Home

Results 1 to 6 of 6

Thread: Netfolder Proxy user not working as documented?

Hybrid View

  1. #1
    Join Date
    Mar 2008
    Posts
    59

    Netfolder Proxy user not working as documented?

    Hello,

    We are using EDIR For LDAP. Part of our EDIR tree is synced to AD for File shares. I defined netfolder on an AD file server. I created a service account to use as the "Net Folder Proxy User." I gave Full Control file rights on the AD server folder structure to the proxy user service account.

    I defined a net folder to a share from the AD server to which the Proxy service account had full control.

    The proxy user test when defining the netfolder server reports success.

    I gave access rights to 3 users:
    an edir user who is synced to AD and is an AD Domain admin - "ADadmin"
    an edir user who has no AD presence or security - "EdironlyUser"
    a local filr user - "LocalFilrUser"

    There is a word doc in the net folder

    All the users can see the netfolder & word doc inside
    all the users can view the details of the word doc
    all the users can view the HTML view of the word doc
    the filradmin & ADadmin can download the word doc
    When the EDIRonlyUser & LocalFilrUser download a doc and open it, this as the content of the word doc :

    File error: Cannot execute [getContentLength] on the resource [70000\The quick brown fox jumps over the lazy dog.doc] - Access is denied

    There is also a sample PDF file in the net folder.
    The ADAdmin & Filr admin can download the file properly.
    The Edironly & localfilr users get broken PDFs.

    I even went so far as to grant Everyone full control file access to the ADserver file structure hoping that would make this work.

    Thanks for any insights,

    Frank
    Last edited by vodobaas; 17-May-2013 at 09:44 PM.
    Fdiaz

  2. #2
    Join Date
    Sep 2007
    Posts
    6,103

    Re: Netfolder Proxy user not working as documented?

    vodobaas wrote:

    > an edir user who has no AD presence or security - "EdironlyUser"
    > a local filr user - "LocalFilrUser"


    These two users would never be able to access the NF. The user has to
    exist in the LDAP source. Now, an AD user could share a file from a
    Windows server with one of these two users and that should work fine
    through the proxy user's rights. But the proxy user won't ever come
    into play for direct access.

    > All the users can see the netfolder & word doc inside
    > all the users can view the details of the word doc
    > all the users can view the HTML view of the word doc
    > the filradmin & ADadmin can download the word doc
    > When the EDIRonlyUser & LocalFilrUser download a doc and open it, this
    > as the content of the word doc :


    Honestly this behavior isn't what I expected as the EidronlyUser and
    LocalFilrUser shouldn't ever even seen the NF. Are you sure those
    users don't exist in AD at all?

    --
    Your world is on the move. http://www.novell.com/mobility/
    We know what your world looks like. http://www.novell.com/yourworld/

  3. #3
    Join Date
    Mar 2008
    Posts
    59

    Re: Netfolder Proxy user not working as documented?

    The LDAP source for our filr deployment is Edir. The NETfolder is on an AD file server. The Proxy user is an AD user account with file rights to the AD folder structure.

    Yes I am sure the edironly and local filr users don't exist in AD. I created them for testing - one in a dev portion of our Edir tree, and the local filr user is named "localFilrUser" and only exists in the filr system.

    Am I misunderstanding the documentation? I thought the whole point of the proxy user was to allow those without native rights to access files on network files structures?

    Section 5.1.2
    Purpose of the Net Folder Server Proxy User
    The Net Folder Server proxy user is used to read, write, create, and delete files on your corporate OES or Windows servers on behalf of users who do not have native rights to the files, but have been granted rights via a Share in Filr.
    For example, User A has native Read and Write access to a file on an OES server, and User B does not have any native access to that file. User A shares the file with User B in Filr and grants User B Read access. User B can now view the file within Filr because the Net Folder Server proxy user is giving User B the ability to read it, because of the Share. If User B tries to access the same file directly from the OES server, he does not have sufficient rights.
    Users with native rights to files do not use the Net Folder Server proxy user.
    Fdiaz

  4. #4
    Join Date
    Sep 2007
    Posts
    6,103

    Re: Netfolder Proxy user not working as documented?

    vodobaas wrote:

    > The LDAP source for our filr deployment is Edir. The NETfolder is on
    > an AD file server. The Proxy user is an AD user account with file
    > rights to the AD folder structure.
    >
    > Yes I am sure the edironly and local filr users don't exist in AD. I
    > created them for testing - one in a dev portion of our Edir tree, and
    > the local filr user is named "localFilrUser" and only exists in the
    > filr system.


    I'm honestly not sure how the edironly and local filr users are able to
    access the AD NetFolder then.

    > Am I misunderstanding the documentation? I thought the whole point of
    > the proxy user was to allow those without native rights to access
    > files on network files structures?


    This is only when *sharing* files. If I share a file with you the
    proxy user is used which means it doesn't matter if you have native
    file system access. However, just to be assigned to a NF directly and
    access it you must have filesystem rights (and also share rights if
    it's a Windows server) as Filr will authenticate to the backend file
    server as the actual Filr user. The proxy user is not used.

    --
    Your world is on the move. http://www.novell.com/mobility/
    We know what your world looks like. http://www.novell.com/yourworld/

  5. #5
    Join Date
    Mar 2008
    Posts
    59

    Re: Netfolder Proxy user not working as documented?

    Thanks for continuing the dialogue.

    So is there any way to grant net folder access to network resources for users who do not have an identity in the network (i.e. local filr users or OpenID users)?

    Judging by the answers so far, my guess is no.

    The only way to share with an non-network user is by sharing an individual file in the desktop client?

    With the anomalies we are experiencing, should I open an SR or is there no documented way to share a netfolder to a non-network user?

    Thanks again
    Fdiaz

  6. #6
    Join Date
    Sep 2007
    Posts
    6,103

    Re: Netfolder Proxy user not working as documented?

    vodobaas wrote:

    > So is there any way to grant net folder access to network resources
    > for users who do not have an identity in the network (i.e. local filr
    > users or OpenID users)?
    >
    > Judging by the answers so far, my guess is no.


    Your guess is correct--at least for now. This is one thing we're
    investigating though. In the meantime, users who exist in the
    particular LDAP source for that server can always share files in the NF
    with non-LDAP users.

    > With the anomalies we are experiencing, should I open an SR or is
    > there no documented way to share a netfolder to a non-network user?


    What you've described so far seems in line with current Filr design.

    --
    Your world is on the move. http://www.novell.com/mobility/
    We know what your world looks like. http://www.novell.com/yourworld/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •