Jump to content

Implementing EA in a mixed environment


This topic is 5724 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I am working with a client to implement external authentication. They are running FMS8 v4 on a Mac OSX workstation (10.4.7). They have an existing Active Directory (AD) server which is handling all the auth services throughout their network.

I had the client setup a test group and test user in AD and I created the same group in FileMaker. The client tested the AD account to be certain that it was able to access network resources and all tests were successful.

I have not been able to login using the external test account and am trying to determine the issue. I did find a KB article @ FMI which explained that in order for a Mac OSX box to authenticate against an AD server, your group name in FileMaker must contain the domain (ex. domaingroup). I made that change after verifying the domain information, but no luck.

The client also told me that the MacOSX box is NOT a member of the domain and wonder if that is where the issue is. I am not familiar with AD. Any thoughts or suggestions would be most helpful.

Link to comment
Share on other sites

The client also told me that the MacOSX box is NOT a member of the domain

FileMaker Server can't authenticate to the domain controller if it isn't a member of the domain (or of the trust hierachy).

You have selected perhaps the single most difficult configuration possible for external authentication. You'll find this much. much easier to do if you run FileMaker Server on the same OS as the domain controller, either Windows Server 2003 SP SE or Macintosh OS X Server.

Another option is to place the Groups and Accounts on the local FMS machine, but again in this mixed environment, you'd be better advised to keep everything on the same OS.

Please consult the highly detailed and lucidly written (at least Wim's portion of it) Tech Brief on external authentication. The new version will be ready soon, but this one contains very valuable information.

Steven

Link to comment
Share on other sites

Thanks Steven.

Unfortunately, had this been my implementation, it would have been setup as you suggested. In this case, I am trying to make a poorly designed infrastructure better.

I thought of adding the accounts local to the server and authenticating that way, but that is exactly what the client wants to avoid. It would introduce complexity to account management which really defeats the purpose.

There are some OS dependencies which are keeping them married to the MacOS. It may be that the client needs to choose the lessor of the evils or allocate some budget to migrating the dependent portions of the solution to Windows.

It appears that they have some decisions to make. Thanks for your advice.

BTW - I have consulted the tech briefs and some additional articles @ Advisor on EA implementation. Good and necessary knowledge is contained in those documents. I had not done an implementation using this config before, and from your comment, I see that some thought needs to be placed on how the client should proceed.

Thanks again,

Aaron

Link to comment
Share on other sites

This topic is 5724 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.