Newbies NewsPipe Posted June 1, 2010 Newbies Posted June 1, 2010 Hello FileMaker Folks I'm attempting something that might be utter madness, but seems reasonable (famous last words, I bet) running FM Server Advanced 11 on a Windows Server 2003 machine, with LDAP authentication against a Mac OS X Open Directory server. This arrangement has been fine on FMS10 running on a Mac OS X machine, but although the admin console on Windows FMS11 says the directory service is configured correctly, when clients try to log in, no external authentication takes place. I'm a bit stuck, and of course the nice people at FM tell me this is an OS level problem so not for them to solve. Can anyone else? Is this theoretically possible? I haven't yet found anything to say it's not... Thanks in advance for any help you can offer.
Steven H. Blackwell Posted June 4, 2010 Posted June 4, 2010 You say that no external authentication takes place. Are you sure, or do you mean that no single sign on takes place? There is a difference. There is no SSO for any combination other than a Windows Server and a Windows OS workstation running FileMaker Pro client. And in any event there is no "LDAP authentication." External Server Authentication is Active Directory and Open Directory based only. There is a FileMaker Tech Brief on External Server Authentication. You might want to consult it. Steven
Newbies NewsPipe Posted June 5, 2010 Author Newbies Posted June 5, 2010 Hi Steven Thanks for your message. Since we've discovered what at least one part of the problem was, I'll explain in case anyone else falls into the same pit. It was about case sensitivity. We've been using external authentication with an Open Directory server for 4 years now across 3 different versions of FM Server and without any major issues. Yet we've had it wrongly set up all that time. The cause of the current problems was about a difference in case between our group long and short names. They are identical, except that the long names are in title case. FM Server hasn't been worried by this for these 4 years (and perhaps it has been kindly 'cleaning up' the names defined in our Accounts & Privileges while using them for external authentication). But it seems FMS11 does pay attention to case, and in so doing has exposed to us the error of our ways! Maybe I missed it, but I don't recall seeing any mention of this change in the release notes. Even the techbrief you mentioned does state that group short names should be used, though it makes no mention of case sensitivity. I'm sure I am not the only FileMaker Admin on these forums who isn't also a Network Admin. We can't know everything all of the time and have to rely on the expertise of others every now and then. In this case, the expertise had been wrong a long time ago, though not even the systems noticed...
Steven H. Blackwell Posted June 5, 2010 Posted June 5, 2010 This was, IIRC, actually a bug that was fixed. In Open Directory the short names are always lower case, and the matching group names must be the same. A few others have reported being caught out on this as well. So I will see about getting an addendum to the the External Authentication Tech Brief or maybe a Tech Info done. Steven
Wim Decorte Posted June 6, 2010 Posted June 6, 2010 As an aside: the directory service configuration in the FMS admin console has [color:red]NOTHING to do with authenticating users. It's there to register FMS with a directory service so that it can be located from FMP clients that can not use "local hosts" in their "Open Remote" dialog.
Recommended Posts
This topic is 5302 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now