Sharepoint remote for MS Office Education account with guest permissions

kyleredilla · May 4, 2022, 6:25pm

What is the problem you are having with rclone?

I am trying to set up a remote connection for a sharepoint site that my Office 365 Education account (university email as login) is granted guest permissions on. I have verified that I can login to the sharepoint site via a web browser and the MS Teams app for MacOS.

Run the command 'rclone version' and share the full output of the command.

rclone v1.58.1-DEV
- os/version: centos 7.9.2009 (64 bit)
- os/kernel: 3.10.0-1160.31.1.el7.x86_64 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.17.6
- go/linking: static
- go/tags: none

Which cloud storage system are you using? (eg Google Drive)

OneDrive / sharepoint

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone config to set up the remotes, rclone lsd <remote>: to test.

The rclone config contents with secrets removed.

Below are the configurations that I managed to set up via rclone config that I thought might work, but didn't.

Config 1:

[abc-webdav]
type = webdav
url = https://abc.sharepoint.com/teams/160925138/
vendor = sharepoint
user = user@uni.edu
pass = REMOVED

Config 2:

[abc-webdav-ntlm]
type = webdav
url = https://abc.sharepoint.com/teams/160925138/
vendor = sharepoint-ntlm
user = xyz\user
pass = REMOVED

Note, "xyz" above is the domain, and was taken from guidance in the docs, as the "[YOUR-DOMAIN]" substring:

To use a sharepoint remote with rclone, add it like this: First, you need to get your remote's URL:

Go here to open your OneDrive or to sign in
Now take a look at your address bar, the URL should look like this: https://[YOUR-DOMAIN]-my.sharepoint.com/personal/[YOUR-EMAIL]/_layouts/15/onedrive.aspx

When tried with my login email address domain, e.g. "uni.edu" instead of "xyz", I get the same results (provided below).

A log from the command with the `-vv` flag

Results of rclone lsd abc-webdav: -vv:

2022/05/04 09:39:44 DEBUG : rclone: Version "v1.58.1-DEV" starting with parameters ["rclone" "lsd" "abc-webdav:" "-vv"]
2022/05/04 09:39:44 DEBUG : Creating backend with remote "abc-webdav:"
2022/05/04 09:39:44 DEBUG : Using config file from "/home/user/.config/rclone/rclone.conf"
2022/05/04 09:39:44 DEBUG : found headers: 
2022/05/04 09:39:45 ERROR : : error listing: couldn't list files: 401 Unauthorized
2022/05/04 09:39:45 DEBUG : 7 go routines active
2022/05/04 09:39:45 Failed to lsd with 2 errors: last error was: couldn't list files: 401 Unauthorized

Results of rclone lsd abc-webdav-ntlm: -vv:

2022/05/04 09:39:55 DEBUG : rclone: Version "v1.58.1-DEV" starting with parameters ["rclone" "lsd" "abc-webdav-ntlm:" "-vv"]
2022/05/04 09:39:55 DEBUG : Creating backend with remote "abc-webdav-ntlm:"
2022/05/04 09:39:55 DEBUG : Using config file from "/home/user/.config/rclone/rclone.conf"
2022/05/04 09:39:55 DEBUG : found headers: 
2022/05/04 09:39:55 ERROR : : error listing: couldn't list files: 401 Unauthorized
2022/05/04 09:39:55 DEBUG : 4 go routines active
2022/05/04 09:39:55 Failed to lsd with 2 errors: last error was: couldn't list files: 401 Unauthorized

Other thoughts

I believe this is a similar case to this question, but the final config that ended up working for that user, which mirrors my "Config 1" above, (obviously) does not work for me:

type = webdav
url = https://ABC.sharepoint.com/sites/XYZ/Shared Documents
vendor = sharepoint
user = USER@DEF.edu
pass = REMOVED

Also, I did try to configure this as a OneDrive remote initially,

Storage> onedrive  
...  
client_id>  
...  
client_secret>   
...  
region> 1
...
Edit advanced config?
y/n> n
Already have a token - refresh?
y/n> n
...
config_type> 3
...
config_site_url> https://abc.sharepoint.com/teams/160925138/

