External Authentication with local users on Mac OS X Server

[Alex Taylor]

Hi,

I've read the tech brief on External Server Authentication as well as looked through the last few pages of topics for some clues to my answer, but I can't seem to fix the problem I'm having. I can't authenticate an external user in my FileMaker database. Here's my setup:

Server: FileMaker Server 11 running on Mac OS X Server 10.6.8

Enabled Client authentication using "FileMaker and external server accounts"

Database: Created an External Server Account named 'fmgroup'

Users/Group: On Mac OS X Server, used System Prefs to create a new user named 'externaltest'. Used Workgroup Manager to assign this user to the group 'fmgroup'

From my FileMaker Pro Advanced client (running Win XP), I'm using Open Remote to select the database, entering 'externaltest' as the user and the password that I assigned to it. I get a warning which says 'The account and password you entered cannot be used to access this file. Please try again.'

Is there a step I'm missing? Any help would be much appreciated.

[Alex Taylor]

Huzzah - just figured it out!

My problem was that within the Privilege Set I was using (happened to be the default [Data Entry]), I had forgotten to enable the extended privilege "Access via FileMaker Network (fmapp)." As soon as I enabled this and tried logging in with my 'externaltest' user, it worked! Hope this thread comes in handy for somebody else in the future.

[Steven H. Blackwell]

Of course, you selected probably the most difficult scenario to implement here. So I am glad you got it to work.

As a general rule, you'll be better off if you can keep as many elements together on the same OS family as possible. Cross platform authentication does work, but it frequently throws unexpected curve balls into the process.

External Server Authentication can and does extend to access by IWP, by CWP, and by iOS devices.

Steven

[Alex Taylor]

Thanks, Steven. It's always hard wrangling multiple platforms! This seemed fairly straightforward though, once I enabled the correct extended privilege.

Another interesting note: I'm able to log into my databases using EITHER the full account name OR the short name, which is cool. Our account names have spaces in them, but it still works just fine.

I've also cooked up a Change Password script that uses a web viewer, PHP script and shell command to change the Mac OS account password from "within" FileMaker (transparent to the users, anyway). If anybody is interested in seeing that script, PM me and I'll give you the rundown (as it's probably a little bit outside the scope of this forum).

[Steven H. Blackwell]

Another interesting note: I'm able to log into my databases using EITHER the full account name OR the short name, which is cool. Our account names have spaces in them, but it still works just fine.

 

 

Yes, this is a recent change in behavior.  For consistency, I'd still recommend using the short name version, especially if you're doing any Record Level Access restrictions based on Account Name.

 

Steven

[ianintheworld]

I've also cooked up a Change Password script that uses a web viewer, PHP script and shell command to change the Mac OS account password from "within" FileMaker (transparent to the users, anyway). If anybody is interested in seeing that script, PM me and I'll give you the rundown (as it's probably a little bit outside the scope of this forum).

 

Hi there. I'd be interested in seeing this script if you'd be happy to share. Thanks in advance.

[dansmith65]

Hi there. I'd be interested in seeing this script if you'd be happy to share. Thanks in advance.

You might have better luck getting a response if you PM the user directly. Hover over the users name and click "send message" to do this.  (he may not know that you've replied to this topic, but will probably get an email notice if you PM him)

[ianintheworld]

Thanks Dan. I did both for good measure.....