Authentication Failure on webdav SharePoint Business

Help and Support
1

What is the problem you are having with rclone?

I'd like to add a remote shared folder on OneDrive Business but the method I found doesn't appear to be working.
I've included multiple tests that all fail. Password I inserted into rclone works in browser login. 2FA should be off. wrongusername is an attempt with a wrong username and it fails with a different error so I'm guessing the problem is within the password authentication.

My complete inexperienced analysis leads me to believe that either the password is sent using the wrong methods (maybe they changed the field name or something like that) or that the account is not eligible/doesn't have the permissions for this kind of login.

What is your rclone version (output from rclone version)

rclone v1.57.0
- os/version: arch (64 bit)
- os/kernel: 5.10.60.1-microsoft-standard-WSL2 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.17.2
- go/linking: dynamic
- go/tags: none

Which cloud storage system are you using? (eg Google Drive)

OneDrive Business / Webdav / SharePoint Business

Commands and output

rclone -vv --dump headers,bodies,requests,responses,auth ls mysharepoint: 
2021/11/23 22:05:00 DEBUG : rclone: Version "v1.57.0" starting with parameters ["rclone" "-vv" "--dump" "headers,bodies,requests,responses,auth" "ls" "mysharepoint:"]
2021/11/23 22:05:00 DEBUG : Creating backend with remote "mysharepoint:"
2021/11/23 22:05:00 DEBUG : Using config file from "/home/hawk/.config/rclone/rclone.conf"
2021/11/23 22:05:00 DEBUG : found headers:
2021/11/23 22:05:00 DEBUG : You have specified to dump information. Please be noted that the Accept-Encoding as shown may not be correct in the request and the response may not show Content-Encoding if the go standard libraries auto gzip encoding was in effect. In this case the body of the request will be gunzipped before showing it.
2021/11/23 22:05:00 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2021/11/23 22:05:00 DEBUG : HTTP REQUEST (req 0xc000050700)
2021/11/23 22:05:00 DEBUG : POST /extSTS.srf HTTP/1.1
Host: login.microsoftonline.com
User-Agent: rclone/v1.57.0
Content-Length: 1399
Accept-Encoding: gzip

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
<o:Security s:mustUnderstand="1"
 xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken>
  <o:Username>raffaello.fraboni@studio.unibo.it</o:Username>
  <o:Password>[correct password here]</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <a:EndpointReference>
    <a:Address>https://liveunibo-my.sharepoint.com/personal/raffaello_fraboni_studio_unibo_it/Documents/</a:Address>
  </a:EndpointReference>
</wsp:AppliesTo>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
2021/11/23 22:05:00 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2021/11/23 22:05:00 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2021/11/23 22:05:00 DEBUG : HTTP RESPONSE (req 0xc000050700)
2021/11/23 22:05:00 DEBUG : HTTP/1.1 200 OK
Content-Length: 1445
Cache-Control: no-store, no-cache
Content-Type: application/soap+xml; charset=utf-8
Date: Tue, 23 Nov 2021 21:04:57 GMT
Expires: -1
P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Set-Cookie: fpc=AiMfYbYF-qZHh8qJfnTHTy-kkpTcAQAAAHlOL9kOAAAA; expires=Thu, 23-Dec-2021 21:04:58 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Ms-Ests-Server: 2.1.12231.8 - WEULR2 ProdSlices
X-Ms-Request-Id: 91e9caad-40d7-4c1e-bc5b-849e71f8a500

