
Horatio77
Members-
Posts
14 -
Joined
-
Last visited
Everything posted by Horatio77
-
Troubleshooting AD Ext. Auth.
Horatio77 replied to Horatio77's topic in oAuth and External Server Authentication
Thanks for the tips Wim. The event logs on the DC were indeed showing errors. I've been talking with the technician who deployed our Domain and FileMaker server system. Turns out we have two machines serving as DCs, and the groups weren't propagating between them properly. When the groups were manually created on both DCs then FileMaker's SSO worked as it should. Now we just have to get our DCs in order, but that's for another forum (and the technician we contracted to do it in the first place). Thanks for the help everybody. -
Troubleshooting AD Ext. Auth.
Horatio77 replied to Horatio77's topic in oAuth and External Server Authentication
I've taken a step forward, having successfully logged into my database using Active Directory credentials and SSO. Unfortunately it was by changing the FileMaker account group to 'Domain Users' (definitely NOT with [Full Access]). So at least I now know my problem lies with our AD groups rather than syntax or binding problems. I'll be turning to our IT contractor for some help now, but perhaps the following picture will show something amiss to those here familiar with AD. This highlights the group I want to authenticate. The 'Domain Users' group I logged in with resides in the 'Users' container at the very bottom of the console tree. I'm not sure which factors make one group work and not the other. I note that the 'Users' container is the same place Wim Decorte created his groups in the tech brief rather than something like the 'My Company/Groups' organizational units we have set up, perhaps that matters?. Also, the 'Domain Users' group is itself a part of the builtin 'Users' group and the 'CERTSVC_DCOM_ACCESS' group. My 'FMGraphics' group does not belong to any other groups. This is well above my head. I'll update when I finally crack this. -
Troubleshooting AD Ext. Auth.
Horatio77 replied to Horatio77's topic in oAuth and External Server Authentication
An excellent tip indeed. In fact I already have a script of this very nature as per your suggestion to others on this forum. Unfortunately, I've yet to get domain credentials to log me into anything in FM, so the script hasn't had a chance to show its utility on this problem (it's gotten plenty of use elsewhere.) -
Troubleshooting AD Ext. Auth.
Horatio77 replied to Horatio77's topic in oAuth and External Server Authentication
That was one of the first things I tried, along with including the 'Organizational Units' (folders?) from Active Directory. I didn't have any success, but may have switched the slashes or similar. MYCOMPANY in this case is our domain, which the 'whoami /groups' command includes to distinguish them from the client machine's local groups. Looking closely at the FM8 tech brief, the domain name appears to be excluded when calling an external group for authentication, which is why I went back to simply 'FMGraphcs' for my original example. 1) I am not involved with the FMS and DC deployment, and changing them is beyond the scope of my position. Perhaps after I show my boss how awesome I am by getting External Auth to work. Is there any reason this set up would interfere with authentication? 2) A quick check of the domain on the FMS host system via 'My Computer' properties reports a 'MYCOMPANY.LOCAL' domain. Being that FMS and the DC are currently on the same machine, is it possible for FMS not to be properly bound to the domain? 3) Thanks for the reminder about [Full Access]. I have been using that to make sure I don't have something unexpected in my privilege set to gum up the works. I'll make sure to apply a restricted privileged set once I get any domain account to work. 4) After a little digging I see that a Server 9 Tech Brief is available through TechNet. I don't have a subscription so I guess I'm out of luck there. Thanks for the pointers and reminders. It seems like I'm digging around the right places, I just need to keep at it. -
Troubleshooting AD Ext. Auth.
