Funny SSO Message

[spongebob]

Hi Forum!

I have 2 Questions about authentication please.

(1) I have three files hosted on an FM Server, A, B and C.

All three files use External Authentication with the Domain Server.

There are 2 groups of users in the Active Directory and both are correctly defined in each of the three FM Files: fmsadmin and fmsusers.

The external Authentication works fine.

As an identified Windows User, I open file A and that opens file B and C and it works fine, no passwords are asked, users are in the files with the right privelege set.

It works for all users.

Only; In the LOG of FM Server I get a funny message when the Computer tries to open Files B and C.

They are Information messages, not warnings, but they happen every time to every user so it bugs me.

Information 730:

"Single Sign on authentication failed for User XXX [iP Address] on Database "B" using User XXX [fmapp] failed.

Information 730:

"Single Sign on authentication failed for User XXX [iP Address] on Database "C" using User XXX [fmapp] failed.

Can anyone tell me why this may be happening? My authentication Order is simple: fmsadmins then fmsusers.

Any Ideas what that could be? I thought SSO is used with OBDC? I dont use OBDC (and note my web publishing engine is off as well as I dont need it)

(2) When I go into file A as admin (im in the fmsadmin group) and I enter the Database Structure (Define database);

before the list of fields appears I get a dialog asking me to log into File C with a username and Password.

2.1) Why would it actually ask me such a login when I wanto look at the Fields in my file only?

2.2) Why does it ask me for a login if the accounts are authenticated externally? If i log into File C directly I do not get asked a login or password; ie the external authentication on File C seems to work...

Any input would be greatly appreciated,

Best Wishes

Spongebob

[Steven H. Blackwell]

OK, one or two things at a time here.

SSO has nothing to do with ODBC. SSO--Single Sign On--is a Windows OS Server and Windows OS client process only. You are experiencing it when you log onto the system from FIleMAker Pro and are not further challenged for credentials to access either the server or the files.

Second, the error you're seeing in the log may be caused by the other files' having the option checked to automatically connect with some set of credentials. Be sure that option is not checked. That process usually throws Error 661, but check anyway to see if that clears it.

Third, it is not a good idea at all to use External Authentication to authenticate an Account tied to the [Full Access] Privilege Set. Ifr someone got a copy of your files they could spoofyour domain and have unrestricted access to your files.

Steven