13 Replies Latest reply: Feb 15, 2013 9:38 AM by keithfromvirginia beach
Larry Goldman Level 1 (5 points)

In OS X Server 10.8, WebDAV access does not work for "Local Network Users" or for Guests. It does work for "Local Users".

 

To see for yourself, in File Sharing, turn on WebDAV access for Public. Turn on Guest Access.

 

On another machine, using Finder -> Go menu -> Connect to Server -> http://server.domain.com/webdav

 

Try to sign in as a Local User, then as a Local Network User, then as a Guest. Network Users and Guests pass the authentication dialog, but fail opening a Finder window with the message: "There was a problem connecting to the server "server.domain.com". Contact your system administrator for more information."

 

Does anyone else see this problem? Any fixes?


Mac OS X (10.7.1)
  • Larry Goldman Level 1 (5 points)

    Be sure to sign to WebDAV from "Connect to Server" using the shortname of the User. Spaces are not allowed.

     

    Guest access still doesn't work, though.

  • Larry Goldman Level 1 (5 points)

    Actually, it apppears that WebDAV user names must lower case and have no spaces. This is not at all how AFP users are allowed to log in.

     

    WebDAV Guest access doesn't work at all. I consider both to be bugs.

     

    After I fiddled enough with the settings to try to debug this, eventually sharepoints would not appear. I tried restarting and resetting apache to factory defaults, but this did not fix the problem. I suppose the only alternative now is a clean-install of OS X Server.

     

    OS X Server 10.8 WebDAV File Sharing: Buggy. Fragile. Broken.

  • Larry Goldman Level 1 (5 points)

    Update: WebDAV seems totally broken in OS X Server 10.8.

     

    To see for yourself:

     

    Do a clean-install of OS X Server 10.8 with the host name "server.local". In File Sharing, turn on WebDAV sharing for the Public folder. Turn on File Sharing.

     

    On a different machine, use "Finder -> Go menu -> Connect To Server…" first to "afp://server.local", then to "http://server.local/webdav". Note that all of the Share Points appear in the afp Volume, but that none of the Share Points appears in the http Volume.

     

    Does anyone else see this problem or have a fix?

  • Mark23 Level 3 (975 points)

    Local Network users can all authenticate to my WebDAV Share (OD replica) over the internet using a Fully Qualified Domain Name, so I think you messed something up while experimenting and WebDAV isn't broken in OS X Server (Mountain Lion).

  • Kevin Neal Level 2 (495 points)

    yep its not working for me either, I also did a clean install, OD Master

  • Larry Goldman Level 1 (5 points)

    Mark23:

     

    Thanks for your reply.

     

    I believe the problem was that, by default, OS X Server 10.8 WebDAVSharing requires short user names for log-in. This behavior is different than for AFP access and there was no useful error message describing the problem or what to do about it.

     

    After digging around, I found a setting in /Library/Server/Web/Config/apache2/WebConfigProperties.plist, WebDAVSharing -> AllowLongUserName which seems to control this behavior.

  • keithfromvirginia beach Level 1 (15 points)

    Has anyone got this to work? I am looking to allow my iOS devices WebDav access via the users Active Directory Login. They can use AFP and SMB this way from the 10.8.2 Server but it will not authenticate over Webdav with the same account. It does however allow me to use my local account to access WebDav sharepoints.

     

    I changed the setting Larry mentioned to true and it had no effect on allowing domain accounts in on WebDav.

     

    Thanks!

  • mismith223 Level 1 (0 points)

    Is the OS X server bound to AD?

  • keithfromvirginia beach Level 1 (15 points)

    Yes it is bound to AD on a 2008 R2 machine. The machine sees my AD users and groups fine and allows them in any flavor (group or user) to access properly through AFP and SMB. SO I believe it is sending the auth info correctly from the bound perspective. It is only specific to WebDav.

  • mismith223 Level 1 (0 points)

    what is the address that you are using to connect to your webdav shares?

  • keithfromvirginia beach Level 1 (15 points)

    I was using an IP like: http://192.168.1.200/webdav this works fine for my localadmin account to get in but no luck getting with a domain account. All accounts work fine through AFP and SMB. I am trying webdav from a Mac with command+k and also from two ios devices which again works for the localadmin account but not any domain account. I even created a local account non admin to test and changed access to services and edited user to match domain user it allows local user just fine. My domain account is even set to allow to admin the server.

     

    any help would be appreciated.

  • keithfromvirginia beach Level 1 (15 points)

    Well I had a glimmer of hope in this battle with finding an Apple doc on this exact thing. Adjusting to a basic auth with HTTPS to allow Active Directory accounts to auth over webdav as the are not supported in the more advanced digest method. Maybe this will work for someone else who finds this thread but it did not fix it for me.

     

    http://support.apple.com/kb/HT4777#

     

    The error now is different in Apache so I am trying to work that out now.

     

    [Fri Feb 15 11:06:06 2013] [error] [client XXX.XXX.XX.XXX] mod_auth_apple: User : authentication failure for "/webdav//webdav/": Password mismatch according to checkpw

    [Fri Feb 15 11:06:06 2013] [notice] [client client XXX.XXX.XX.XXX] mod_auth_apple: Authenticating using lookupd or checkpw failed, and no configured htaccess file (AuthUserFile)

    [Fri Feb 15 11:06:24 2013] [error] (61)Connection refused: proxy: HTTP: attempt to connect to [fe80::1]:55704 (*) failed

  • keithfromvirginia beach Level 1 (15 points)

    OK So a small win but not the total end result I wanted but... After logging in with an AD account to a mobile account on the server it created the user folder etc. This by itself would not allow Webdav but I went into advanced options for my user under system preferences and changed my groupf from some long numerical group to the staff group to match a test local account I setup and BAM! I could use Webdav with my AD account (although I am not sure how much I hosed the account by changing to staff from the long numerical group and if my password change in AD will apply on the OS X server now!!!

     

    The problem is I don't know where to apply the group change to other AD accounts that have not logged into the server and it created a mobile user account for them. I am going to check around on that.