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Header><psf:pp xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:serverVersion>1</psf:serverVersion><psf:authstate>0x80048800</psf:authstate><psf:reqstatus>0x80048821</psf:reqstatus><psf:serverInfo ServerTime="2021-11-23T21:04:58.302394Z">ESTS-PUB-WEULR2-AZ2-FD078-001.ProdSlices rid:91e9caad-40d7-4c1e-bc5b-849e71f8a500</psf:serverInfo></psf:pp></S:Header><S:Body xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Fault><S:Code><S:Value>S:Sender</S:Value><S:Subcode><S:Value>wst:FailedAuthentication</S:Value></S:Subcode></S:Code><S:Reason><S:Text xml:lang="en-US">Authentication Failure</S:Text></S:Reason><S:Detail><psf:error xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:value>0x80048821</psf:value><psf:internalerror><psf:code>0x80048821</psf:code><psf:text>AADSTS50126: Error validating credentials due to invalid username or password.</psf:text></psf:internalerror></psf:error></S:Detail></S:Fault></S:Body></S:Envelope>
2021/11/23 22:05:00 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2021/11/23 22:05:00 Failed to create file system for "mysharepoint:": wst:FailedAuthentication: Authentication Failure (AADSTS50126: Error validating credentials due to invalid username or password.)
rclone -vv ls sharedfolder: 
2021/11/23 15:07:04 DEBUG : rclone: Version "v1.57.0" starting with parameters ["rclone" "-vv" "--log-file=log" "ls" "sharedfolder:"]
2021/11/23 15:07:04 DEBUG : Creating backend with remote "sharedfolder:"
2021/11/23 15:07:04 DEBUG : Using config file from "/home/hawk/.config/rclone/rclone.conf"
2021/11/23 15:07:04 DEBUG : found headers: 
2021/11/23 15:07:04 Failed to create file system for "sharedfolder:": wst:FailedAuthentication: Authentication Failure (AADSTS50126: Error validating credentials due to invalid username or password.)
rclone -vv ls recordings: 
2021/11/23 15:07:09 DEBUG : rclone: Version "v1.57.0" starting with parameters ["rclone" "-vv" "--log-file=log" "ls" "recordings:"]
2021/11/23 15:07:09 DEBUG : Creating backend with remote "recordings:"
2021/11/23 15:07:09 DEBUG : Using config file from "/home/hawk/.config/rclone/rclone.conf"
2021/11/23 15:07:09 DEBUG : found headers: 
2021/11/23 15:07:09 Failed to create file system for "recordings:": wst:FailedAuthentication: Authentication Failure (AADSTS50126: Error validating credentials due to invalid username or password.)
rclone -vv ls wrongusername: 
2021/11/23 15:08:01 DEBUG : rclone: Version "v1.57.0" starting with parameters ["rclone" "-vv" "--log-file=log" "ls" "wrongusername:"]
2021/11/23 15:08:01 DEBUG : Creating backend with remote "wrongusername:"
2021/11/23 15:08:01 DEBUG : Using config file from "/home/hawk/.config/rclone/rclone.conf"
2021/11/23 15:08:01 DEBUG : found headers: 
2021/11/23 15:08:01 Failed to create file system for "wrongusername:": wst:FailedAuthentication: Authentication Failure (AADSTS50034: The user account {EmailHidden} does not exist in the studio.unibo.it directory. To sign into this application, the account must be added to the directory.)

The rclone config contents with secrets removed.

[mysharepoint]
type = webdav
url = https://liveunibo-my.sharepoint.com/personal/raffaello_fraboni_studio_unibo_it/Documents
vendor = sharepoint
user = raffaello.fraboni@studio.unibo.it
pass = [password]

[sharedfolder]
type = webdav
url = https://liveunibo-my.sharepoint.com/personal/[redacted]_unibo_it/Documents
vendor = sharepoint
user = raffaello.fraboni@studio.unibo.it
pass = [password]

[recordings]
type = webdav
url = https://liveunibo-my.sharepoint.com/personal/[redacted]_unibo_it/Documents/Recordings
vendor = sharepoint
user = raffaello.fraboni@studio.unibo.it
pass = [password]

[wrongusername]
type = webdav
url = https://liveunibo-my.sharepoint.com/personal/raffaello_fraboni_studio_unibo_it/Documents
vendor = sharepoint
user = raffaello.fraboni2@studio.unibo.it
pass = [password]
2

hello and welcome to the forum,

see this topic, where i helped a fellow rcloner with what i think is the similar issue as yours.
https://forum.rclone.org/t/sync-shared-folder-in-rclone/27390/22?u=asdffdsa

if that does not solve the issue, then post a full debug log by running a command such as rclone lsd

1 Like
3

I don't quite see any difference with the tests I've included. Could you elaborate on which changes I should test?

