Shortname Only

[Earl Squirrel]

Folks

I am setting up a new server (FMSA 11.0.4.404) on a 10.7.2 (client OS) on a brand new machine. I have set the server to authenticate using external authentication via the Directory Utility against a 10.6.4 Open Directory Server. The only hiccup is that it will only authenticate the users, when they use their short names not their Full Names. I have double checked that all the groups are lowercase and they have no spaces in their names. I have checked to make sure they are all spelled the same. I have checked that the Directory Editor (on the very same machine) can authenticate via the Full Name (realname) I have used external authentication since it came out (5.5, I think - but the mind fails me sometimes) and have never run into this problem, in fact our production server (that hopefully will be replaced by this new one) is authenticating fine against this very same OD Master - however it is running on 10.6 OS not 10.7. Any clues?

Update: it appears that local users (ones created in the OS) are also deaf to the RealName. I setup some local users and groups and they also can only log in under their short name as well. Does anyone have Server 11 running on Lion, with external authentication to something other than Active Directory?

Vince Dolan

[Steven H. Blackwell]

Then short name is the one that must be used. It is what the OD Domain Controller returns to FileMaker Server. However in OSX, the search path always starts on the local machine and then goes up the OD tree. So, do not put local Groups on the local machine if you're using a Domain Controller.

Steven

[Earl Squirrel]

Steven

Thanks for the info, I can verify that pre -10.7 installs of FMSA 11v1-v4 all authenticate against Full Name (At least against OD 10.3-10.6) - I guess either Apple or FMI closed the loop hole with lion. We just threw all the user's full names into the OD Master via Work Group Manger's short name array and all is well. BTW I was only using a local user for testing purposes. Thanks again.

Vince Dolan

[smishler]

Vince,

Where you write "We just threw all the user's full names into the OD Master via Work Group Manger's short name array and all is well." does that mean that you added the user long name as a short name and FM Server then accepted the long name (acting like a short name)? Thanks.

Shawn Mishler

[Brian S]

Something I just discovered, it seems OSX no longer auto-includes the Full Name in the user's list of available aliases.  HOWEVER, if you manually add the Full Name as an alias... it authenticates when logging in via FM. (see screenshot)

[Steven H. Blackwell]

IIRC, FileMaker® Server 12 on Macintosh OS X Server will now accept either the long name or the short name. This change occurred in one of the v-revs. I still favor the short name construct.

 

Steven

[Bryan VonDeylen]

IIRC, FileMaker® Server 12 on Macintosh OS X Server will now accept either the long name or the short name. This change occurred in one of the v-revs. I still favor the short name construct.

 

Steven

 

The biggest issue is when a Mac User launches FMP 12, and opens a database on the server, their Real Name auto populates in the username field. Many people don't see this as a problem and type in their password and log in. Since FileMaker now accepts both Real and Short names, it makes it difficult to keep track of record ownership since I don't see a way of 'collecting' data as they log in.

 

I wish FileMaker didn't make that change.