5 Replies Latest reply on Feb 14, 2011 10:17 AM by TSBear

    Cannot Authenticate to AD Server

    JasonYun

      Title

      Cannot Authenticate to AD Server

      Your post

      Hi,

      We're trying to authenticate to AD via External server accounts.

      From the Filemaker Client when we try to connect to the database we get this error:

      "This account name and password do not have privileges to view databases hosted by FileMaker Server"

      Info

      Version: Filemaker Server 11

      Server: Windows 2008 Standard

      Under FileMaker Pro Clients > Directory Service > Configure Directory Service

      -The "Directory Service Settings test was successful"

      Client Info

      Version: Filemaker Pro 10

      PC: Windows 7 Pro

      Any help is appreciated, we've triple checked the groups on AD and the user in question.

      Thanks,

      Jason

        • 1. Re: Cannot Authenticate to AD Server

          Jason Yun:

          Thanks for posting!

          The directory service setting doesn't really have anything to do with authentication. To set up external authentication you'll need to change settings in two places.

          1) Within the admin console under Database Server -> Security, change the client authentication setting to FileMaker and external server accounts.

          2) Within in the file under FIle -> Manage -> Security (Accounts and privileges for FM 10), create a new account and change the "Account is authenticated via" setting to External Server. From there, put in a valid group name and assign it the appropriate privilege set.

          Once this is done, your database should accept the Active Directory logins for the groups that you specified.

          TSBear

          FileMaker, Inc.

          • 2. Re: Cannot Authenticate to AD Server
            JasonYun

            Hi TSBear,

            Thanks for thr quick response.

            Sorry I should have been more clear, we've also done the steps you mentioned above.

            From your 2nd step, once we've entered the details when we click "User Data" it's completely blank, is it meant to query the AD and show who has permissions based on the group?

            So from here, when we try to connect from the client it reports that:

            "This account name and password do not have privileges to view databases hosted by FileMaker Server"

            I have tried using Yourdomain\username and username@Yourdomain format and verified that the group name is correct.

            Many Thanks,

            Jason 

            • 3. Re: Cannot Authenticate to AD Server

              Jason Yun:

              When you say you tried with "Yourdomain\username and username@Yourdomain format", are you referring to where it requests the group name in the account setup or the username during the password prompt? Either way, specifying the domain shouldn't be necessary. You may also want to verify that both the client and the server are joined to the same domain.

              TSBear

              FileMaker, Inc.

              • 4. Re: Cannot Authenticate to AD Server
                JasonYun

                The FMServer is on a different domain to the client machine - is that a problem?

                We have full trust relationships set up so inter domain is workable.

                Under groups we haven't specified the domain, we just tried it when trying to authenticate from the client.

                We're stumped at the moment, can't get the thing to connect using AD at all.

                Thanks,
                Jason 

                • 5. Re: Cannot Authenticate to AD Server

                  Jason Yun:

                  To simplify the environment a bit, could you attempt an external authentication from a client on the same domain as the server?

                  TSBear

                  FileMaker, Inc.