Filr famtd cannot map ACL to principal in AD environment?
So we had a working system using our AD Domain.
The powers that be wanted to consolidated AD domains and migrated (using some Quest tool I believe) the AD info into a new AD.
GUID remained the same, and supposedly SID History came over (well OK I know it came over because Windows Exlorer works just fine now that the PC's are in the new Domain).
I probably didn't do things right in Filr, but I added the new LDAP info and removed the old LDAP server and then ran a sync. Since the GUIDs are the same, it basically didn't find any changes.
However, nobody could login (the underlying "structure" of the new AD changed radically, so the users are in an entirely diff. OU).
The only way to resolve THAT issue was to delete the users out of Filr (a very very slow and laborious process prone with all sorts of problems).
OK, did that.
Users import as new.
OK, good. Now they can login.
They get their Home Directory (My Files) and can actually SEE all the folders/files.
But they cannot actually access them.
"[pool-jits-thread-9] [com.novell.teaming.module.folder.impl.PlusFolderModule] - (jit) Failed to map ACL principal 's-1-5-21-976374488-563428744-3473557-94485' (17): File system principal ID 's-1-5-21-976374488-563428744-3473557-94485' (type=sid) cannot map to a principal"
So now I'm wondering if something's whacked in the MySQL database? The only KB articles I can find seem to be with Filr 1.0 and 1.1 and eDirectory.
At this point I could probably stand up a new database server faster than try to resolve this, but in a large/clustered environment I'd probably have to reinstall all the appliance vs. just whacking the database and re-entering the configs again.
Unsure why it cannot map the Principals, or which Principal it's referring to. I'm ASSUMING it's not the filr proxy account (which also migrated to the new domain with same GUID and SID history intact)
Re: Filr famtd cannot map ACL to principal in AD environment?
OK, so this must be something with the service account (filr proxy user) we're using.
If I put my own userid (for the Netfolder SERVER) proxy user into the system, then the ACL map to principal error goes away (I'm listed as an explicit trustee on the NTFS file permissions, but so is the filr service account).
However, I still cannot access the files (they show up, you just can't access them).