http://fmforums.com/forum/showforum.php?fid/175/Configuring and administration of FM Server using Active Directory & Open DirectorynoneTue, 27 Jul 2010 20:30:06 GMTTue, 27 Jul 2010 20:30:06 GMThttp://blogs.law.harvard.edu/tech/rssFusionBB 3.0 FINAL (www.fusionbb.com)http://fmforums.com/forum/showtopic.php?tid/215881http://fmforums.com/forum/showtopic.php?tid/215881
We just bought a Mac Mini Server and it's my first experience with Mac. I'm having trouble to authenticate using external authentication.

I enabled external authentication for the Admin Console of FMS11 and for the hosted files.

Concerning the admin console, the external group is recognized.

Concerning the FMPro clients there are all on XP. I want the user to be able to use the Single Sign-On capabilities.

So here are the configs :
- Active directory on Windows Server 2003 Standard
- FMS11 on Snow Leopard
- FMPro on XP

Thanks ]]>Tue, 27 Jul 2010 20:06:42 GMThttp://fmforums.com/forum/showtopic.php?tid/215846http://fmforums.com/forum/showtopic.php?tid/215846
My local office has 10 computers; 50 computers (include oversea offices)

Local office all have access to a Shared Drive/Folder S.

I installed Filemaker Pro 10 Adv. to the Drive S.

I want all 10 computers to be able to run Filemaker. It did not work. I get "Error: This application has been installed incorrectly or modified by another program. Please run the installer to get a fresh copy of the application after determining the cause."

So, do I need to independently install a Filemaker onto every computer? (do I need to buy 50 CDs or 1 CD installed onto multiple computers?)

Web Publishing still requires some loading; I want Filemaker to work offline so it would be even faster. ]]>Mon, 26 Jul 2010 16:24:58 GMThttp://fmforums.com/forum/showtopic.php?tid/215165http://fmforums.com/forum/showtopic.php?tid/215165
1) Our master open ldap server is on a mac 10.5.8 server.

2) We have a 10.4.8 server running FMS 10 adv. This machine is connected to our master directory system and is authenticating external accounts correctly in our FM solutions both native and web.

3) We installed FMS 11 adv on a 10.6.3 server. It is also connected to the open ldap master. (a terminal window with id account_name returns the correct information). The FMS 11 adv console has been set to allow FM accounts and external accounts in the security tab. However when trying to open a remote solution our external accounts fail.

4) If we can resolve the external authentication problem on the 10.6.3 server we can shutdown the FMS 10 adv machine. As it stands we have a product thats not usable as it would take far to long to add groups and individual accounts to every solution.

5) I have also just uninstalled everything from the 10.6.3 server and installed on a 10.5.8 directory replica. The results are the same authentication failures

http://fmforums.com/forum/showtopic.php?tid/214672/
this article above provides excellent detailed information on the topic, however after verifying each point was complete our external authentication still fails.

]]>Tue, 08 Jun 2010 22:11:21 GMThttp://fmforums.com/forum/showtopic.php?tid/215045http://fmforums.com/forum/showtopic.php?tid/215045
I'm attempting something that might be utter madness, but seems reasonable (famous last words, I bet): running FM Server Advanced 11 on a Windows Server 2003 machine, with LDAP authentication against a Mac OS X Open Directory server. This arrangement has been fine on FMS10 running on a Mac OS X machine, but although the admin console on Windows FMS11 says the directory service is configured correctly, when clients try to log in, no external authentication takes place.

I'm a bit stuck, and of course the nice people at FM tell me this is an OS level problem so not for them to solve. Can anyone else? Is this theoretically possible? I haven't yet found anything to say it's not...

Thanks in advance for any help you can offer. ]]>Tue, 01 Jun 2010 14:24:27 GMThttp://fmforums.com/forum/showtopic.php?tid/214672http://fmforums.com/forum/showtopic.php?tid/214672
It has come to my attention from several venues in recent days that any number of developers, IT Administrators, and “power” users are having difficulty understanding and in configuring External Server Authentication of accounts with various versions of FileMaker Server.

Here are a few key points to keep in mind:

1. External Authentication removes the credentials information (Account Name and Account Password) from within a FileMaker Pro file and transfers it to FileMaker Server. This allows multiple different FileMaker files to use the same single set of credentials.

2. Inherent in this process, and central to it, is that the Accounts on the server must be arranged into groups. Further there must be matching Groups within each FileMaker pro file. These Groups must match exactly, and they are the linchpin for this process’ working correctly.

3. Use lower case names for groups, and do not use spaces or unusual high ASCII characters. For example, fmsalesreps and fmitmanagers are good Group names. This is especially important for Macintosh OS X deployments.

4. Server based Accounts and their Groups can be in any one of three different places: on the local FileMaker Server, on an Active Directory Domain Controller, or on an Open Directory Domain Controller.

5. In the Admin Console of FileMaker Server, select the option to authenticate using FileMaker and External Server Accounts. (ConfigurationàDatabase ServeràSecurity is where this option is found.)

