2 Replies Latest reply on Jul 7, 2010 9:30 AM by damondidit

    External Auth Failure FMS 10 Good, FMS 11 No workie



      External Auth Failure FMS 10 Good, FMS 11 No workie

      Your post

      I am attempting to upgrade from a FMS10 server that is running just fine.

      Current server authenticates to Open Directory Server (10.5.8 OSXserver) as external authentication within the individual DBs as well as FMS10 Security tab. No other settings under FMS for the OD. The machine is set to the OD for authentication and contacts under Directory Utility. AFP connections work without issue.


      However whenever upgrading, and recently a fresh OS and FMS 11 (10.6 client OS) installation on a separate machine I continually get the following error:


      The account and password you entered cannot be used to access this file. Please try again. 



      The local db Admin account that each DB has can login just fine, it's just these remote authentication calls that are failing on me.

      My OD logs don't show any errors or failed auths.


      Have deleted and recreated all OD groups, matched to shortname of Prov Sets under FMP etc.


      Spoke with FM tech support and they had me change the individual DBs Security to load external accounts first, then local ones, all to no avail.

      As it is I cannot use FMS 11 unless I want to add all my individual users to each individual hosted db.

      Ayuda Me por favor - help please.


        • 1. Re: External Auth Failure FMS 10 Good, FMS 11 No workie

          I have an identical problem here.
          1) Our master open ldap server is on a mac 10.5.8 server.

          2) We have a 10.4.8 server running FMS 10 adv. This machine is connected to our master directory system and is authenticating external accounts correctly in our FM solutions both native and web.

          3) We installed FMS 11 adv on  a 10.6.3 server. It is also connected to the open ldap master. (a terminal window with id account_name returns the correct information). The FMS 11 adv console has been set to allow FM accounts and external accounts in the security tab. However when trying to open a remote solution our external accounts fail.

          4) If we can resolve the external authentication problem on the 10.6.3 server we can shutdown the FMS 10 adv machine. As it stands we have a product thats not usable as it would take far to long to add groups and individual accounts to every solution.

          this article above provides excellent detailed information on the topic, however after verifying each point was complete our external authentication still fails.

          Any help would be greatly appreciated.

          • 2. Re: External Auth Failure FMS 10 Good, FMS 11 No workie

            EXECUTIVE TAKEAWAY: The FMDB should use the exact same Group Short Name as entered on the OD server.

            So after reading and understanding some various technical details I have it all working now. I guess technically it should have stopped working around FMS 8 update but was close enough to pass until now.

            I ended up going back to my OD server and creating 3 new groups: (My original groups were (Name/Short Name): Limited/limited, Accounting/accounting, ProjectManagers/projectmanagers)




            I created these groups with both the fullname and shortname identically, and all lowercase.

            Then I went into each FM DB and added the group names, as listed above, for external authentication. I then adjusted the authentication order under Accounts tab so that these external groups were first in the list, then I even moved the Privilege sets for those auth Accounts up first in the list as well.

            At this point I went back to my OD and began adding users to the new f-series groups I created, and deleted their original FM group affiliation. And whatta ya know it works again.

            So if you're in a bind as I was and need to try something new, try the above, it worked for me.