deadbeef99 Absent Member.
Absent Member.
3002 views

Home folder sync issues / other questions

One major issue I'm facing with a couple AD LDAP users is that their My Files will not mount in Filr. After troubleshooting and troubleshooting, I've come to the conclusion that it is either a file structure limitation of some sort and/or a formatting issue with a file/folder somewhere in their home dir. These are some of the errors I'm getting from the Filr logs. I have other users configured the exact same way without any issue. I've tried everything I can think of. If I change the users home dir to a new folder underneath their regular home dir that doesn't work, then it will work...

[com.novell.teaming.module.folder.impl.PlusFolderModule] - (jit) Failed to process entity with path [/Home Workspace/Personal Workspaces/USERNAME (USERLOGIN)/Home]: java.lang.IllegalStateException: Could not conver the famt trustee response to FamtTrusteeResponse object: null[MARSHALING_FAILED]
java.lang.IllegalStateException: Could not conver the famt trustee response to FamtTrusteeResponse object: null[MARSHALING_FAILED]
at com.novell.teaming.fi.connection.famt.FamtResourceSession.handleException(FamtResourceSession.java:148)
at com.novell.teaming.fi.connection.famt.FamtResourceSession.getChildren(FamtResourceSession.java:722)
at com.novell.teaming.module.folder.impl.PlusFolderModule._getAndFilterChildrenItems(PlusFolderModule.java:1796)
at com.novell.teaming.module.folder.impl.PlusFolderModule.getAndFilterChildrenItems(PlusFolderModule.java:1770)
at com.novell.teaming.module.folder.impl.PlusFolderModule.syncExistingFolderOneLevelOnly(PlusFolderModule.java:1909)
at com.novell.teaming.module.folder.impl.PlusFolderModule.dodoJitSync(PlusFolderModule.java:523)
at com.novell.teaming.module.folder.impl.PlusFolderModule.doJitSync(PlusFolderModule.java:427)
at com.novell.teaming.module.folder.impl.PlusFolderModule.access$100(PlusFolderModule.java:110)
at com.novell.teaming.module.folder.impl.PlusFolderModule$2.doAsynchronously(PlusFolderModule.java:368)
at com.novell.teaming.module.folder.impl.PlusFolderModule$2.doAsynchronously(PlusFolderModule.java:361)
at org.kablink.teaming.runasync.RunAsyncManager$1.call(RunAsyncManager.java:188)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:345)
at java.util.concurrent.FutureTask.run(FutureTask.java:177)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1156)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:626)
at



I have a couple group membership issues too. Does Filr obey default AD group permissions, like Domain Users for shares? I am a domain admin AND domain user, but in Filr it only shows I am part of the domain admins group. LDAP is able to see the domain users group and normal users in it, but admins are not a part of it for some reason even though they are in AD.



Mobile app - When will we be able to have share/delete functionality? Without this it will be a really tough sell for me. What about having the capability of setting up favorites? Is this functionality coming as well?


Thanks in advance,
-Dave
0 Likes
17 Replies
jmarton2 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

deadbeef99 wrote:

> One major issue I'm facing with a couple AD LDAP users is that their
> My Files will not mount in Filr. After troubleshooting and
> troubleshooting, I've come to the conclusion that it is either a file
> structure limitation of some sort and/or a formatting issue with a
> file/folder somewhere in their home dir. These are some of the errors
> I'm getting from the Filr logs. I have other users configured the
> exact same way without any issue. I've tried everything I can think
> of. If I change the users home dir to a new folder underneath their
> regular home dir that doesn't work, then it will work...


Hmm... that's odd that Filr imports the home directory if you point it
to a level below. From the log you posted it looks like there's an
issue with the trustee assignment at the home folder level. If you
take a look at the NTFS permissions directly at the home folder for a
problem user, do you perhaps seen an unknown account listed? As I
recall that would be where the SID is still listed but the account has
been deleted so there's no user to match up with the SID. If
permissions look ok, you could literally try deleting the user from
there (and not applying this to all files and folders underneath),
adding the user back, then seeing if Filr is a bit happier.

