Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 6798 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

FMServer 8 hosted on Win2003 with some clients Win2K and WinXP, some OS X. Still under development. The windows clients are members of an Active Dir. domain, as is the server, which is set to external authentication & SSL. This logs the windows clients in automatically. User jimbob in AD appears as jimbob in Get(AccountName). Mac OS X clients have to authenticate twice, once to the server and once to the first file. But if you come in through mac os x, you have to use DOMAINNAMEjimbob for it to recognize you, so Get(AccountName)="DOMAINNAMEjimbob".

So far so good. But the system tracks usage (modified, created, etc.) by account name. If your username is jimbob and you come in through windows, you appear as jimbob, but via Mac and then all the modifed (etc.) fields show you as DOMAINNAMEjimbob.

Most users are not switching platforms, but they certainly could, and I need to be able to count on the username matching exactly for certain scripts. I could kludge around it by giving users two possible account names in the user management portion of the system, but that's bad in principle and bad for future maintenance.

Has anyone else seen this behavior? Should I try some different settings for the external server authentication? The server and windows client machines are members of SUBDOMAIN.DOMAINNAME, but the users are members of just DOMAINNAME. I don't think I have the option of joining the server to just DOMAINNAME. This may explain why the mac clients need DOMAINNAME specified ahead of the username.

Thanks ahead of time for any tips.

Posted

This is a known issue with the OSX Directory Access AD feature. First time we saw this was in 10.3 and I haven't retested on the the recent 10.4 updates to see if it's still there.

You can solve this by stripping out the domain name from the get(accountname) function. Then you don't have to worry about changes to OSX that fixes this bug or not.

Posted

You're right. It's best to program around this issue. I found that this also can happen on Windows. For example, a laptop that has network access but didn't authenticate properly to the domain for whatever reason. In this case FMS asks for credentials directly from the user, and needs the DOMAIN prefix on the username.

Posted

yep, or the user may simply manually provide either their UNC (domainuser) or UPN (user@domain) credentials and that's what you'll get in the account name.

This topic is 6798 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.