Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

External Authentication - need help!

Versetti

By Versetti
in FileMaker Server 11

 Share

This topic is 7469 days old. Please don't post here. Open a new topic instead.

Recommended Posts

  • Newbies
Versetti Newbie

Versetti

Posted
  • Newbies
Posted

We are trying to run FM server 7 on a Windows 2003 Server in a 2000 AD domain. I tried to setup external authentication with no luck.

When we try to login a database, with a user in a group defined on the domain, we do see a login attempt (successful) to the network, however filemaker comes back with a error message not allowing the user access to the database. Even if its full permissions.

In contacting Filemaker tech support, they told me the domain group the user was apart of had to be A) a member of "login as a service" on the domain controller policy and : A Administrator of the machine filemaker server resides. Needless to say, I think Tech support is crazy. Surely it cant have those requirements, thats horid security. I told the tech, the above was not going to happen, find me a solution. Im on call back atm, but I doubt the'll even call back after how much grief I gave him over the above.

How have some of you got this to work? Has someone got external authenication to run on a 2003 server without doing the above? Or 2000?

Thanks

The Shadow Experienced

The Shadow

Posted
Posted

I agree - that's crazy, we had one setup in our office, and neither A) nor : were true.

Are your filemaker accounts setup properly? Each file needs to be setup (in FM7) to use External Authentication in Accounts/Privs, and the group name for the domain is used in place of the account name. [When each user logs in, their real account name is set after approval from the domain].

I read something about this somewhere that said nested groups (?) don't work well (might have been talking about Open Directory?). Sorry, I don't know much about that end.

  • Newbies
Versetti Newbie

Versetti

Posted
  • Author
  • Newbies
Posted

The database has:

Account-----Type-----------------Priv Set

Salesman--External Server---Sales

Domain has:

Salesman - Domain global Group

We login as "Bob" (example), whose a member of salesmen for example. On the FM server, I see under event view/security that "Bob" has successfully loged in the network.

Gonna try some things with the priv set.

  • Newbies
Versetti Newbie

Versetti

Posted
  • Author
  • Newbies
Posted

I loaded a Windows 2000 SP4 machine out of the domain with FM7 server, and used local groups. It works fine without any setings as mentioned above.

Its a 2003 server, or a domain issue. Going to try to add that computer to the domain and do further testing.

This topic is 7469 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept