Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About kailou

  • Rank

Recent Profile Visitors

1,209 profile views
  1. Yeah, local groups with OD/AD/OpenLDAP accounts works great. Never had an issue until 13.0.2. I'm still trying to resolve this, though I've reverted to 13.0.1 and tabled my troubleshooting for the moment. "- on Windows, when the machine is a member of the domain, local accounts and groups will be ignored" Nah, I've got a mix of AD users and groups added to local groups, then its the local groups that are used for EA - FMS on Win machine. Don't know about local users within those local groups, though I can't see why those wouldn't work as well. RE: FMS and OD-only. I believe this
  2. OpenLDAP as mentioned originally, not Apple's OD. Its an openldap directory on Linux servers on our campus network. I changed to OD because that was the way you seemed to be referring to the openldap directory in shorthand. I'm sorry if that was confusing. As mentioned above, I am not running Open Directory on any of my Apple machines. I tried running Open Directory and it had issues in a 'golden triangle' sort of environment on our network. How did I establish that things changed? First off, openldap auth worked under 13.0.1 and then fails under 13.0.2, with no other elements in the
  3. eh, not so quick, that was only part of the equation. Got the GSSAPI thing resolved, but still not authenticating. Ldap appears to be responding correctly, but FMS appears still not to be getting the info it needs…. *sigh*
  4. Ha! OK, I now know why its failing, but I don't have the fix just yet. My open directory logs weren't quite as verbose as I thought they were. I set that to debug level and suddenly got a whole lot more information Turns out that 13.0.2 has changed the way it hands off its authentication request to the OS, or in how it identifies itself to the OS, and as a result it attempts only a 'simple bind' to openldap with basic authentication; I need it to do GSSAPI. 13.0.1 actually properly followed the correct OS auth chain and would make the needed GSSAPI bind. I just now need to figure out ho
  5. Yes, FMS is bound (anonymous) to the OD. I don't have access to modify the OD, thus the local groups. I'm in a campus environment and the OD is hosted at the university level. Very convenient for many local uses. Yes, in general the OS behaves just as you mention - it checks available auth methods and returns the necessary info to authenticate. Ldap search does, in fact, return the local (non-OD) groups that OD users are a member of. All the users for my FileMaker databases are OD users, none of them are local OS users. Yep, the whole 'golden triangle' config is tricky, but I've
  6. OpenLDAP users in local groups. 'Local' meaning the group is a system level posix group, not Open Directory. Open Directory is not running on the FMS machine. Users are all kept in an openldap directory elsewhere on the network. I add my users from openldap into the local groups on the FMS server machine. I then add the appropriate group to my FM databases for EA. The only time I've used a local posix user in a local posix group was as a troubleshooting measure to see if EA broke completely or if it broke only for the openldap users. Only the openldap users fail EA under 13.0.2. This
  7. Thanks, Wim. We can absorb small windows of downtime to test further if I had some additional things to try. I've spent 2 full days already trying to troubleshoot 13.0.2 in various ways before reverting to 13.0.1. If you have some ideas of things to poke at, I'm all ears. One thing that would be helpful would be some way to get FMS to generate verbose debug logs that would show all the steps it is taking in the EA process - I see no way to tell FMS to do this, so the FMS logs are currently not helpful. My system level logs are already verbose and they show nothing. So, I've been troubles
  8. Hey, don't knock the 'friendly guy'! ;-P No, have not escalated the issue. The friendly guy suggested the same, but that would be at a high rate for that support call and I'm too cheap for that call just yet. I'm not yet convinced that I've exhausted the existing user group knowledge base on the subject. I'm really hoping someone out there has come across something similar and can offer that one little nugget that would nudge me in the right direction.
  9. Issue: Update from FMS v13.0.1.224 to breaks external authentication of openldap users in local groups on OSX Server 10.8.5 I should note upfront that my FMS is currently working again only because I've reverted to the previous version - 13.0.1. I was unable to resolve the problem with 13.0.2. I'm tossing this out to the community to see if anyone else has seen this issue and if they've found a fix. My Environment: OSX Server 10.8.5 running on a mini. Current Installed Version FMS: OSX is bound to an openldap server on our network. This has been happily providing a
  10. Like many I have also been struggling with this. I spent a day on it and finally have FMS working AND OSX Server (10.8.x) web services (including wikis). I just got it working so there may be issues to still work out. What I did is a twist on Goetch's solution. DISCLAIMER: I'm providing this info purely as a case study; I would not recommend doing this in a production environment; if you choose to try this you do so entirely at your own risk, I am not responsible in any way. I'm hoping others will be willing to try this and return here with their findings. I'm using named virtual hos
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.