[horde] Problem with Android Horde Activesync - Can't add account - Gmail's security settings are more secure than those set by your IT admin
Ronny Forberger
ronnyforberger at ronnyforberger.de
Tue Nov 12 20:24:32 UTC 2019
Hi Michael,
I tried disabling the provisioning on Horde, as described by you, but I
am still getting the same error on the Android device.
Best regards,
Ronny Forberger
Am 12.11.2019 um 05:09 schrieb Michael J Rubinsky:
>
> Quoting r.j.baart at prompt.nl:
>
>> Perhaps the problem is described here:
>> https://developers.google.com/android/work/device-admin-deprecation
>
> This may very likely be the case.
>
> I can't reproduce this on any of my devices, but I don't think the
> latest GMail app has been pushed out to any of them yet.
>
> Since this is because the device admin is being deprecated, you can
> maybe try disabling provisioning on the Horde side. You can do this
> via Admin->Permissions (Set provisioning to "disable" - be aware
> you'll lose all of the security policy settings if you do this
> though). If you want to get your hands a little dirtier, you can
> create a activesync_provisioning_check hook (see
> horde/config/hooks.php.dist). You can sniff the devices that are
> affected by maybe userAgent and return
> Horde_ActiveSync::PROVISIONING_NONE for those devices. Be aware that
> when doing either of these, you lose the ability to remote wipe a lost
> device.
>
> Without being able to reproduce this to test, I really have no idea if
> this will help, since this actually makes things less secure in a way,
> it might not, but since it removes the use of the device admin
> service, it's the best guess I have at the moment....other than using
> a different ActiveSync client like Outlook or Nine Folders.
>
>
>> I can read it, but I don't understand it. If this is the problem, the
>> solution will not come from Google.
>>
>>
>> On 9-11-2019 18:20, Ronny Forberger wrote:
>>> Hi Michael,
>>>
>>> thanks for your information.
>>>
>>> I am not sure if I have a second GMail account on the phone, I have
>>> a google account on it though.
>>>
>>> I think the Gmail application itself is now requiring certain
>>> security policies to be in place, as you said.
>>>
>>> I tried to set the permissions of ActiveSync to all permissions for
>>> authenticated users, creators and even my username, but no success.
>>>
>>> The error message on the phone is still appearing.
>>>
>>> It worked before the Android upgrade though without the Horde
>>> permissions.
>>>
>>> Any other ideas?
>>>
>>> Best regards,
>>>
>>> Ronny Forberger
>>>
>>>
>>> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>>>
>>>> Quoting Ronny Forberger <ronnyforberger at ronnyforberger.de>:
>>>>
>>>>> Hi Horde list,
>>>>>
>>>>> My brand new Android 9 phone has made an update to the OS and
>>>>> since that I cannot access my Horde Active Sync interface anymore.
>>>>>
>>>>> I am getting the error message
>>>>>
>>>>> Can't add account - Gmail's security settings are more secure than
>>>>> those set by your IT admin
>>>>>
>>>>> on Android.
>>>>>
>>>>> Any ideas what I have to set up on Horde / or the web server to
>>>>> make this run again or where to look at least?
>>>>
>>>> This sounds like you either maybe have another account setup in the
>>>> Gmail app on the Android device, whose provisioning policies are
>>>> more secure than Horde's, or the Gmail application itself is now
>>>> requiring certain security policies to be in place. You can try
>>>> looking at Horde -> Admin -> Permissions. Look at the permissions
>>>> available under Horde -> ActiveSync (you might need to create them)
>>>> and see if any of those look like a good candidate.
>>>>
>>>> For what it's worth, my Note has the same patchlevel, and I just
>>>> successfully added my horde account to the device, after accepting
>>>> the security policy.
>>>>
>>>>
>>>>>
>>>>> Android version: 9 PKQ1.181121.001
>>>>> Android security patchlevel: 2019-10-01
>>>>>
>>>>> Horde Version: 5.2.22
>>>>> Nginx Version: 1.16.1 (reverse proxy with mod_security)
>>>>> Apache httpd version: 2.4.41 (serving horde)
>>>>>
>>>>> Any help is appreciated.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Ronny Forberger
>>>>> -- ___________________________________
>>>>> Ronny Forberger
>>>>> ronnyforberger at ronnyforberger.de
>>>>> PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
>>>>>
>>>>> -- Horde mailing list
>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>
>>>>
>>>>
>>>> -- mike
>>>> The Horde Project
>>>> http://www.horde.org
>>>> https://www.facebook.com/hordeproject
>>>> https://www.twitter.com/hordeproject
>>>
>>>
>> --
>>
>> Cordialement,
>>
>> R.J. Baart
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
>
>
--
___________________________________
Ronny Forberger
ronnyforberger at ronnyforberger.de
PGP: http://www.ronnyforberger.de/pgp/email-encryption.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.horde.org/archives/horde/attachments/20191112/314cad7b/attachment.bin>
More information about the horde
mailing list