Hello -

Has anyone successfully set up a FileMaker Server running on Mac OS X that uses external authentication from a Windows domain? I realize that it would be much easier to run FileMaker Server on a Windows server since we have a Windows domain, but I don't have that luxury. The boss wants all new setups to transition to Mac, so I was given a Tiger (10.4.5) server and FMS 8.0v2 (Mac) CDs to work with. I don't think our domain server will change any time in the foreeseeable future, if ever.

Following the instructions in the tech brief on External Authentication, I had our domain admin create 3 user groups on the Windows domain for me: fmsadmin, fm-managers, and fm-entry. The "fmsadmin" group contains myself, the boss, and our 2 IT guys. The "fm-managers" group contains the "fmsadmin" group plus another domain user. The "fm-entry" group contains the "Domain Users" (everybody) group. In my FileMaker solution, I created the same 3 accounts, each prefixed with "MY_DOMAIN" and set for external authentication.

The Mac server is joined and correctly authenticating to the Windows domain, according to our domain admin. FileMaker Server is up and running, and the solution file is shared and visible via the FileMaker Network. The Server is set to authenticate users via FileMaker and External Server accounts.

If I understand the tech brief correctly, users who successfully log in to the Windows domain when booting their workstations should be able to open the FileMaker file without being prompted for credentials, since they have already been authenticated for the domain. However, I always get a UN/PW prompt when trying to access the file, and credentials for the Windows domain are not accepted. The *only* way I can access the file is by using the UN/PW for the FileMaker (internal) account.

Anyone have any ideas? :)

No, you misread the tech brief. SSO (Single Sign On - being able to open FM files without being prompted) works [color:purple]only in a completely Windows environment (Windows workstations, Windows FMS, Windows AD). In your scenario you will always be prompted.

But the windows credentials should work though. Did you try the different syntaxes:

- [email protected]

- domainuser.com

OSX has had a lot of trouble with making Windows authentication work, so check www.macwindows.com for more info.

Can you actually sit down at the FMS machine and log into the OS with a Windows AD account?

Oh. I thought FMS running on the Mac server was supposed to retrieve the UN from the FM client and then request groups from the domain server to which that UN belongs.

No, I can't log in to the Mac server with my Windows domain credentials in any format.

Then the AD plugin on the FMS machine is not set up correctly. If you can log into the FMS machine itself with an AD account then authentication from the clients will work too. But they will still get prompted.