> I have a couple group membership issues too. Does Filr obey default AD
> group permissions, like Domain Users for shares? I am a domain admin
> AND domain user, but in Filr it only shows I am part of the domain
> admins group. LDAP is able to see the domain users group and normal
> users in it, but admins are not a part of it for some reason even
> though they are in AD.


From what your describing I believe at least part of this (if not all
of this) is due to the fact that for whatever reason, AD-LDAP reports
the Users container as a cn and not an ou. This means groups within
that container typically don't resolve in Filr. If you use groups in
OUs you've created elsewhere in AD they should work fine.

> Mobile app - When will we be able to have share/delete functionality?


These are at the top of the list. We're hoping to add share
functionality later this summer. In the meantime you can access the
web client using a mobile browser if you need to share or delete a file
from a mobile device.

> What about having
> the capability of setting up favorites? Is this functionality coming
> as well?


That is another enhancement request that's currently being evaluated
though there's been no target timeframe announced for this yet.

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
deadbeef99 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

Thanks for all your information on this it really is appreciated.

So I have my Domain Users group in a non default OU container that is recognized by Filr, but it doesn't populate the group with any members. The domain users I have configured for Filr are also in a non default OU that is recognized by Filr. I need to get this functionality working, any suggestions? Everything seems to sync fine with the LDAP sync but the group is empty in Filr.

I would also like some explanation on how file syncing works. If scheduled syncing is off and Just In Time syncing is on, does syncing only happen on the fly when a user accesses directories. What data is stored on the client device with this configuration?

Thanks again
0 Likes
deadbeef99 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

Ok so I got that one users My Files working correctly, however if you dig deep into their home dir nothing is appearing in Filr. I tried to re-sync everything but it doesn't seem to be working..
0 Likes
deadbeef99 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

Also the domain users group is empty because that is the primary group for our users and it isn't being queried properly. What do I need to add to the users and/or groups filter to allow for the Primary Group to also be used for group membership? In AD the attribute is primaryGroupID = 513
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

deadbeef99 wrote:

>
> Thanks for all your information on this it really is appreciated.
>
> So I have my Domain Users group in a non default OU container that is
> recognized by Filr, but it doesn't populate the group with any
> members. The domain users I have configured for Filr are also in a
> non default OU that is recognized by Filr. I need to get this
> functionality working, any suggestions? Everything seems to sync fine
> with the LDAP sync but the group is empty in Filr.


In the LDAP settings, under groups, do you have "synchronize group
membership" checked?

> I would also like some explanation on how file syncing works. If
> scheduled syncing is off and Just In Time syncing is on, does syncing
> only happen on the fly when a user accesses directories. What data is
> stored on the client device with this configuration?


You are correct. When only using JITS, as a user traverses folders
Filr does a sync on that specific folder (and none of the subfolders)
to present the listing of the current folder. This doesn't really
affect desktop users using the desktop client but rather the web and
mobile clients. Nothing is stored in the clients themselves as the
folder structure is browsed.

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

deadbeef99 wrote:

>
> Ok so I got that one users My Files working correctly, however if you
> dig deep into their home dir nothing is appearing in Filr. I tried to
> re-sync everything but it doesn't seem to be working..


Where did you try doing the sync? Did you try it on the NF Server?

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

deadbeef99 wrote:

>
> Also the domain users group is empty because that is the primary group
> for our users and it isn't being queried properly. What do I need to
> add to the users and/or groups filter to allow for the Primary Group
> to also be used for group membership? In AD the attribute is
> primaryGroupID = 513


I'll have to admit that I'm pretty dumb when it comes to AD. What do
you mean by primary group? The only thing I know about with my limited
understanding is how to use AD Users & Computers to pull up a group and
look at the members, or to pull up a user and go to the "member of" tab
to see what groups that user is a member of.