And then I get the following error after supplying that url:

2022/05/04 10:05:34 DEBUG : abc-sharepoint: config in: state="url_end", result="https://abc.sharepoint.com/teams/160925138"
2022/05/04 10:05:34 DEBUG : abc-sharepoint: config out: out=&{State:choose_type Option:<nil> OAuth:<nil> Error:Failed to query available site by relative path: HTTP error 400 (400 Bad Request) returned body: "{\"error\":{\"code\":\"BadRequest\",\"message\":\"Resource not found for the segment 'abc.sharepoint.com'.\",\"innerError\":{\"date\":\"2022-05-04T18:05:34\",\"request-id\":\"0e8fc20d-73cc-471e-b749-3a3e89e35086\",\"client-request-id\":\"0e8fc20d-73cc-471e-b749-3a3e89e35086\"}}}" Result:}, err=<nil>
Failed to query available site by relative path: HTTP error 400 (400 Bad Request) returned body: "{\"error\":{\"code\":\"BadRequest\",\"message\":\"Resource not found for the segment 'abc.sharepoint.com'.\",\"innerError\":{\"date\":\"2022-05-04T18:05:34\",\"request-id\":\"0e8fc20d-73cc-471e-b749-3a3e89e35086\",\"client-request-id\":\"0e8fc20d-73cc-471e-b749-3a3e89e35086\"}}}"
2022/05/04 10:05:34 DEBUG : abc-sharepoint: config in: state="choose_type", result=""
2022/05/04 10:05:34 DEBUG : abc-sharepoint: config out: out=&{State:choose_type_done Option:onedrive OAuth:<nil> Error: Result:}, err=<nil>
2022/05/04 10:05:34 DEBUG : abc-sharepoint: config: reading config parameter "config_type"

Also, and maybe this is the main thing, but I have 2FA on my university account!

I think that's all, let me know what other details I can provide! Thank you for this tool it has been great for my other use cases so far.

asdffdsa · May 4, 2022, 6:29pm

hello and welcome to the forum,

that version of rclone is some custom compiled version.
the only way to get the offical version is https://rclone.org/downloads/#script-download-and-install

kyleredilla · May 4, 2022, 7:25pm

Thank you, yes I know this is not the official version of rclone, just what installs with conda install rclone. I know it is not ideal but it's what I have to work with on this system currently.

I've just tried the two webdav configurations I listed above, with the official version of rclone on a separate system, and received similar "401 Unauthorized" errors. Do you have any thoughts on those configurations? Any ideas on what to try?

asdffdsa · May 4, 2022, 7:29pm

no, often edu accounts are different from normal accounts.
this works for my normal account.

[sdav]
type = webdav
url = https://domain.sharepoint.com
vendor = sharepoint
user = username@domain.net
pass =

webdav is a common protocol, have you tried any other clients.
windows has native webdv support, does macos?

kyleredilla · May 4, 2022, 7:33pm

Have you had any experience where your target url has a different domain from your user domain, e.g. where your account was given guest permissions on another domain? I am wondering if that is part of my issue. E.g. have you done anything like this:

[sdav]
type = webdav
url = https://abc-domain.sharepoint.com
vendor = sharepoint
user = username@xyz-domain.net
pass =

Also, I just updated my question, but I just remembered that I have 2FA on my uni account, so maybe that is a deal-breaker.

I have been trying with curl but getting similar errors.

asdffdsa · May 4, 2022, 8:16pm

i have 2fa on that account and webdav works fine.

kyleredilla · May 4, 2022, 8:50pm

Do you see anything off with the steps I took above to set up as a onedrive remote instead of webdav? I'm curious why that would not work in the first place. I.e., after I successfully generated the token by logging in to authorize rclone for access, why should it fail to find that sharepoint site url if I have guest access?

system · June 3, 2022, 8:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.