6 Replies Latest reply on Dec 16, 2016 7:01 AM by tornado

    Filemaker 15 WebDirect external authentication

    tornado

      Currently have an inventory database hosted on a Filemaker 14 server which can be accessed using either Filemaker Pro 14 or WebDirect. Users authentication is done via external authentication to an ldap server. All works perfectly.

       

      On a new server, I've installed Filemaker server 15, taken a copy of the inventory database and hosted it. External authentication works when accessed via Filemaker Pro 15, but doesn't authenticate when accessed via WebDirect !

       

      Any suggestions ?

        • 1. Re: Filemaker 15 WebDirect external authentication
          TSPigeon

          tornado:

           

          Thank you for your post!

           

          This issue may be that the Account does not have the WebDirect Extended Privilege (fmwebdirect) in the Externally Authenticated File. You might see FileMaker Pro 15 Help.

           

          I hope this helps!

           

          TSPigeon

          FileMaker, Inc.

          • 2. Re: Filemaker 15 WebDirect external authentication
            tornado

            Hi TSPigeon,

             

            Thanks for your reply.

             

            The Extended Privilege (fmwebdirect) are ticked on both accounts which use LDAP.

             

            I've literally copied the inventory database from the backup folder on the server running Filemaker Server 14 and copied it to the server running Filemaker Server 15. So all the settings for that database are the same, nothing's changed.

             

             

            I've compared all the settings within Filemaker Server 14 and Filemaker Server 15 and they are all the same.

             

            I have an account which just uses Filemaker for authentication and that works if I access the database via Filemaker Pro or Web Direct. The other accounts which use LDAP for authentication work if I access via Filemaker Pro, but not via Web Direct.

             

             

            Done the traditional, turn it off and back on again and no difference

             

             

            Any other suggestions welcomed

            • 3. Re: Filemaker 15 WebDirect external authentication
              wimdecorte

              How does 'not work' manifest itself?  The user types in their credentials and they can not get in?  Is there a corresponding error message in the FMS event log (error # 661 I believe)?

               

              This is a bit confusing: "Users authentication is done via external authentication to an ldap server"

               

              EA only works against 3 authentication providers:

              - the local FMS OS

              - Active Directory

              - Open Directory

               

              Any other LDAP server will not work and the LDAP settings on FMS do not play a role in authentication.  The only setting in FMS that plays a role is the "FileMaker and External Accounts" setting on the Security tab.

              Which of the 3 are you using?

               

              When using AD and OD for authentication the FMS machine needs to be bound to the domain obviously.

              • 4. Re: Filemaker 15 WebDirect external authentication
                tornado

                Hi wimdecorte,

                 

                Apologies, meant Active Directory, not LDAP.

                 

                So when the user types in their credentials, they get the login window, with an error message of 'The account name and password you entered does not match those of any Filemaker account' and on Filemaker Server in the log viewer you get a 661 warning.

                 

                When you say "When using AD and OD for authentication the FMS machine needs to be bound to the domain obviously", given that the external authentication works when accessing the database via Filemaker Pro, would that not suggest the FMS machine is bound to the domain ?

                • 5. Re: Filemaker 15 WebDirect external authentication
                  wimdecorte

                  tornado wrote:

                   

                  When you say "When using AD and OD for authentication the FMS machine needs to be bound to the domain obviously", given that the external authentication works when accessing the database via Filemaker Pro, would that not suggest the FMS machine is bound to the domain ?

                   

                  Yes it would suggest that.  Provided that EA actually works and that it is not masked by anything like the credentials stored in the keychain/credential manager or the user using an internal FM account.

                   

                  In the FMS 661 error message, FMS reports what account name was used, does it match what you expect to see?

                  In the Windows security event log, do you see failures that match the auth attempt?  What do those say?

                  In Pro, when the user is logged in, does Get(AccountName) match what you expect?

                  In WebDirect, what happens if you explicitly state the domain in addition to the account name.  Either in the UNC format (DOMAIN\user) or the UPN format (user@domain)?

                  • 6. Re: Filemaker 15 WebDirect external authentication
                    tornado

                    The FMS error messages matched the account name I was trying to log in with and there is no internal FM account for that user. The error messages in the Windows security event log also match whats in the FMS error log. The descriptions are the same.

                     

                    In FMP, when logged in using AD authentication the correct user name is returned using Get(AccountName)

                     

                    I managed to access via WebDirect by doing as you suggested and adding in the domain using the UNC format.

                     

                    Thanks for your help wimdecorte