Unable to verify account name or password

[wrogner]

Describe the bug

When setting up a CardDAV account on MacOS, one gets:
"Unable to verify account name or password."

Username and password are correct, no typo.

Steps to reproduce

1. Setup Nextcloud, Contacts app and user account /
   Nextcloud runs in a subdirectory https://<server.domain>/nextcloud
2. on MacOS setup a CardDAV account
   Server Address: <server.domain>
   Server Path: /nextcloud/remote.php/dav/addressbooks/users//contacts-1
   Port: 443, [x] Use SSL
3. Sign In

-> This leads to above mentioned error message, account gets created but no access is possible.

Expected behavior

Setup connection
Use Contacts
(as easy as that)

Actual behavior

Cannot connect CardDAV connector for MacOS (or IOS for that).

Contact version

7.0.1

Operating system

Synology

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database

MariaDB

Additional info

updated .htaccess to rewrite caldav and carddav paths

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
...

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
#  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

[joshtrichards]

The URL you should use is in Contacts

It's under Contact settings -> Copy iOS/macOS CalDav address

It'll look something like:

https://domain.tld/remote.php/dav/principals/users/NAME/

For additional troubleshooting, please ask for assistance on the help forum: https://help.nextcloud.com

[wrogner]

@joshtrichards : Thanks for your attempt to help.

1. there is no such thing as Copy iOS/macOS CalDav address in Contacts !

2. The link that can be copied is: https://<server.domain>/nextcloud/remote.php/dav/addressbooks/users//contacts/
   (or .../test/ for Addressbook Test)

3. This is a WebDAV address that Contacts in MacOS / iOS does not recognise !

4. The link to help.nextcloud.com are outdated and do not provide advice on resolving the issue. Recommendations concern outdated versions of macOS and Nextcloud (I use macOS Sequoia 15.3.1 and Nextcloud 30.0.6)

[joshtrichards]

Oops. I was thinking of Calendar. ;)

The link that can be copied is: https://<server.domain>/nextcloud/remote.php/dav/addressbooks/users//contacts/

Does the URL really include two slashes like that? In between those double slashes should be your username.

Anyhow, please try

https://<server.domain>/nextcloud/remote.php/dav/principals/users/<USERNAME>/

Or even:

https://<server.domain>

Refs: https://docs.nextcloud.com/server/latest/user_manual/en/groupware/sync_ios.html

[wrogner]

@joshtrichards : Again thanks for your answer.

the double / is a copying typo. Only one / used.

I've tried your docs recommendation first, varying the paths from principals/users, addressbook(s)/user(s). Nothing worked.

Somewhere is a mention about reverse proxies and a suggestion how to resolve this. I tried this as well. Maybe there is an issue here.

If I try to get these URLs I only get WebDAV as a response. There is no CalDAV or CardDAV protocol served.
As there are no special firewall / port filters, I must assume there is a setting that provides WebDAV but no Cal/CardDAV interface.
If I can find this config file, I could try to adjust it.

Doing some research, it seems that this issue is either unresolved since 2017 or recurring since then.

One last thing: All users have different passwords (nextcloud admin, DB admin, NC users). On the file level, I chown -R http:http (default Apache2 user), chmod unchanged from repo.

[wrogner]

did some searching.

in nextcloud/apps/dav/appinfo
i have v1 and v2 directories.

nextcloud/apps/dav/appinfo
- info.xml 
- routes.php  
- signature.json  
- v1  
  - caldav.php  
  - carddav.php  
  - publicwebdav.php  
  - webdav.php 
- v2
  - direct.php  
  - publicremote.php  
  - remote.php

in v1/carddav.php I can see "principals" instead of addressbooks. However that is the case in caldav.php as well but calendar access is also denied.

[SebastianKrupinski]

Hi @wrogner

The proper url for the Contacts and Calendar should be,

https://{server.domain}/remote.php/dav/

If your installation is in a sub folder it would be something like this...

https://{server.domain}/{sub folder}/remote.php/dav/

[wrogner]

@SebastianKrupinski : Thanks for the hint.

Should be, but isn't.

"Unable to verify account name or password"

Username and password are correct (I can logon to nextcloud).

Here are two issues that remain:

1. I use TOTP 2FA. If I turn this off, I can connect to the contacts. -> TOTP conflicts with DAV connection (which it should not) -> Security issue

2. I can see only the top level (default) contacts (remote.php/dav).
   If I add another addressbook (/nextcloud/remote.php/dav/addressbooks/users//test/ , copied from the UI), it connects but does not show any contacts. -> individual addressbooks do not work, full CardDAV compliance (enumerating all addressbooks) seems missing -> Functional issue

[SebastianKrupinski]

Here are two issues that remain:

1. I use TOTP 2FA. If I turn this off, I can connect to the contacts. -> TOTP conflicts with DAV connection (which it should not) -> **Security issue**

If TOTP is a problem you can create an App Password.

2. I can see only the top level (default) contacts (remote.php/dav).>        If I add another addressbook (/nextcloud/remote.php/dav/addressbooks/users//test/ , copied from the UI), it connects but does not show any contacts. -> individual addressbooks do not work, full CardDAV compliance (enumerating all addressbooks) seems missing -> **Functional issue**

If you use this, that is a direct link to the specific address book it self,

/nextcloud/remote.php/dav/addressbooks/users/user1/test/

You need to use,

/nextcloud/remote.php/dav/

This will then see all the address books.

[wrogner]

@SebastianKrupinski :

I don't think that turning of TOTP is an option.
I would rather think that correct handling of 2FA would be the responsibility of Nextcloud apps.

It seems that the more I play around the more I move away from
a. the initial issue (account verification)
b. my primary business goal (implement Nextcloud as a successor to our current groupware)

Regarding account verification:

TOTP prevents account verification because Nextcloud DAV does not correctly negotiate username and password (with 2FA enabled).
(and before you complain: our current groupware works with 2FA)

Thanks for your effort, I appreciate your help.

[wrogner]

By conincidence I found there is an update to 7.0.2 (which I cannot install due to certificate issues).