The logs appear to be the same. Am I missing something in the command?

rclone -vv --dump headers,bodies,requests,responses,auth lsd sharedfolder: 
2021/11/24 04:47:45 DEBUG : rclone: Version "v1.57.0" starting with parameters ["rclone" "-vv" "--dump" "headers,bodies,requests,responses,auth" "ls" "sharedfolder:"]
2021/11/24 04:47:45 DEBUG : Creating backend with remote "sharedfolder:"
2021/11/24 04:47:45 DEBUG : Using config file from "/home/hawk/.config/rclone/rclone.conf"
2021/11/24 04:47:45 DEBUG : found headers:
2021/11/24 04:47:45 DEBUG : You have specified to dump information. Please be noted that the Accept-Encoding as shown may not be correct in the request and the response may not show Content-Encoding if the go standard libraries auto gzip encoding was in effect. In this case the body of the request will be gunzipped before showing it.
2021/11/24 04:47:45 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2021/11/24 04:47:45 DEBUG : HTTP REQUEST (req 0xc000806500)
2021/11/24 04:47:45 DEBUG : POST /extSTS.srf HTTP/1.1
Host: login.microsoftonline.com
User-Agent: rclone/v1.57.0
Content-Length: 1390
Accept-Encoding: gzip

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
<o:Security s:mustUnderstand="1"
 xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken>
  <o:Username>raffaello.fraboni@studio.unibo.it</o:Username>
  <o:Password>[redacted]</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <a:EndpointReference>
    <a:Address>https://liveunibo-my.sharepoint.com/personal/[redacted]_unibo_it/Documents/</a:Address>
  </a:EndpointReference>
</wsp:AppliesTo>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
2021/11/24 04:47:45 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2021/11/24 04:47:45 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2021/11/24 04:47:45 DEBUG : HTTP RESPONSE (req 0xc000806500)
2021/11/24 04:47:45 DEBUG : HTTP/1.1 200 OK
Content-Length: 1445
Cache-Control: no-store, no-cache
Content-Type: application/soap+xml; charset=utf-8
Date: Wed, 24 Nov 2021 03:47:42 GMT
Expires: -1
P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Set-Cookie: fpc=AjNvMbNn0mpLmMR49OhnyxakkpTcAQAAAN2sL9kOAAAA; expires=Fri, 24-Dec-2021 03:47:42 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Ms-Ests-Server: 2.1.12231.8 - NEULR2 ProdSlices
X-Ms-Request-Id: 34077062-7e5a-4b32-af72-13ead356d101

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Header><psf:pp xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:serverVersion>1</psf:serverVersion><psf:authstate>0x80048800</psf:authstate><psf:reqstatus>0x80048821</psf:reqstatus><psf:serverInfo ServerTime="2021-11-24T03:47:42.356725Z">ESTS-PUB-NEULR2-AZ3-FD052-001.ProdSlices rid:34077062-7e5a-4b32-af72-13ead356d101</psf:serverInfo></psf:pp></S:Header><S:Body xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Fault><S:Code><S:Value>S:Sender</S:Value><S:Subcode><S:Value>wst:FailedAuthentication</S:Value></S:Subcode></S:Code><S:Reason><S:Text xml:lang="en-US">Authentication Failure</S:Text></S:Reason><S:Detail><psf:error xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:value>0x80048821</psf:value><psf:internalerror><psf:code>0x80048821</psf:code><psf:text>AADSTS50126: Error validating credentials due to invalid username or password.</psf:text></psf:internalerror></psf:error></S:Detail></S:Fault></S:Body></S:Envelope>
2021/11/24 04:47:45 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2021/11/24 04:47:45 Failed to create file system for "sharedfolder:": wst:FailedAuthentication: Authentication Failure (AADSTS50126: Error validating credentials due to invalid username or password.)
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.