Jump to content
Sign in to follow this  
bcooney

Simple Ext. Authentication Fails

Recommended Posts

FMS13v0.3 running MacOS Mavericks 10.9.5.

hosted file = FMServer_Sample (as shipped, just added priv set and group)

on FMS13 Security tab  Client Authentication = Filemaker and External Server accounts.

 

OS user, fm_user, is a member of fm_group created by OS Users and Groups (there is no Domain Controller).

new group defined in file, fm_group and is set to authenticate via: External Server

 

new privilege set named "fm_group" assigned to fm_group and is set to Access via FileMaker Network

 

Cannot login to FMServer_Sample using account fm_user.

 

Can login to Mac (FMS) using account fm_user.

 

Help requested, Barbara

Share this post


Link to post
Share on other sites

Strange.  You've correctly run through most of the check points.

 

Several items:

 

1. Maybe try updating to Server 13.0v5.  See http://thefmkb.com/13886

 

2.  Double check that there are no leading or trailing spaces in the Group names, both in the file and on the Server.

 

3.  Restart the fmsadmin server.  And for good measure reboot the server machine as well.

 

Please let us know how this goes.  If there is a problem, we need to let FMI know.

 

Steven

Share this post


Link to post
Share on other sites

I've just replicated the exact same setup as you Barbara:

 

OSX 10.9.5 for FMS, FMS13v4

local group fm_group, user fm_user added to it

Sample file configured with this fm_group external account

 

From another machine I can log into the sample file with the fm_user account.

Everything works as expected.

 

When you created the group, did you select "group" at the bottom of the pick list or something else?

Share this post


Link to post
Share on other sites

Thank you for stopping by! I had hoped one of you would take an interest in my problem -- but both of you!!

 

Steven, reboot didn't solve anything, and I double-checked for trailing spaces.

Wim/Steven, I'm not on 13v4, but I'll run that update next and report back.

 

"When you created the group, did you select "group" at the bottom of the pick list or something else?"

Not sure what pick list you're referring to? This is not Server OS, just the standard Users & Groups in OS X 10.9.5.

Share this post


Link to post
Share on other sites

Updated! No joy.

 

FMS13.0v5.520

Java 7 update 71

 

I know I must be missing a checkbox somewhere! Here are some screen shots that I hope will help.

 

btw: I have changed the password for fm_user each time just to be certain that I am entering the correct one, "temp1234".

 

post-62904-0-73164000-1421066218_thumb.p

post-62904-0-66666300-1421066261_thumb.p

Share this post


Link to post
Share on other sites

This is the regular group I mentioned.  My test OS was also just regular OSX, not OSX Server.

 

The only other thing I changed in the sample file was:

- disable auto-login with Admin

- set the fm_group higher in the authentication order than the Admin account

 

When it fails, what message do you get?

 

 

post-57725-0-08812800-1421066696_thumb.p

Share this post


Link to post
Share on other sites

 

The only other thing I changed in the sample file was:

- disable auto-login with Admin

- set the fm_group higher in the authentication order than the Admin account

 

Good ones, Wim.  Forgot about these.

 

Steven

Share this post


Link to post
Share on other sites

Yes, Wim, I did select Group in the popup menu.

 

I had disable auto-login as Admin. I moved fm_group higher in the authentication order than Admin. Still cannot login as fm_user. (can login as Admin, obviously).

 

Oh, and by the way, I've tried the login from another iMac and just launching FMA13 on the iMac that is running as FMS. If it matters at all, this is my TechNet FMS13 license. (no one else is logged in).

post-62904-0-33042300-1421069168_thumb.p

Share this post


Link to post
Share on other sites

this may be a clue:

 

The fm_group privilege set that is assigned to the fm_group account, is set to not allow a user to change their password. And yet, the Change Password button is available on the dialog. Well, I suppose at this point, FM has no idea what the current priv set is. In fact, that is established during authentication. Hmm...this ability to change password seems to be an issue, though.

Share this post


Link to post
Share on other sites

FMS can not honor a pw change request for an EA account.  If you turn that setting off for the account, does it then work?

Share this post


Link to post
Share on other sites

I wouldn't think that it could, Wim. Here's what I see in Users & Groups. I don't see how to turn off the Change Password in the FM account login. The priv set does not allow it.

post-62904-0-18441400-1421077248_thumb.p

Share this post


Link to post
Share on other sites

No option there, I have my account set up exactly the same.

 

Your FMS box: was it ever bound to an AD or OD previously for some other testing?

Share this post


Link to post
Share on other sites

No, Wim, it was not.

 

Here's something that may be the culprit. The mac now serving the files is my old iMac. Got a new one for Christmas! Restored from Time Machine to the new Mac. Could the DNS settings be messed up bcs the two macs are so closely related?

Share this post


Link to post
Share on other sites

I deleted my user and group and added a new user and group (with different names than the original). It works!

 

The only thing that I could think it could have been, is that I had created the user and then changed the user name. When I went to Advanced Settings in Users, I could see that the DNS entry had the wrong home directory (one with the old user name "fmtest").

Share this post


Link to post
Share on other sites

That could be the old OSX confusion between short user name and long user name.  When you changed the OSX user name you probably only changed it in one place?  EA on OSX works best when using the short user name.

 

Windows does not have that kind of distinction.

Share this post


Link to post
Share on other sites

Yes, I only changed it in one place. When I right-clicked to see the Advanced Options, it showed that the home directory was named with the old user name.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.