File Director DFS Enumeration

Version 3

    Verified Product Versions

    AppSense DataNow 3.6AppSense DataNow 3.5AppSense DataNow 3.0AppSense DataNow 2.0AppSense DataNow 4.0AppSense DataNow 4.1AppSense DataNow 4.2AppSense File Director 4.3

    Introduction

    File Director supports V1 and V2 domain-based DFS namespaces; a brief description of how DFS enumeration works and what to look for in server logs is given below.

    Note: Standalone DFS Namespaces are not supported. A workaround for this configuration is to target the map point directly at the folder target (file share)

    Detail

    In order to provide support for domain-based DFS, the DataNow server must enumerate the contents of a domain's DFS structure and create an in-memory map of all DFS links that might be required when a user with a DFS map point configured logs in.

     

    This enumeration is performed every 5 minutes by performing a request against each domain controller in the list of configured domain controllers and can be seen in DataNow server logs by looking for lines similar to the following:

     

     

    INFO [31 Mar 2015 07:00:45,185] [orcaScheduler_Worker-2]- DfsResolver.addDomainMap(563) | Found v1 map for data on MK.support.local

    INFO [31 Mar 2015 07:00:45,197] [orcaScheduler_Worker-2]- DfsResolver.resolveAllDomains(711) | Took 237 ms for building for MK

    ...

    INFO [31 Mar 2015 07:05:45,120] [orcaScheduler_Worker-1]- DfsResolver.addDomainMap(563) | Found v1 map for data on MK.support.local

    INFO [31 Mar 2015 07:05:45,144] [orcaScheduler_Worker-1]- DfsResolver.resolveAllDomains(711) | Took 202 ms for building for MK

     

    Note: DFS lists for multiple domains, or even multiple lists per domain (e.g V1 and V2) can be stored simultaneously.

     

    When an end-user who has a DFS map point configured logs in to a DataNow client, the following line is written to the server-side logs which shows the SMB path for a given DFS target being retrieved from the in-memory map:

     

    INFO [13 Apr 2015 09:18:11,886] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(209) | mapped DFS path: '\\mk-2k8-dfs\Share' from \\mk-dc1.mk.support.local\\data\share

     

    In this example a domain based DFS link (
    \\mk.support.local\Data\Share
    ) was configured as a map point. When a user logged in who had access to this map point, the DFS path
    \\mk-dc1.mk.support.local\\data\share
    is converted to the resultant SMB share \
    \mk-2k8-dfs\Share
    . The primary domain controller is pre-pended to the DFS path to indicate which domain controller was queried for the DFS mapping.

    With '

    DEBUG
    ' level logging enabled (TN-151590), the lookup of the SMB path for a given DFS target from the in-memory map can be seen when a user logs in. Note: The '
    INFO
    ' line below is all that is seen with regular logging enabled:

     

    DEBUG [13 Apr 2015 09:18:11,860] [http-apr-127.0.0.1-8081-exec-15]- DocumentServiceDelegate.getFromPath(1056) | Looking up DFS

    DEBUG [13 Apr 2015 09:18:11,861] [http-apr-127.0.0.1-8081-exec-15]- SMBFilesystemAdapter.getSMBUriForPath(1728) | Old path: /DFS

    DEBUG [13 Apr 2015 09:18:11,861] [http-apr-127.0.0.1-8081-exec-15]- SMBFilesystemAdapter.getSMBUriForPath(1729) | Relative path: /

    DEBUG [13 Apr 2015 09:18:11,862] [http-apr-127.0.0.1-8081-exec-15]- SMBFilesystemAdapter.getSMBUriForPath(1730) | New path : \\mk-dc1.mk.support.local\\data\share

    DEBUG [13 Apr 2015 09:18:11,863] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(125) | PATH to resolve: \\mk-dc1.mk.support.local\\data\share

    DEBUG [13 Apr 2015 09:18:11,863] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(133) | Entered to map dfs path ; path to resolve is \\mk-dc1.mk.support.local\\data\share

    DEBUG [13 Apr 2015 09:18:11,864] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(138) | Domain token: mk-dc1.mk.support.local

    DEBUG [13 Apr 2015 09:18:11,868] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(159) | DFS root is : data

    DEBUG [13 Apr 2015 09:18:11,881] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(179) | Final path to match : \\mk-dc1.mk.support.local\\data\share

    DEBUG [13 Apr 2015 09:18:11,882] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.isValidPath(590) | Priority class for \\mk-2k8-dfs\Share :siteCostNormal

    DEBUG [13 Apr 2015 09:18:11,882] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.isValidPath(598) | \\mk-2k8-dfs\Share is online

    DEBUG [13 Apr 2015 09:18:11,883] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getBestServerPath(629) | Priority rank for \\mk-2k8-dfs\Shareis 0

    DEBUG [13 Apr 2015 09:18:11,884] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getBestServerPath(630) | PriorityClassValue for \\mk-2k8-dfs\Shareis 2

    DEBUG [13 Apr 2015 09:18:11,884] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getBestServerPath(652) | Choosing the first best share to connect to

    DEBUG [13 Apr 2015 09:18:11,885] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getBestServerPath(654) | The best server path is \\mk-2k8-dfs\Share

    DEBUG [13 Apr 2015 09:18:11,886] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(200) | DFS Path maps to \\mk-2k8-dfs\Share

    INFO [13 Apr 2015 09:18:11,886] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(209) | mapped DFS path: '\\mk-2k8-dfs\Share' from \\mk-dc1.mk.support.local\\data\share

    DEBUG [13 Apr 2015 09:18:11,887] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(125) | PATH to resolve: \\mk-2k8-dfs\Share

    DEBUG [13 Apr 2015 09:18:11,888] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(133) | Entered to map dfs path ; path to resolve is \\mk-2k8-dfs\share

    DEBUG [13 Apr 2015 09:18:11,889] [http-apr-127.0.0.1-8081-exec-15]- DfsResolver.getMappedDFSPathForListing(138) | Domain token: mk-2k8-dfs

    DEBUG [13 Apr 2015 09:18:11,892] [http-apr-127.0.0.1-8081-exec-15]- SMBFilesystemAdapter.getSMBUriForPath(1754) | Resolved path is: smb://mk-2k8-dfs/Share

    File Director also supports Access-based enumeration for DFS V2 namespaces, where enabled in DFS. This requires that port 445 be accessible to namespace server (s) from the File Director appliance in order to return the filtered view. If this port is not open to the namespace servers, but is to the file server hosting the share(s), an unfiltered view will be returned.