6. External Server Authentication has nothing whatsoever to do with LDAP configuration found in the Directory Service section of the FileMaker Pro clients tab in the Admin Console.

7. FileMaker Server supports Active Directory and Open Directory Domain Controllers as locations for placing Accounts and Groups in addition to FileMaker Server itself. Other so-called generic LDAP servers are not, repeat not, part of this equation. FileMaker Server does not support these generic LDAP servers for external authentication purposes.

8. Do not use External Server Authentication for Accounts with [Full Access] privileges. This is a security vulnerability.

9. There are three useful White Papers on this topic found on the FMI web site as well as some videos at VTC about External Server Authentication. The three White Papers are the ones on Server, on Security, and on External Server Authentication. http://www.vtc.com/products/FileMaker-Server-9-tutorials.htm and http://www.vtc.com/products/FileMaker-Server-10-Tutorials.htm are the VTC sites. Stay tuned for updates there. Wim Decorte’s videos are better than mine, so look at his if you have only one choice.
]]>Thu, 06 May 2010 17:24:38 GMThttp://fmforums.com/forum/showtopic.php?tid/214379http://fmforums.com/forum/showtopic.php?tid/214379
Currently they have about 40 users and I have a FileMaker file that houses all of their signons and passwords (used with POP3it)

I have just changed FileMaker to authenticate via their Active Directory which works well so I can use Get(Account Name) to see who logs in, but I can’t figure out any way to pass on their password to POP3IT so they can download email.

Every so often users have to change their passwords and then we have to update in the FileMaker staff table and I want to do away with that so it’s all done via the Active Directory.

Any ideas how this can be achived?
]]>Sun, 18 Apr 2010 02:47:54 GMThttp://fmforums.com/forum/showtopic.php?tid/213713http://fmforums.com/forum/showtopic.php?tid/213713Integrated Windows Authentication can be made to work with Instant Web Publishing or not.

It hasn't in the past, but realize the product is constantly being enhanced or 'workarounds' are made?

Use would flourish here if this could be accomplished.
]]>Mon, 08 Mar 2010 22:42:21 GMThttp://fmforums.com/forum/showtopic.php?tid/213624http://fmforums.com/forum/showtopic.php?tid/213624
I have a Windows 2003 server / XP workstation /Filemaker Server 10 network, single domain. All latest patches are regularly applied to servers, workstations and the FMS. FMS is intalled on a member server machine (no AD on that machine).

There are two DCs on the network (two servers containing AD and replicating to each other). The network works fine in all respects and all software is also working fine. However, client Filemaker Pro 10 machines fail to authenticate under the following conditions:

- Upon restarting one of the DC servers (which does not make any sense, as FMS could use the other to reach AD; in fact, users can restart their machine and logon to the network without one of the DC servers, using the other to authenticate). Users who are logged on to the domain and to FM (Filemaker database is open) when this happens, do not loose their connection to the database. They can work as usual. The problem is for users who do not have FM database open, or if the user close the database and tries to reopen it.
- Upon restarting the FMS machine without restarting the DCs (sometimes FM authentication works after waiting several minutes - more than 15 minutes)

Users are logged on to their machine as Users, not as Administrators. We have tried with new Windows 7 workstations and the problem remains (it down not seem to be an issue of the workstation OS).


This problem did not happen using FMS 9, on the same machines, same users, same AD FM groups, same database and identical authentication mechanism and opener file, on the same network. It seems to be an issue of FMS 10 (it happened with FMS 10 v1 and it also happens with the latest patch applied).

I have seen some post with similar problems. Any ideas on how to solve it? It is really annoying to have to tell users to wait 20 minutes to use the database, or have to restart server several times because we are not sure what is going on.

Thanks in advance ]]>Wed, 03 Mar 2010 08:37:41 GMThttp://fmforums.com/forum/showtopic.php?tid/213375http://fmforums.com/forum/showtopic.php?tid/213375
I have been looking at this all day and can't seem to find a solution.

We have two Filemaker server, one on Windows and one on Mac OS X Server 10.4.11. I have got the external authentication working perfectly on the databases hosted on the windows server but cannot find how to use the AD server for the Mac OS X server.

Not sure if this is the correct procedure, but I have tried to Bind the OS X server to AD using the Directory Access utility, but I keep getting an error "unable to access domain controller. this computer is unable to access the domain controller for an unknown reason"

In windows all I had to do was set the service to authenticate to AD. How do I achieve the same thing on Mac OS X Server or FMSA 10 on mac os x.

Any help would be greatly appreciated.

Thanks in advance

ZP
]]>Fri, 12 Feb 2010 08:45:00 GMThttp://fmforums.com/forum/showtopic.php?tid/213335http://fmforums.com/forum/showtopic.php?tid/213335
We have a production server, and we will have a testing server.

Is there a way - without having active directory involved(as we do not have a domain controller) to have the users from our test server authenticate to the production server so that we do not have to maintain two separate lists?

Is this possible, and if so, any thoughts would be greatly appreciated. ]]>Wed, 10 Feb 2010 16:47:09 GMT