I am having no luck getting external authentication to work using FMServer 7 running on an OSX server authenticating against Windows Active Directory.

I am presuming it should be possible to login to the FMPro file(s) without seeing any FMPro username/password dialogue box at all, provided the user is already logged on to the Windows network.

Am I expecting too much? or just missing something?

Can anyone talk me through it?

You have the concept down correctly.

There is a Tech Brief on the FMI web site that covers many of the details:

http://www.filemaker.com/support/upgrade/techbriefs.html

Depending on the exact version of FileMaker Server and of the Macintosh OS that you're using the precise syntax returned to the FileMaker Server from AD can vary.

For example, for an AD group called "Sales" the OS X plugin may return that as domainnameSales, where "domainname" is the AD domain.

Therefore the Group in the FileMaker Pro file must also be named domainnameSales. Every time Apple revs the OS, something changes here, so you will need to examine this more closely.

For dual paltform organizations this causes additional issues inasmuch as it requires 2 separate groups in the FIleMaker Pro file, one named "Sales" and the other named "domainnameSales." However, both just connect to the same Privilege Set.

Another solution is to replace the FIleMaker Server CPU with one running Windows Server 2003.

HTH.

Steven

I am presuming it should be possible to login to the FMPro file(s) without seeing any FMPro username/password dialogue box at all, provided the user is already logged on to the Windows network.

You are presuming too much. SSO (single-source sign-on) only works in an all-Windows scenario (Windows workstations belonging to a Windows Domain, and FMS running on Windows Server configured as a member server in the Windows Domain).

If you have the OSX workstation configured to get authenticated on the Windows AD then you can get pretty much the same effect but only after letting users store their credentials in the OSX keychain. The next time those OSX users want to connect to a file hosted on the FMS, the keychain will send it the credentials.

Thanks for these.

"If you have the OSX workstation configured to get authenticated on the Windows AD then you can get pretty much the same effect but only after letting users store their credentials in the OSX keychain. The next time those OSX users want to connect to a file hosted on the FMS, the keychain will send it the credentials. "

Even if it won't work using a Mac workstation, can one, though, get 'automatic' authentication on a Windows workstation via the OSX FM8 server to Active Directory on a Windows Server?

No. Winodws has no equivalent to the OSX Keychain. The user will always be prompted for credentials.

Thanks for the steer.

At least I now know and won't spend hours trying to crack the uncrackable.