confirmed the connection but fails to load any calendars. I assume the calendar needs a different URI, for example the one you can copy from the calendar page.
Edit:
Confirmed that you need another Account-URL for the calendar, specifically the iOS specific one you can copy in the calendar app.
It looks something like this: https://<nextcloud FQDN>/remote.php/dav/principals/users/<your username>/