Jump to content

mixed platform external authentication


This topic is 6215 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I have a somewhat complex scenario that I would like to simplify:

Right now I have a single file database that contains ~200 filemaker accounts for the different users in our department. These accounts are used for scheduling equipment reservations via IWP and for accessing equipment workstations through a filemaker pro client in kiosk mode. I would like to move this to an external authentication scenario.

The equipment workstations are XP pro machines but the attached hardware is set up such that only one specific locally authenticated admin account can control the hardware (don't ask me why the manufacturer set it up this way) If I use external auth in my filemaker files, and the equipment workstations aren't a member of the domain, will users be able to authenticate with external accounts when they attempt to access the database?

Another issue is that there are several offline workstations which are not attached to equipment. These are a mix of mac and windows machines. I would like these machines to authenticate against a domain and have the server store home directories that contain the user's information whether they are on a mac or pc. Also, on these workstations they will access the filemaker server via IWP or FMP.

Presently, I am using OS X 10.4.8 (not server), in a single machine configuration with FMSA 8v4. My plan is to purchase 10.4 server (or 10.5 if I have to wait) and install it on an existing dual core G5 and use that as an open directory server and a primary domain controller for both win and mac clients, and have the FMSA box authenticate against it.

What issues am I likely to encounter when I set this up? Is this something that sounds feasible? Thanks for any advice.

Dana

Link to comment
Share on other sites

Well this is a good one, one of the best we've seen here in quite a while.

First, there are some resources in the Tech Brief area of the FMI web site that should prove useful:

http://www.filemaker.com/downloads/pdf/techbrief_fm8_server_auth.pdf

http://www.filemaker.com/downloads/pdf/techbrief_security.pdf

http://www.filemaker.com/downloads/pdf/techbrief_fm8_server.pdf

A few general observations:

1. External Server Authentication is one thing; single sign on is another.

2. IWP clients can authenticate against the server; they cannot do SSO.

3. Windows FMP workstations clients can have true SSO; Macintosh OS X clients cannot. They must use the Keychain instead.

4. The server accounts can either be on the domain controller, or they can be local accounts on the FMS server box.

5. Cross platform FMP client authentication can be a bit tricky depending on the OS of the domain controller. it is probably easier to have the DC be Active Directory. The AD plugins that are part of OS X seem to change every time Apple revs the OS, so some tinkering is always required.

Do report back and let us know how you're doing.

Steven

Link to comment
Share on other sites

single sign on is not as big a deal to me as users having a single username and password for each service.

I don't know if I want to get another machine and 2003 server just to set up active directory for <10 different computers. It sounds like, from reading various opinions, that AD is complicated to set up.

OS X server 10.4 and up is supposed to have the ability to act as a domain controller for windows clients, using NT-style domains. I realize that this has drawbacks compared to active directory, but all users need to do is be able to access their home directory from any of the workstations, PC or mac, and use various applications installed locally on the workstations to process data files in their home directories. Will the PC filemaker clients not be able to authenticate against the open directory server?

Link to comment
Share on other sites

The PC clients should be able to authenticate against the OD. I don't think you'll have any issues on the FM side.

When you say "offline" workstations: are these in the same network as the other ones? Setting up home directories in a mixed environment can be a bit of a drag.

Link to comment
Share on other sites

all the machines are on the same network. I misspoke when I said offline. I meant that users would be processing mass spectrometry data offline, as opposed to processing data on the computer that's attached to the instrument.

Also, the home directories won't really have to be portable from mac to pc. There will just be users of each platform authenticating on the same server.

What are the pitfalls of home directories in a mixed environment?

Link to comment
Share on other sites

This topic is 6215 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.