Jump to content

External Authentication w/ Yosemite FM Server not bound to AD

This topic is 2883 days old. Please don't post here. Open a new topic instead.

Recommended Posts

  • Newbies

I'm wondering (because I have not been able to get it to work so far) if my scenario is even possible.


Mac Pro tower running Yosemite and FileMaker Server

-system resides on network but not bound/associated to any particular Directory service, Active Directory or Open Directory


FileMaker Pro clients running Windows 7 and FileMaker Pro 13

-any and all of these client pc's reside on the same network, slightly different subnet

-all pc's are a part of Windows Domain that is administered by the state dept for my government agency

-all pc's can access FM databases when file-level authentication is used


I want to keep from creating and managing a separate list of users/passwords and utilize our already existing AD accounts (180 users) to authenticate to the FileMaker databases that we build. Our state department has stated that binding the Mac OS box running FileMaker server to AD is not allowed.


Is there any scenario based on our setup that we could devise that would allow us to use FileMaker external authentication? I've been through the FileMaker whitepapers about the subject and all give scenarios but none quite like ours. Most assume the FileMaker server would be running a M$ operating system and already be joined to Active Directory.


Even in our case, I've already mentioned that our state department will not permit me to join/bind the FileMaker server to AD. Being a state sized domain it is pretty large with groups created for 88 different county agencies under the state. I do have access to see Active Directory structure and can test with my user account that is a member of a group specific to just my county. The group only contains myself and one other user but alas it does not work and when attempting to login I just get the message "The account and password you entered cannot be used to access this file. please try again".


My state agency keeps referring me to LDAP and that that is the protocol they allow us county folks to use but I cannot seem to understand whether that will help me or if it is even related to this type of setup.post-112768-0-46848300-1421185308_thumb.post-112768-0-96128500-1421185309_thumb.post-112768-0-43256500-1421185311_thumb.

Link to comment
Share on other sites

A couple of things:


- first off: if your FMS OS is Yosemite, you need to update to FMS13v5 ASAP.  This has nothing to do with EA, but just basic functioning


- you can not use AD accounts for EA unless the FMS machine is a member server in the AD domain (in OSX terms: bound to the AD).  It is FMS that communicates with the AD/OD domain controller,  not the clients.


- why don't they allow the FMS box to be bound to the AD?  Is it because it is a Mac?  If so you would be much better off installing FMS on a Windows machine and stay within their parameters.


- LDAP is nothing but a protocol (says so in the name), it's a language that directory services like AD and OD understand.  In the same way that web servers understand HTTP.  LDAP brings nothing to the EA discussion.

  • Like 1
Link to comment
Share on other sites

  • Newbies

Thank you Wim! It's good to get some clarification. I'm requesting the current full install download from FileMaker now and will update very soon. I checked the FileMaker article regarding this update and it appears as though they suggest an uninstall and then install of the v5 full version. This is what I'll do.


The restriction is just blanket, no county devices allowed as members of the domain, it does not matter which OS. I've requested some form of exemption, I really do not want to manage this many user accounts.

Link to comment
Share on other sites

This topic is 2883 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.