Trouble With New OneDrive Config

What is the problem you are having with rclone?

I tried to make a new config for OneDrive. I selected #26, everything after were the default options, I just pressed Enter through the prompts. A browser window popped and proceeded to try to sign in. Then I got this error:
error

What is your rclone version (output from rclone version)

rclone v1.55.1

  • os/type: windows
  • os/arch: amd64
  • go/version: go1.16.3
  • go/linking: dynamic
  • go/tags: cmount

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Windows 10 Pro 64 Bit

Which cloud storage system are you using? (eg Google Drive)

OneDrive for Business

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone config

The rclone config contents with secrets removed.

N/A - config not created

A log from the command with the -vv flag

2021/04/28 21:16:57 DEBUG : Using config file from "[...]\\.config\\rclone\\rclone.conf"
2021/04/28 21:16:57 DEBUG : rclone: Version "v1.55.1" starting with parameters ["rclone" "--log-file=mylogfile.txt" "-vv"]
2021/04/28 21:17:59 DEBUG : Using config file from "[...]\\.config\\rclone\\rclone.conf"
2021/04/28 21:17:59 DEBUG : rclone: Version "v1.55.1" starting with parameters ["rclone" "config" "--log-file=mylogfile.txt" "-vv"]
2021/04/28 21:18:13 DEBUG : Starting auth server on 127.0.0.1:53682
2021/04/28 21:18:13 DEBUG : Redirecting browser to: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?access_type=offline&client_id=[redacted]&redirect_uri=http%3A%2F%2Flocalhost%3A53682%2F&response_type=code&scope=Files.Read+Files.ReadWrite+Files.Read.All+Files.ReadWrite.All+offline_access+Sites.Read.All&state=r_s01nvJHWwrTcdLJAZ1Ag

I was able to add two other OneDrive for Business accounts without any issue, its just this one with the issue. Any thoughts?

Welcome to the forum!

Just a quick guess: Your administrator may have blocked for rclone and similar.

Are all three Business accounts belonging to the same tenant (organisation), and do they have the same rights in that tenant?

Thanks, the three Business accounts belong to different organisations. As a side note, I did try connecting this account with the issue to Multcloud and it worked fine there. So I'm wondering if there's perhaps a manual workaround I can try if it is the administrator that is blocking rclone.

Interesting.

I use Personal OneDrive and don't know the detailed settings and workarounds for Business OneDrive. I guess other forum members are better at helping you from here.

It may be a help for them to know if you are able to ask your OneDrive administrator - or prefer not to.

I would prefer not to contact the administrator at this time, I am hopeful there may be a solution suggested I can do on my end.

The workaround is to use the webdav backend with the sharepoint configuration. That might work.

Thank you for the link, I configured it according to the guide:

[test3]
type = webdav
url = https://[snip]/personal/[snip]/Documents
vendor = sharepoint-ntlm
user = [snip]@[snip]
pass = *** ENCRYPTED ***

But trying to run a ls command, I'm getting this:

[...]\Documents\rclone-v1.55.1-windows-amd64>rclone ls test3:
2021/05/03 00:11:18 ERROR : : error listing: couldn't list files: 403 FORBIDDEN: 403 FORBIDDEN
2021/05/03 00:11:18 Failed to ls with 2 errors: last error was: couldn't list files: 403 FORBIDDEN: 403 FORBIDDEN

hi,
please post the full debug output, not just a snippet - add -vv to the command

the password needs to be obscured

do you have MFA enabled?

Hi,

Sure, here's the log with -vv:

C:\Users[...]\Documents\rclone-v1.55.1-windows-amd64>rclone ls test3: -vv
2021/05/03 16:30:13 DEBUG : Using config file from "C:\Users\[..]\.config\rclone\rclone.conf"
2021/05/03 16:30:13 DEBUG : rclone: Version "v1.55.1" starting with parameters ["rclone" "ls" "test3:" "-vv"]
2021/05/03 16:30:13 DEBUG : Creating backend with remote "test3:"
2021/05/03 16:30:13 ERROR : : error listing: couldn't list files: 403 FORBIDDEN: 403 FORBIDDEN
2021/05/03 16:30:13 DEBUG : 4 go routines active
2021/05/03 16:30:13 Failed to ls with 2 errors: last error was: couldn't list files: 403 FORBIDDEN: 403 FORBIDDEN

I don't have MFA enabled.

i would contact the admin of that sharepoint

If possible I was hoping there would be a solution that doesn't involve contacting the admin, since I was able to connect the account using Multcloud.

What authentication method does Multicloud use? Can you find out?

I'm not sure what kind of authentication Multcloud uses, but when I tried removing the account with the issue on Multcloud, then tried to re-add it, I noticed the URL looks like: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=[snip]&redirect_uri=https%3A%2F%2Fapi2.multcloud.com%2Fdrives%2Fcallback&response_type=code&state=&prompt=login&scope=User.Read+Files.ReadWrite+offline_access&sso_reload=true

Then it takes me to the organization sign in page:
image
image

Once I signed in, I got the page to ask me if I wanted to stay logged in, then a page that listed out the permissions the app was requesting. I don't have a screenshot of that page since the permissions were already approved before.

If this isn't enough information on what authentication method Multcloud is using, I can shoot them an email if needed.

I just noted that the error in your first post specifically says that the rclone Client ID has been disabled.

Maybe rclone has been blacklisted, and MultCloud hasn’t.

If so, you may be able to gain access by using your own Client ID in rclone.

Unfortunately, I can't get past the first step to login to Azure, I presume you need to be an admin for access. I'm getting a "You don't have access to this" message after login.

I guess you tried with your .edu account.

Try using a personal Microsoft account (E.g. example@outlook.com).

I was able to access Azure with my personal Microsoft account and followed the instructions in the guide to create the needed values. To start fresh, I setup a new config for my .edu account, went through the prompts, got to part where the browser opened http://127.0.0.1:53682, put in my .edu creds and got this:
image
Since I don't have an admin account, I skipped the first link, when I click on the "Return to the application without granting consent" link, I got:

2021/05/07 18:52:25 Failed to configure token: Error: Auth Error
Code: ""
Description: No code returned by remote server
Help:

There's nothing rclone can really do about this. Your administrator has blocked access from unapproved applications. I get the same problem if I try to talk to my corporate account (if I didn't I'd complain, since I'm the security guy who makes sure we can't leak data!).