I have posted this before. However, even after working on it for sometime and reading various technical briefs, I am still encountering the same problem.

Here is the scenario - We are converting a set of FIleMaker 6 databases to FileMaker 7 and want to use external server authentication. I have three machines.

Machine 1 - Mac OS X Server 10.3.9. This server runs the open directory services and has all the groups and accounts configured as part of open directory.

Machine 2 - Mac OS 10.4.10 - This machine runs the FileMaker Server Advanced 7. All the databases are served by this server.

Machine 3 - Mac OS X 10.3.9 - This machine has the FileMaker Pro 7 client in it.

In the filemaker file, I have created a group and set it to be authenticated externally from set accounts and privileges option. Also, I have attached the privilege set and ensured that the fmapp option is turned on.

In the FileMaker Server 7, I have marked accounts to be both filemaker and external accounts in the congifuration.Also, in machine 2's directory access, I have configured the LDAPv3 to include the ip address of the domain controller and added the LDAP path in the authenticate tab.

The group defined in the filemaker file is also defined in the domain controller and has accounts attached to this group.

The open directory services has the LDAP(slapd) server running and also KDC is running. The DNS is not running in this domain controller but is running in another machine. Could this be a problem. Also, I dont see any LDAP logs.They are not created (I assume because from the server admin log view for LDAP, I see nothing, its blank) However the directory server and error logs are seen. Is this normal? Should I set some variable to generate the LDAP logs.

Now when I try to login to a database file from the client machine, I get the message - "You do not have sufficient privileges to perform this action". I am using an account that is attached to a group that is defined in the open directory and in Filemaker database file also.

I dont know what to do and this is highly frustrating.

I have read the various technical briefs from the filemaker site, read the FileMaker Security book by Steven H.Blackwell and also listened to the FileMaker security training and FileMaker server 8 training from the VTC site and am still lost.

I dont know what could be the problem. If anyone can shed any light on what I need to check and what could be the problem, it would be very very helpful.

Thanks.

First and foremost, LDAP configuration really has nothing to do with External Server Authentication.

Machine 2 must be a member of the Domain defined by Machine 1. Use the explicit search path, not the automatic one.

Also, the OD domain uses the "short" name, not the formal one. Be sure the Groups in the FileMaker Pro file are also using that as well.

All that said, Server 7 on OS X was very finicky about this. Server 8 and Server 9 work much better.

Steven