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
deadbeef99 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

I still haven't been able to figure this out or if its even possible. All our users have Domain Users as their Primary Group in AD , and the bulk of our shared drive relies on this group for user permissions. I can add the group via the LDAP screen, but the membership is always empty... Am I running into a limitation or is there some type of workaround to make this default LDAP group populate?
0 Likes
deadbeef99 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

I still haven't been able to figure this out or if its even possible. All our users have Domain Users as their Primary Group in AD , and the bulk of our shared drive relies on this group for user permissions. I can add the group via the LDAP screen, but the membership is always empty... Am I running into a limitation or is there some type of workaround to make this default LDAP group populate?

Also our main shared drive is around 800GB with hundreds of files/folders. I tried to add this entire share to Filr and it was unable to sync it up. Basically the MySQL process hammered the CPU and the folder never became available. I deleted that share and rebooted the appliance and all is well. I need to be able to share this entire directory to our Filr Users.

Thanks in advance
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

deadbeef99 wrote:

>
> I still haven't been able to figure this out or if its even possible.
> All our users have Domain Users as their Primary Group in AD , and the
> bulk of our shared drive relies on this group for user permissions. I
> can add the group via the LDAP screen, but the membership is always
> empty... Am I running into a limitation or is there some type of
> workaround to make this default LDAP group populate?


I still don't understand what this primary group thing is. Can you
explain this? All I see is that users can simply be members of groups
but I don't see anything about primary group.

At any rate, I know that if "domain users" is used as the *only* group
for rights and stuff you'll have issues. This is because AD-LDAP
responds with the default Users container as being a cn and not an ou,
so groups in that container don't resolve group membership. However if
these users are also members of other groups and those other groups are
used for rights then there shouldn't be an issue. That's why I'd like
to learn what this "primary group" thing is.

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

deadbeef99 wrote:

> Also our main shared drive is around 800GB with hundreds of
> files/folders. I tried to add this entire share to Filr and it was
> unable to sync it up. Basically the MySQL process hammered the CPU and
> the folder never became available. I deleted that share and rebooted
> the appliance and all is well. I need to be able to share this entire
> directory to our Filr Users.


Have you tried leveraging Just-In-Time-Sync (JITS) instead of scheduled
syncs?

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
gleach1 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

I've got the exact same problem with primary groups as i've just found out with a test setup - there will be a lot of other potential customers that will run into this issue

My understanding of a primary group is that it is not populated as 'memberof' in the user account, it is instead stored in an attribute of the user account called primarygroupID

It seems that filr is not looking at this primarygroupID attribute and is just looking for 'memberof'

if I look at my own AD account with an ldap browser it will return my accoutn as being a member of my primary group, but my account does not have the corresponding 'memberof' attribute populated with the primary group name, so filr is not seeing my accoutn being a member of that group

This will be a rather large problem with the product and will afect several potential sites I can almost guarantee that...

Do we need to raise an SR to get someone to look into why this is broken, as it seems like a fairly trivial issue to me that should have been working at release...

0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

gleach1 wrote:

> My understanding of a primary group is that it is not populated as
> 'memberof' in the user account, it is instead stored in an attribute
> of the user account called primarygroupID
>
> It seems that filr is not looking at this primarygroupID attribute and
> is just looking for 'memberof'
>
> if I look at my own AD account with an ldap browser it will return my
> accoutn as being a member of my primary group, but my account does not
> have the corresponding 'memberof' attribute populated with the primary
> group name, so filr is not seeing my accoutn being a member of that
> group


Can you point me to where you actually define the primary group for a
user outside of using LDAP tools? Is this something you can configure
in AD Users & Computers?

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
gleach1 Absent Member.
Absent Member.

Re: Home folder sync issues / other questions

well doing some digging on the MS technet site it seems that domain users is the primary group in AD for all users by default

if you go to the properties of a user object, select the 'member of' tab, you can then select one of the groups they are in and change the primary group there

all AD users need to have a primary group, AD won't let you have a user without a primary group

so this issue is not specific to domain users, but could affect any group membership as the primary group is not always going to be domain users

if only MS knew how to make a *real* ldap directory where group membership actually shows up properly on a user object and group object... but that would make our lives too easy...

and the windows guys wonder why I go on about edir so much...

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.