We are experiencing some unusual authentication issues. Our setup includes:

- Windows 2003 domain

- Using Active Directory with two Domain Controllers running Windows Server 2003 Standard

- One FMSA10 (10.0.1.64) machine is running Windows Server 2003 Standard

- A second FMSA10 (10.0.1.64) machine is running Mac OS X 10.5.7 Server.

- Client machines are running either Mac OS X 10.4.11 or 10.5.7.

The issue we have is that members of the fmsadmin group in Active Directory are not able to log into any hosted Filemaker database on FMSA10 running on Mac OS X 10.5 Server. When trying to do so you receive the, “The account and password you entered cannot be used to access this file. Please try again.” Members of the fmsadmin group are able to access files on the FMSA10 machine on the Windows 2003 Server.

If we move a member of the fmsadmin group into another FMS group in Active Directory, they are able to authenticate and access the database. If I move that same person back into the fmsadmin group then they are again unable to authenticate and access the database. Maybe this is related, or not but... Members of the fmsadmin are able to access the Server Admin Console on both FMSA10 servers as enabled that option.

Is this, somehow, expected behavior?

Strange, to say the least, but not totally unexpected. Cross platform authentications of this type are always challenging.

First thing, be sure that the fmsadmin group is actually enabled for network access in the files hosted by the Macintosh OS Server. BTW, if that is 10.5.7 that OS is not certified for FMS 10.

Second, be sure that the Macintosh OS FMS machine is properly bound to the AD domain. This cannot be done automatically; you must select the domain controller in the NetInfom set up.

Please keep us posted about this.

Steven

First thing, be sure that the fmsadmin group is actually enabled for network access in the files hosted by the Macintosh OS Server. BTW, if that is 10.5.7 that OS is not certified for FMS 10.

The fmsadmin group is enabled in all the files and we know it works because fmsadmin users can access files on the Windows FMSA10 server.

Second, be sure that the Macintosh OS FMS machine is properly bound to the AD domain. This cannot be done automatically; you must select the domain controller in the NetInfom set up.

Please keep us posted about this.

The Mac FMSA10 computer is properly bound to the network and displays correctly in AD. As we noted, the other six (6) "fms" groups we created in AD for FileMaker authenticate correctly on the Mac server, just not fmsadmin.

check the local FMS machine and delete the existing fmsadmin group there. FMS on OSX will always follow the authentication tree so it will start looking on the local machine first before asking the AD. So if it finds a local fmsadmin group there it will check that group's membership and not ask the AD.