Jump to content

AD external authentication problems


This topic is 6967 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Hello,

I've looked through about every post concerning this issue and can't seem to find what I'm looking for.

Here is my problem:

We use windows Active Directory, and let's say for example that it has a dns/domain name of example.net

however, it has a netbios name of XMPL

I have server 7 / server 7 advanced ( tried with advanced and without )

installed on a Windows Server 2003 box. They have been fully patched.

The server shows up in the hosts listed by LDAP just fine, with the correct dn.

Its the authentication that doesn't work.

I have created groups in the domain and added domain users to them and it won't authenticate. After that didn't work, I tried a local group with the same name but with our domain account names added to it. I've tried pointing the external authentication group at an OU where the users reside instead of a group, just for kicks. I'm really lost here.

I've also looked at the Security Event logs on the server, and one time it tried to log in as user@XMPL, which is bogus and would never work.. its like it is being misinterpreted, and/or the domain example.net isn't being detected by filemaker's authentication.

Yes, the server is part of the domain. Yes, it is set to external authentication. If I make an 'fmsadmin' group on the local machine and add any domain accounts to it, it won't authenticate the domain accounts, but it will authenticate any local computer accounts ( I juse use the administrator local account in the fmsadmin group to log in to the server currently. )

I went further to try and install FM7Server fresh for the extra options it gives about authentication to domain accounts, and then installing the patch again.

any info or ideas anyone can give are appreciated,

Nick

Link to comment
Share on other sites

  • Newbies

I have passed through what you have descriped here for the past two days, I have similar setup like yours, and authentication was not working although the FileMaker server was registered successfully in the AD. What resolved the problem is downloading and installing the latest update for FileMaker Server from www.filemaker.com, it looks like they resolved those problem in that patch.

After restrating the windows box the authentication is working fine for both the administrator and the clients. I can now define access in databases based on user groups in Active Directory and it is working fine. My only problem now is how to define access for certain users, not for groups, and I'm still searching this forum for an answer.

good luck

Yasser

Link to comment
Share on other sites

I don't believe you can authenticate to just a domain user, there would have to be a group. When we get this working, we'll have a group for just about every database solution, and then the admin groups.

Btw, our Active Directory is not alone, it is sort of married to LDAP and we run both. Our next try will be making groups in LDAP itself, and ignoring AD for the most part.

Link to comment
Share on other sites

Hi,

I am new to this forum but thought I'd post my info as well.

I have FM7 Server Adv on OSX Server 10.3.8. Server is 'bound' to the network and I can walk LDAP and AD fine. I called FileMaker support and spoke with a tech. We looked at all the settings in the DIRECTORY SERVICE portion of the CONFIGURATION tab. All was good but still did not work. Then the tech finally revealed that 'they at FileMaker' have not been able to make this work.

Has anyone been able to get FM7 Server on OSX to authenticate using LDAP?

Link to comment
Share on other sites

This topic is 6967 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.