Jump to content
Sign in to follow this  

External Authentication w/ Yosemite FM Server not bound to AD

Recommended Posts

I'm wondering (because I have not been able to get it to work so far) if my scenario is even possible.


Mac Pro tower running Yosemite and FileMaker Server

-system resides on network but not bound/associated to any particular Directory service, Active Directory or Open Directory


FileMaker Pro clients running Windows 7 and FileMaker Pro 13

-any and all of these client pc's reside on the same network, slightly different subnet

-all pc's are a part of Windows Domain that is administered by the state dept for my government agency

-all pc's can access FM databases when file-level authentication is used


I want to keep from creating and managing a separate list of users/passwords and utilize our already existing AD accounts (180 users) to authenticate to the FileMaker databases that we build. Our state department has stated that binding the Mac OS box running FileMaker server to AD is not allowed.


Is there any scenario based on our setup that we could devise that would allow us to use FileMaker external authentication? I've been through the FileMaker whitepapers about the subject and all give scenarios but none quite like ours. Most assume the FileMaker server would be running a M$ operating system and already be joined to Active Directory.


Even in our case, I've already mentioned that our state department will not permit me to join/bind the FileMaker server to AD. Being a state sized domain it is pretty large with groups created for 88 different county agencies under the state. I do have access to see Active Directory structure and can test with my user account that is a member of a group specific to just my county. The group only contains myself and one other user but alas it does not work and when attempting to login I just get the message "The account and password you entered cannot be used to access this file. please try again".


My state agency keeps referring me to LDAP and that that is the protocol they allow us county folks to use but I cannot seem to understand whether that will help me or if it is even related to this type of setup.post-112768-0-46848300-1421185308_thumb.post-112768-0-96128500-1421185309_thumb.post-112768-0-43256500-1421185311_thumb.

Share this post

Link to post
Share on other sites

A couple of things:


- first off: if your FMS OS is Yosemite, you need to update to FMS13v5 ASAP.  This has nothing to do with EA, but just basic functioning


- you can not use AD accounts for EA unless the FMS machine is a member server in the AD domain (in OSX terms: bound to the AD).  It is FMS that communicates with the AD/OD domain controller,  not the clients.


- why don't they allow the FMS box to be bound to the AD?  Is it because it is a Mac?  If so you would be much better off installing FMS on a Windows machine and stay within their parameters.


- LDAP is nothing but a protocol (says so in the name), it's a language that directory services like AD and OD understand.  In the same way that web servers understand HTTP.  LDAP brings nothing to the EA discussion.

  • Like 1

Share this post

Link to post
Share on other sites

Thank you Wim! It's good to get some clarification. I'm requesting the current full install download from FileMaker now and will update very soon. I checked the FileMaker article regarding this update and it appears as though they suggest an uninstall and then install of the v5 full version. This is what I'll do.


The restriction is just blanket, no county devices allowed as members of the domain, it does not matter which OS. I've requested some form of exemption, I really do not want to manage this many user accounts.

Share this post

Link to post
Share on other sites

Remember, please, that you can establish local security Accounts and Groups directly on the FileMaker Server machine. These too will work for external server authentication.



Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Similar Content

    • By "... you mean these fans?"
      Mr. Ignoramus
      We have a solution in Canada where we moved the db from a hosting company to a LAN ( customers building ) They are using a Mac OS machine running FileMaker 16 server.
      We access the FM 16 server via apple's remote access, having trouble locating where we would put the index.html and php files for our web form that we used when we were hosting on an outside hosting company.  The hosting company put the html/php file in the folder that designated our account number. 
      My question is this ... where would we put the two web files; index.html (form) and the .php (create record in FM) file on the FM 16 server.  I can not seem to locate the instruction via the documentation FM is providing.  Have done several internet search ...
      I am gathering information to pass to the individual helping us with the FM server at location.
      Anybody able to provide a link or guidance I would be grateful.
      Thank you.
    • By jduncan
      We recently upgraded from FMS 14 to FMS16 and one of our databases won't open via WebDirect due to the way it's named:  the database title has an ampersand ("&") in it.  This worked just fine for FMS14, but not for FMS16.  The easiest solution seems to be to change the database title.  I'm a little hesitant to jump into this because of a large number of externally held containers.  How would one safely go about changing the database name (I'd like to change the "&" to "and") without losing the linked containers? 
      In case anyone's wondering, I didn't name the database; I inherited it.
    • By ShelCOYS
      Hi, I have fm 14 server running on a mac mini. I have recently upgraded to FM16 running Mojave on 2 x local macs. We started with one license, where only one of us could use FM at a time (as we knew), I have since bought another copy and and reinstalled FM16 on the local mac with the new serial number but the server still seems to think we are using the same copy?? and we are getting the attached error. I have completely uninstalled FM locally but still does not work. I have asked my FM guy, as well as 2 or 3 other people but everyone seems to be stumped?? Is there any way of clearer the cache which may be holding this old information? Any help would be much appreciated.

    • By Gaohan
      Dear all,
      I'm new here so forgive me if not posted in the correct location. We have the following situation for which we do not know how to continue:
      We have Filemaker server running on a windows server. The server is accessed through its local ip address (in the 10.10.10.x block). For an internal application I would like to extract information from a FileMaker database for usage in another application. Initially, I used the xmlresultset grammar. It works for when requesting the databases hosted on the server (i.e. : http//10.10.10.x/fmi/xml/fmresultset.xml?-dbnames returns the expected result). However, when I attempt to retrieve a list of layouts that are available I keep getting an empty body result:
      http://10.10.10.x/fmi/xml/fmresultset.xml?-db=Test&-layoutnames Returns the following contents (Note the content-length = 0):
      [Chrome section: General] Request URL: http://10.10.10.x/fmi/xml/fmresultset.xml?-db=Test&-layoutnames Request Method: GET Status Code: 200 OK Remote Address: 10.10.10.x:80 Referrer Policy: no-referrer-when-downgrade [Chrome section: Response header] Content-Length: 0 Content-Type: text/xml;charset=UTF-8 Date: Mon, 19 Nov 2018 16:01:06 GMT Server: Microsoft-IIS/10.0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Powered-By: ARR/3.0 X-XSS-Protection: 1; mode=block [Chrome section: Request headers] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,nl;q=0.8 Authorization: Basic XXXXXXXXXXXXX Cache-Control: max-age=0 Connection: keep-alive Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.jwpc1 DNT: 1 Host: 10.10.10.x Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 I specifically made a layout that should return content as a table view of the records.
      I have verified with PHP, and it shows the same problem.
      I have read on some forum that layouts should be made available through web-publishing as well. How to do this? I cannot find it in the documentation.
      What else am I missing?
      Hoping for an answer!
    • By Richard Fincher
      My production Filemaker Server 14 running on Mac OS X 10.11 El Capitan (Not Mac OS X Server) has been running fine for a year since I last installed the Thawte SSL Certificate.  After renewing the certifate this year, I've tried various different methods of importing the new certificate, which came with an intermediate certificate, but I can't seem to get the intermediate certificate installed.  I've been mostly using something like:
      sudo fmsadmin certificate import --keyfile /Users/richardfincher/Desktop/GBROOMX36-4X/private.key /Users/richardfincher//Desktop/GBROOMX36-4X/ssl_certificate.crt
      I've also tried importing it through the web control panel.  It was necessary to remove the old private key thus.:
      sudo rm /Library/FileMaker\ Server/CStore/serverKey.pem
      After it is (apparently) installed, I usually restart with :
      sudo fmsadmin restart adminserver
      although a few times I have rebooted the server (not a VM)
      Any thoughts welcome....
      Oh, one thing is, a year ago it might have been still on Mac OS X 10.8.5 Mountain Lion, which was the previous OS before I upgraded it.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.