Jump to content

Does External Authentication work for scheduled scripts?


This topic is 5258 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I'm trying to set up a scheduled script in FileMaker Server 10 on Snow leopard server 10.6.1.

I have Full-access Accounts using external authentication and am able to log in to the database with them using Filemaker Pro Advance 10. When I attempt to set up the schedual I can't get past the "Select a Database to Run the Script" page using any of the accounts that use external authentication, but I can get to the next page if I use a Full-Access account authenticated by fileMaker (i.e. the admin account.)

Is it even possible to use external authentication accounts for a scheduled script? Are FileMaker authenticated accounts required for Scheduled scripts? Is my database just corrupted?

Any insight would be appreciated. Thanks!

Link to comment
Share on other sites

Externally authenticated Accounts are supposed to be able to be used for running Server side scripts, so something is amiss here.

However this:

I have Full-access Accounts using external authentication

is [color:red]a significant security vulnerability. [Full Access] Accounts should not be externally authenticated. If a physical copy of the files were obtained, the Groups could be spoofed and the files would be compromised.

Try setting up an Account and Privilege Set within the files to run the server side scripts. See if that works. Then convert the Account to an external group.

Steven

Link to comment
Share on other sites

Thanks for the reply! It's nice to get confirmation that what I'm attempting to do should work. Do you know of any gating factors that might be causing this to fail?

You are correct about the security concern, the full access is not a final state of affairs, I was just using that setting to try and rule out any problems due to incidental access restrictions.

I am going to try some different privilege sets and see if I can get it to work.

Thanks!

Link to comment
Share on other sites

I did some testing and discovered that if I create a FileMaker Authenticated user with the same name as an externally authenticated user and set up the schedule, and then deactivate the user, leaving only the externally authenticated user, the schedule will function fine.

I can confirm that it is using the external account, because I can disable external validation in the "Client Authentication" in the Security tab of the Database Server section, and it the script fails as soon as its run due to user not being authenticated (error 212.)

This is not the worst workaround, but if I need to adjust anything in the schedule it wont let me get past step 3, "Select a Database to Run the Script" in the Schedule assistant unless I switch to a FileMaker authenticated user.

This sounds like a bug to me, but I want to try and figure out if I have a setup problem somewhere, and/or if there is anyway to fix it while I am still in the early stages of setting up this server.

Does anyone have any ideas?

Link to comment
Share on other sites

It does sound odd to me as well. If you have an internal account named the same as an external group and both are active, then the internal one will take precedence.

Do carefully check that group in file is [color:red]exactly identical to the group on the server or Domain Controller.

Steven

Link to comment
Share on other sites

This topic is 5258 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.