Jump to content

Cross-platform External Authentication


This topic is 6587 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Hello -

Has anyone successfully set up a FileMaker Server running on Mac OS X that uses external authentication from a Windows domain? I realize that it would be much easier to run FileMaker Server on a Windows server since we have a Windows domain, but I don't have that luxury. The boss wants all new setups to transition to Mac, so I was given a Tiger (10.4.5) server and FMS 8.0v2 (Mac) CDs to work with. I don't think our domain server will change any time in the foreeseeable future, if ever.

Following the instructions in the tech brief on External Authentication, I had our domain admin create 3 user groups on the Windows domain for me: fmsadmin, fm-managers, and fm-entry. The "fmsadmin" group contains myself, the boss, and our 2 IT guys. The "fm-managers" group contains the "fmsadmin" group plus another domain user. The "fm-entry" group contains the "Domain Users" (everybody) group. In my FileMaker solution, I created the same 3 accounts, each prefixed with "MY_DOMAIN" and set for external authentication.

The Mac server is joined and correctly authenticating to the Windows domain, according to our domain admin. FileMaker Server is up and running, and the solution file is shared and visible via the FileMaker Network. The Server is set to authenticate users via FileMaker and External Server accounts.

If I understand the tech brief correctly, users who successfully log in to the Windows domain when booting their workstations should be able to open the FileMaker file without being prompted for credentials, since they have already been authenticated for the domain. However, I always get a UN/PW prompt when trying to access the file, and credentials for the Windows domain are not accepted. The *only* way I can access the file is by using the UN/PW for the FileMaker (internal) account.

Anyone have any ideas? :)

Link to comment
Share on other sites

No, you misread the tech brief. SSO (Single Sign On - being able to open FM files without being prompted) works [color:purple]only in a completely Windows environment (Windows workstations, Windows FMS, Windows AD). In your scenario you will always be prompted.

But the windows credentials should work though. Did you try the different syntaxes:

- [email protected]

- domainuser.com

OSX has had a lot of trouble with making Windows authentication work, so check www.macwindows.com for more info.

Can you actually sit down at the FMS machine and log into the OS with a Windows AD account?

Link to comment
Share on other sites

Oh. I thought FMS running on the Mac server was supposed to retrieve the UN from the FM client and then request groups from the domain server to which that UN belongs.

No, I can't log in to the Mac server with my Windows domain credentials in any format.

Link to comment
Share on other sites

Then the AD plugin on the FMS machine is not set up correctly. If you can log into the FMS machine itself with an AD account then authentication from the clients will work too. But they will still get prompted.

Link to comment
Share on other sites

This topic is 6587 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.