Jump to content




Shortname Only

Started by Earl Squirrel, Nov 17 2011 01:47 PM


  • Please log in to reply
3 replies to this topic

#1 OFFLINE   Earl Squirrel  novice

Earl Squirrel
  • Members
  • 11 posts
  • FM Client:10 Advance
  • Time Online: 9m 19s

Posted 17 November 2011 - 01:47 PM

Folks

I am setting up a new server (FMSA 11.0.4.404) on a 10.7.2 (client OS) on a brand new machine. I have set the server to authenticate using external authentication via the Directory Utility against a 10.6.4 Open Directory Server. The only hiccup is that it will only authenticate the users, when they use their short names not their Full Names. I have double checked that all the groups are lowercase and they have no spaces in their names. I have checked to make sure they are all spelled the same. I have checked that the Directory Editor (on the very same machine) can authenticate via the Full Name (realname) I have used external authentication since it came out  (5.5, I think - but the mind fails me sometimes) and have never run into this problem, in fact our production server (that hopefully will be replaced by this new one) is authenticating fine against this very same OD Master - however it is running on 10.6 OS not 10.7. Any clues?

Update:  it appears that local users (ones created in the OS) are also deaf to the RealName. I setup some local users and groups and they also can only log in under their short name as well. Does anyone have Server 11 running on Lion, with external authentication to something other than Active Directory?

Vince Dolan

#2 OFFLINE   Steven H. Blackwell  Humble Servant

Steven H. Blackwell
  • Moderators
  • 4,388 posts
  • FM Client:12 Advance
  • Platform:Cross Platform
  • Skill Level:Authorized Trainer
  • Certification:7, 8, 9, 10, 11
  • Membership:FileMaker Business Alliance, FIleMaker Platinum Member
  • Time Online: 3d 17h 15m 45s

Posted 17 November 2011 - 04:34 PM

Then short name is the one that must be used.  It is what the OD Domain Controller returns to FileMaker Server.  However in OSX, the search path always starts on the local machine and then goes up the OD tree.  So, do not put local Groups on the local machine if you're using a Domain Controller.

Steven
Steven H. Blackwell
Platinum Member Emeritus, FileMaker Business Alliance
Platinum Member, FileMaker Business Alliance (2007-2011)
Partner Member, FileMaker Solutions Alliance (1998-2007)
Partner Member, Claris Solutions Alliance (1997)
FileMaker Certified Developer 7|8|9|10|11
FileMaker Authorized Trainer 9|10|11
_ _ ____________________________ _  _
http://www.fmp-power.com
http://www.filemakersecurity.com

#3 OFFLINE   Earl Squirrel  novice

Earl Squirrel
  • Members
  • 11 posts
  • FM Client:10 Advance
  • Time Online: 9m 19s

Posted 18 November 2011 - 12:18 PM

Steven

Thanks for the info, I can verify that pre -10.7 installs of FMSA 11v1-v4 all authenticate against Full Name (At least against OD 10.3-10.6) - I guess either Apple or FMI closed the loop hole with lion. We just threw all the user's full names into the OD Master via Work Group Manger's short name array and all is well. BTW I was only using a local user for testing purposes. Thanks again.

Vince Dolan

#4 OFFLINE   smishler  novice

smishler
  • Members
  • 31 posts
  • FM Client:11 Advance
  • Platform:Mac OS X Snow Leopard
  • Skill Level:Intermediate
  • Membership:TechNet
  • Time Online: 9h 48m 34s

Posted 24 January 2012 - 01:17 PM

Vince,
Where you write "We just threw all the user's full names into the OD Master via Work Group Manger's short name array and all is well." does that mean that you added the user long name as a short name and FM Server then accepted the long name (acting like a short name)?  Thanks.
Shawn Mishler
Back to External Server Authentication


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

FMForum Advertisers




  1. FMForums
  2. FileMaker Server Administration
  3. External Server Authentication
  4. Terms of Service