Can't log into DSM 7.0 (Synology) (with DEVONthink)

You could try from Safari but webdav.

(Chante the url to your language if it does not automatically changes):

The certificate is valid.

If the IP is blocked, then the login window shouldn’t be opened either, right?

Not sure.

As far as I remember it won’t be opened.

Ok, thanks. I’ll investigate it and give a feedback on success!

Did you ever get this resolved?

Unfortunately not! Also with macOS Monterey and latest DT Pro!

Do the Safari extensions affect DT web browser?

Can you perhaps describe a bit more detailed what you’re trying to do? Currently I don’t see the relationship between syncing and browsing, nor what you mean with

Is it possible to disable TLS 1.0/1.1 in DT browser and to force that DT browser has to use TLS 1.3 with HTTP 2.0?

The background to my question is that I have noticed that in Safari or other browsers TLS 1.0/1.1 is always deactivated and in all browsers (except DT browser) version TLS 1.3 with HTTP 2.0 is used for handshake. In DT browser, TLS 1.3 with HTTP 1.1 is used for handshake. I don’t know if that is the problem. I just want to rule out that the issue is based on that.

I doubt that there’s any browser or webserver currently in use that doesn’t understand HTTP 1.1. In fact, HTTP 2 can only be activated via an additional module in Apache. OTH, I just downgraded the TLS/SSL requirements on the NAS to see if that changes anything (that is, “lowest” compatibility level in Security/Advanced, which turns on everything from TLS 1.0 through TLS 1.3. No change in the logon behavior in DT, though.

Edit This has in fact nothing at all to do with the S in HTTPS: I turned off the “automatically redirect all HTTP connections to HTTPS” in the NAS and got the exact same behavior. Interestingly, the NAS always sends HTTP 200 codes, so no error happening on that side. The problem seems (!) to arise on the client side (i.e. inside the WebView used in DT). The NAS relies heavily on JavaScript on the client side, it seems, and there might be some imcompatibility arising …

Do further narrow down the problem, one could capture a HTTP logon session (using Wireshark) from a real browser and from inside DT and then compare those capture files.

OTH, why do you want to connect to the NAS from within DT?

I also already tried it with downgrading the security requirements, but it doesn’t help.

The web server log file does not contain any special entries.

I have just successfully logged in on a newly installed MacOS. That means, it must be due to some configuration on the other Macs. Perhaps during the rest of the installation I will find the appropriate setting that prevents logging in… I will report…

In DT? Or in a browser? I amended my last posting to clarify that I couldn’t log in from DT either with HTTP or with HTTPS. From a Mac in a browser though, I have no problem whatsoever.

Both!

It’s actually more about the login to Synology Drive Office (in order to edit shared tables and documents). There’s the same login problem…

So if I understand you correctly, you can login from one machine in DT and browser but not on any other? Whereas I can login in the browser but not in DT.

Also, the Synology log does not reveal any unsuccessfull login attempt at all from my devices. So I guess the login never really gets through to the NAS but is just kind of thwarted inside DT (or rather its WebView).

That’s of course your call, but maybe you could just mount the stuff SMB? Or maybe not, because only Synology knows how to work with these files? Which in my mind would make it advisable to use a more open format, but again – your call.

We always have to work with several people on many tables, so Synology Drive Office is the only solution to comply with German data protection law (and the cheapest way to do so)…

IANAL, but I do not quite see the relationship between the DSGVO/GDPR and the data format and/or way you access it. AFAIK, a lot of businesses that have to respect the german data protection laws work with other data formats and access mechanisms, like cloud services, on-premise databases, even Excel.

If you’re using the DSM’s authentication methods to limit access to certain documents, they should work for SMB as well as for DSM, Drive Office and everything else on the NAS.

1 Like

Yes, all is true. I appreciate your thoughts.

BUT:

  1. We need simultaneous access and versioning.

  2. We don‘t trust in external server and cloud services.

  3. We use other Synology services/application in connection with point 1.

  4. The costs are unbeatable.

Nevertheless we are thinking to change our system in order not to be so dependant to certain services.

BTW: The login (DSM and Synology Drive Office) works with DT since the last update to DSM 7.0.1 and Synology Drive Server (18th of January) …

Thanks for the follow-up on this. Glad to hear it’s working well :slight_smile: