4 Replies Latest reply on Apr 28, 2009 1:30 PM by theboyk

    External Server Authentication using OS X Server 10.5/FMS10/FMP8.5...

    theboyk

      Title

      External Server Authentication using OS X Server 10.5/FMS10/FMP8.5...

      Your post

      Hello.

       

      I'm wondering if someone could clarify the following for me?

      I'm trying to set up external authentication (via OS X Server 10.5 Open Directory), running FMS10 and FMP8.5. In FMP8.5 I've created an account as follows:

       

      - Account is authenticated via: External Server

      - Group Name: FileMaker (which is a group create in WGM on OS X Server 10.5)

      - Account Status: Active

      - Privilege Set: Full Access

       

      This works fine. Member of the "FileMaker" group (in OS X Server/WGM) can now log into FileMaker, no problem.

       

      So, my question — is there any way to create FileMaker "accounts" for individual users in OS X Server or does external authentication only work via groups in OS X Server (thus, creating groups in OS X Server for the various privilege sets in FileMaker)? I only ask this because I'm only recently starting to work with FileMaker/FileMaker Server (taking over from someone else) at my current company, and I've always managed OS X Server at this same place, so now that I'm dealing with FileMaker and OS X Server, I'd like to tied in the authentication into a single location. But, the person who managed FM in the past had created individual users for everyone (as opposed to groups), thus I'm just trying to get my head around things.

       

      Thanks,

      Kristin. 

        • 1. Re: External Server Authentication using OS X Server 10.5/FMS10/FMP8.5...
          TSGal

          theboyk:

           

          Thank you for your post.

           

          You can set up user accounts to be either FileMaker accounts or external authentication/external server accounts.  It sounds like you have external authentication set up properly, since it is working.

           

          You could set up each user as a separate group in OS X Server, or you can just bypass the external authentication (since it requires an external server and administrator) and have the passwords in the FileMaker database file.

           

          TSGal

          FileMaker, Inc. 

          • 2. Re: External Server Authentication using OS X Server 10.5/FMS10/FMP8.5...
            theboyk
              

            Thanks TSGal,

            Actually, I want to keep all users/passwords in OS X Server (thus, utilizing Open Directory accounts so we only have to manage user information in a single location and when a password changes, we don't have to track down all the different places the user uses that password, etc.). Basically, I was just wondering if it was possible to access a single user from OS X via FileMaker (instead of having to do everything via groups), but from everything I've read and tested, it seems like accessing OS X Server accounts needs to be done via groups. Not an issue, but I just wanted to make sure (I only have a few instances where a single user has special permissions beyond our regular groups, so I'll deal with them on special groups for FM only).

            Thanks,

            Kristin. 

            • 3. Re: External Server Authentication using OS X Server 10.5/FMS10/FMP8.5...
              TSGal

              theboyk:

               

              Thanks for the clarification.

               

              Although I have not set up groups in OS X Server, it seems, in theory, that you could create a group for each person, and then reference that group.

               

              Is there anybody else out there with setting external authentication via OS X Server to confirm?

               

              TSGal

              FileMaker, Inc. 

              • 4. Re: External Server Authentication using OS X Server 10.5/FMS10/FMP8.5...
                theboyk
                  

                Yea, you could totally do that, but depending on the size of your organization, that could be a lot of groups, etc. So, doable, but not very practical. I think a better approach would be to create a group, even if it's for a single user. That way, in the future, if you have a second person that fits those same permissions requirements, you can just add them to that group in OS X Server and eliminate any user management on the FM side (kinda the whole point of this). 8P

                Thanks,

                Kristin.