FMS on OS X Server authenticate to AD

[Zippy Aus]

Hi all

I have been looking at this all day and can't seem to find a solution.

We have two Filemaker server, one on Windows and one on Mac OS X Server 10.4.11. I have got the external authentication working perfectly on the databases hosted on the windows server but cannot find how to use the AD server for the Mac OS X server.

Not sure if this is the correct procedure, but I have tried to Bind the OS X server to AD using the Directory Access utility, but I keep getting an error "unable to access domain controller. this computer is unable to access the domain controller for an unknown reason"

In windows all I had to do was set the service to authenticate to AD. How do I achieve the same thing on Mac OS X Server or FMSA 10 on mac os x.

Any help would be greatly appreciated.

Thanks in advance

ZP

[Wim Decorte]

You're on the right path: first you need to bind your OSX machine to the AD. Only when you got that working will you get anywhere.

You'll find plenty of help on the Apple forums on that, also try www.macwindows.com.

Double-check your DNS settings on the Mac, make sure they match those on the Windows box. The Mac box must be able to resolve the domain name in order for the binding to work.

[Zippy Aus]

Thanks mate. I will keep going in when I get back to work on monday. Will report back when (if) I get it working.

Thanks again for responding so quickly

[kfutter]

I'm having trouble with this scenario too. I've followed the Techbrief available from FileMaker, but it doesn't deal specifically with binding an OS X server with AD, and I can't get it working.

For the record, we're running FMSA 8 on OS X Server 10.4.11, and AD 2010 on Windows Server 2008 Datacenter.

At the moment I'm trying to bind the Mac to AD via the LDAPv3 option in Directory Access, and I'm doing this via the AD server's IP address. Should I be doing it via the domain instead?

Also, I notice there's an Active Directory option in Directory Access - should I be using that instead?

I haven't restarted either the FM server or the box it's running on since setting this up - is that required? (I haven't done it yet because I can't just do it on a whim, and it can only be done if necessary.)

We'll likely be upgrading to FMSA 11 later this year, but I really need to establish this as a viable authentication method first, rather than waiting until the upgrade. Any help or advice here would be greatly appreciated!

Kev

[kfutter]

UPDATE:

I restarted the server and the machine to no effect. I also changed the binding string to the domain of the AD server, rather than its IP. Again, to no avail.

Any ideas?

Kev

[Steven H. Blackwell]

I'd say the most likely cause of this problem is the use of FMS 8. Cross platform authentication had some issues with these earlier versions. Try upgrading your FileMaker Server version.

Steven

[kfutter]

I'd say the most likely cause of this problem is the use of FMS 8. Cross platform authentication had some issues with these earlier versions. Try upgrading your FileMaker Server version.

Steven

Thank Steven. I was afraid of that. While we can't go with a live deployment until the next term break, I recently downloaded the limited-user developer version of Server 11, so I'll set that up on a test box and see what happens. Ironically, the test box will be a Windows machine, so any cross-platform issues will disappear anyway.

Kev

[kfutter]

While I still haven't got this working, I thought it might be worth pointing out a note I found in the "FMS read Me" PDF on the FMS 8 Server install disc:

When opening a file that is hosted on FileMaker Server for Mac OS X and set up to use Windows

domain authentication, the external server group designation needs to be preceded by a Windows

domain specifier: DOMAINgroup. If the file is hosted on FileMaker Server for Windows, only the group

name needs to be entered.

It still doesn't work for me, but could be the missing piece of the puzzle for someone else.

Kev