Horatio77 replied to Horatio77's topic in oAuth and External Server Authentication
It is unchecked. I'm prompted for credentials every time I open the database on both platforms. This is intentional on the Mac side, having denied FileMaker Keychain access for testing purposes. On the PC side, well, part of why I'm doing this is to get SSO working. In either case, I can only log into accounts specified directly in the database. None of the databases local accounts have names that overlap with domain users. I've noticed on the Windows machine it auto enters my domain long name in the 'user' log in field. I'm not sure it means anything, as it works with neither the short nor long anyway. -
I'm trying to implement external authentication via Active Directory for our Macs and PCs with 'Single Sign On' for our Windows clients. I've tried to closely follow the FM8_server_auth tech brief but domain accounts aren't yet working. I've tried to authenticate from a Mac not on the domain, but using domain credentials when prompted, and from a PC logged into the domain, both fail. All machines are on a local network. Some clients are on FMP8, though my test machines are using FMP10. Our Server: Windows Server 2003 sp2 FileMaker Server 9.0.3.326 Hosting FM database: 'Mydatabase' Client Authentication: FileMaker and external accounts File Display Filter: List all databases This machine is also the domain controller of: MYCOMPANY.LOCAL 'Mydatabase' Accounts: Account Group Name: FMGraphics Active: Yes Type: External Authentication Privilige Set: [Full Access] (Access via Filemaker Network (fmapp)) Client Example1: Windows XP sp3 Filemaker Pro 10.0v1 Domain: MYCOMPANY.LOCAL Group: MYCOMPANYFMGraphics Client Example2: MacOS 10.5.7 Filemaker Pro 10.0v3 Clearly SSO isn't working since I can't log in with domain credentials at all. I'm hoping it will fall into place once domain log in is functioning. Some questions: 1) The domain group is nested in a couple of organizational units. Does that matter to the database's account group name? 2) Is there a way in Windows to get the user's group name with the exact syntax FileMaker wants? The command line tool 'whoami /groups' on the PC reports: [Group 1] = ... [Group 9] = "MYCOMPANYFMGraphics" [Group 11] = ... While the group is listed with the domain here, my understanding is that the database account only needs the 'FMGraphics' part of the name. Is that correct? 3) Is there a FMP10 version of the external authentication tech brief? I'm frustrated because I'm not sure where even to look next. I've quadruple checked the the settings I know about, and the spelling / case of the group name, all of which I've tried to detail above. Thanks for any tips you guys may have. This is going to be totally easy, right?
-
Thank you. Yes, if Omits are always ANDed there is no reason to split them into multiple requests looking to get an OR. Simply using FM's natural AND in a single request makes sense.
-
Thanks. That looks pretty awesome, I'll check out their demo.
-
Hmm, indeed, for some reason I thought request "*a* *b*" wouldn't find "ba". Thanks for pointing that out. Perhaps you can help me with this too. It seems that FM has [OR] via 'New Request' and [AND][NOT] via 'Omit', but no unadorned [NOT]. 'Omit' always constrains, so [OR][NOT] is not an available search. Let's say I have three fields, 'Name', 'Day' and 'Done'. I want to search for: [NOT]Tom [OR] [NOT]Friday [OR] [NOT]Done In FM I might expect: First Request - Omit Table::Name Tom Second Request - Omit Table::Day Friday Third Request - Omit Table::Done Done If 'new requests' are a boolean [OR] I would expect a Venn diagram of the found set to be like the shaded part of OR NOT, but it instead appears to be an AND NOT. To get FM to do that search as an OR NOT I think I'd have to add: Fourth Request - Find Table::Name Tom Table::Day Friday Fifth Request - Find Table::Name Tom Table::Done Done Sixth Request - Find Table::Day Friday Table::Done Done Do I have this right?
-
I understand that there are many avenues for failure in trying to recreate the search tool, but there a few features I'd like to have (though I may not need), that compel me to try. 1) I don't want the search process or its results to take the user away from their current record or 'location'. A bit like Apple's Spotlight, not the 'as you type' aspect, but that it's always available and never takes you away from your data. 2) I'd like the user to be able to search most fields without showing them most fields. e.g. some kind of dwindling lists. 3) I'd like value lists during searches that are different than during data entry. Before I can even try to implement my own version of search, I really need to get my head around FM's native version. To your comment on searching paragraphs, I don't actually expect to do that much. As an example, however, it demonstrates that a logical [AND] operation on a single field seems to require iterative queries with 'Constrain Found Set'. This has performance implications over a network, and gets very complicated if you throw an [OR] in like I did in the first example. Logical [OR] is pretty straight forward, using 'New Record / Request', except when used with Omit, where they get fused to become [AND][NOT], rather than being strictly one or the other. 'Exclusive or' [XOR], has me stumped. I looked at the help files quite a while ago, but perhaps I should give myself a refresher.
