Jump to content

FM Server 8 External Authentication


This topic is 6457 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I have multiple databases setup with about 40 users on both Win/Mac platforms. The DBs are served from FM Server 8 of a dedicated Win2003 server. All DB's use external server authentication of the server's local domain and so far I've been creating user accounts manually and it has been working great. But as the number of clients increases managing users is becoming more and more tedious, especially when users request a password change! It would be great if I could somehow manage these accounts from FM client. I have a bunch of vb scripts to automate tasks, but I just can't get filemaker to run them in the context of the server, i.e. the scripts run on the client machine. Is there a way to run vb scripts on the host machine from fm client? I've looked at Shell plugin, but I'm not sure if it actually runs commands on the host machine...any help would be appreciated...thanks

Link to comment
Share on other sites

This post would probably be better of in the "Windows Automation" forum but I'll leave it here for now.

The key is in your VBscripts. If you can get FM to execute them then you're good. But in your VBscript syntanx you need to specify that you want to target the AD on the domain controller. And you will need to included admin credentials in it, which may be a security risk if you don't handle it properly.

You mentioned "local domain" so I'm assuming you are working with accounts in Active Directory and not accounts on the filemaker server machine.

Link to comment
Share on other sites

Thank you for your reply, sorry, didn't know there was a windows forum.

I am not running a domain controller, these are local accounts on the FM server machine. I am aware that I can remotely manage domains, but like you said that would be a major security hole, besides there are other things I would like to use the scripts for, not just to manage the accounts. I basically need the scripts to run on the server machine not on the client machine. Can that be done?

Link to comment
Share on other sites

Sure. It's called "Remote Scripting" and is supported in Windows Script Host 5.6. If you're running XP and Server 2003 then that's the version you have. If not, you can download it from MS and install it where needed. Do a google on the subject and you'll find plenty of examples.

Link to comment
Share on other sites

I was thinking about remote scripting, but then FM client would still run a local vb script off the client machine which would then connect to the server, I'm looking for something that would actually initiate the script off the server entirely. Besides we have crossplatform clients (Mac/Win).

Link to comment
Share on other sites

I'm trying to so something that is very common in client-server applications. Let me give you a simple example. On the FM client, user has two buttons...one button lists files of the client's root directory while the 2nd button lists the files of the server's root directory. In first case the script has to run in the context of the client while in the 2nd case in the context of the server. I'm trying to do something similar...I want users to be able to change their password's which are stored on the server, but I can't use remote scripting because we have crossplatform clients and remote scripting is not supported on Mac's.

Link to comment
Share on other sites

I'll let Wim respond more fully inasmuch as he is the expert here on the particulars of the OS level scripting.

However, FileMaker prodicts are not designed to change directory services (either AD or OD) level credentials directly. That would be a huge security hole. OS level scripting triggered from within FileMaker Pro might be able to trigger either Active Directory or Open Directory to call for credentials changes. Such credentials lifecycle management changes are the province of the Directory Service and its security policy, not of FileMaker.

HTH

Steven

Link to comment
Share on other sites

Sounds to me like you're not using External authentication to its fullest, and you're creating more work for yourself because of it (instead of less work, which is the goal of EA).

If users log into their workstation with the AD credentials then you can have all the pw change requests handled there and there wouldn't be a need to add scripting to the mix.

To cater for the xplat clients; you can create a web page to handle the pw change request. The web page would use LDAP or ADSI to talk to the domain controller. Be very careful with security in this whole setup.

Link to comment
Share on other sites

This topic is 6457 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.