External Auth. stopped working

[eljefejb]

Howdy -

I had external authentication set up and working great between FMS (running on 10.4.5) and the Windows Active Directory Domain (running on Win2K3 Server). At least, it was running great up until we had a power outage on Friday... now external auth. seems to be broken. Users can still log in to files on FMS with FileMaker accounts which are defined inside the files. It's only the external authentication that quit working.

I have checked the event log, and it shows that when the server came back up, FMS performed a consistency check on all the files, since they hadn't been properly shut down. All reported being OK. I don't see any troublesome entries.

Our Win2K3 Server administrator says that the Mac (FM) server is properly connecting to the domain still...

I don't know where else to look or what to try next. Has anyone else had a similar experience? Any help would be greatly appreciated!

[Wim Decorte]

can you log into the FMS machine OS with an AD account?

[eljefejb]

Yes, I can log into the Mac (FMS) Server with my Windows AD account UN/PW.

[Wim Decorte]

Then it should work. This test confirms that the OSX machine can communicate with the AD. I would go back to the last backup of the file before the crash and try that to check if the file got corrupted somehow.

[eljefejb]

Hmmm.... unfortunately, it looks like there are no backups. I thought files were automagically backed up on a periodic basis, but now I see in the FMS Admin tool that you have to create a schedule for that function. Doh!

Doesn't the fact that the FileMaker log shows that the consistency checks on each file came out okay mean that the files are alright, and the problem is something else?

[Steven H. Blackwell]

Doesn't the fact that the FileMaker log shows that the consistency checks on each file came out okay mean that the files are alright, and the problem is something else?

Not necessarily. Check the Define Accounts & Privileges to be sure that the External Groups are still active.

Have both the Domain Controller and the FMS CPU been rebooted since this incident?

Be sure to enable backups.

Steven

[eljefejb]

Well, the domain controllers came back up automagically when the power came back on. I have rebooted the FM server since.

The external accounts are still active. Nothing was changed within the files... the external authentication just stopped working after the power outage. Every time I try, I just get "The account and password you entered cannot be used to access this file. Please try again."

[eljefejb]

Well, I tried everything I could think of, including creating a file from scratch, and I still couldn't get it to work. Then, grasping at straws, I tried renaming the group names. Not renaming, actually, but in order for the authentication to work before the power outage, I had to name the groups like "OUR_DOMAINgroupname". Before, it wouldn't work without the groupname being prefaced. After I removed that, it started working. Go figure. I'm guessing it must have something to do with the fact that we (yesterday) tried unbinding the server from Active Directory and re-binding. We used the exact same process as when we first bound it to AD, so I don't know why that would have made the difference.

Oh well, as long as it works, right? :beertime:

[Steven H. Blackwell]

I had to name the groups like "OUR_DOMAINgroupname". Before, it wouldn't work without the groupname being prefaced.

Correct. That's the way the OS X AD plugin interprets the name of the Group being returned from the AD Server. And the Group name in the file must match that exactly.

I think I am going to need to get FMI to issue a TIL on this; otherwise, I will just do it myself.

Glad it now works for you.

Steven