-
I'm trying to better understand complex searching in Filemaker 10, specifically if and how it maps to Boolean sets. Let's say I have a database with 20,000 records each with one field containing a random paragraph of text. How would you suggest I search that field using the normal search interface for arbitrary combinations of values. For instance: ("*a*" [AND] "*b*") [OR] ("*c*" [AND] "*d*") Or: ("*Super duper*" [OR] [NOT] "*b*") [OR] ! Or perhaps: ("*Young*" [AND] "*Tom*") [XOR] [NOT] "*Fred*" Producing Boolean operations is oddly wrapped up in 'New Record / Request', 'Constrain / Extend Found Set' and 'Omit' in ways that have non obvious implications. I'm stumped on how to handle parenthetical [AND] and [OR] queries like the first example. Perhaps there are better ways for me to think about searching? My ultimate goal is to build a custom search interface for my company's job tracking database, but I don't want to lose the power of the default interface. It will be hosted on a FM9 server and accessed via FM10 clients. Are there other resources you guys like that go into detail about Filemaker searching?
-
Hello, I'm new here, let me know if this question is out of place. My company has an order tracking database. I don't use much of it, except its 'Time Tracking' table, which has an interface poorly suited to my needs. I've been given permission to create a separate database to design my own interface as long as it adds little to no extra work for the DB admin. My DB will have no real data, it's just an external window to 'Time Tracking'. 'ORDERS' has a script, 'Submit Time', that adds billing codes and costs which are updated occasionally by the admin. I would like to execute that script from a portal in my database. I have gotten half way there with a script that jumps to 'Time Tracking' and back again, but I'm not happy with it; Go to Related Record [show only related records; From Table: "Time Tracking" ; External; Using layout: "Enter Time & Notes" (Time Tracking); New Window] Perform Script ["Submit Time" from file: "ORDERS"] Close Window [Name: "Snap Pop"] This script works but has three clear problems: 1) A new window flashes across the screen 2)If any fields in my portal are active at execution, the script throws 'In Use' errors 3) There is no unique record ID field in the 'Time Tracking' table, limiting some options So my questions are: 1) Can I elegantly avoid flashing a new window?Perhaps by somehow: 1b) Executing an external script through a local layout? 1c) Executing an external script in a hidden window without bringing it forward? 2) What's the best way to exit an active field in a portal, but keep the row active? 3) Is a lack of unique record ID actually a problem? 4) Am I going about this all wrong? My hands are pretty tied on the 'ORDERS' side of things. I appreciate any thoughts you have. -Max
-
One more little thing. I've made a note of how far away I have to scroll before the bug manifests. It's related to how many records I can actively see in list view. If I make my window very small, and can only see 3 records and then scroll the active one 4 records away from view, fields in the header and footer from that record will exhibit the bug. When I expand the window so that I can see 10 records, I must then scroll the active record 11 steps out of view for the bug to show. Its becoming more clear to me that this is mostly a rendering bug, data is not being corrupted as far as I can tell. It can, however, make data entry very hard or impossible. Pop up menus will show nothing at all, making them totally broken, while a regular field will let you type.
-
I'm having the same issue I think. After I scroll away from the active record in list view, if I select a field with the mouse, in either the header or footer, display of data in that field blanks to white (no mater the fill attributes). I can still modify data with the keyboard, but the field stops responding visually. If I use the arrow keys while in the field the display of data will refresh, but I still can't use the mouse to select anything. Interestingly, if I have the field set to display a 'drop down list', it always forces the active record into view. This apparently allows the field to function properly. Though I don't know why a 'drop down list' modifies the list view while a 'pop up menu' doesn't. Moreover, if a 'drop down menu' has the option selected to 'include arrow to show hide list', it will not move the list view and thus leaves the field display borked. MacOS 10.5.6 Filemaker Pro 10.0v1 I'll come back when I learn more. This could ruin a lot of development for me if I can't figure it out.