I am having this particular problem with a role based account when databases are authenticated externally.
My FM 15 server on Windows is like this
FM 15 server running on Windows 2008 R2
Windows is part of the domain
created all user groups on Windows server as local groups
added ad users to each group based on FM privilege sets (Authorization). Please note i do NOT add users to domain and it is Help Desk responsibility.
The above setup has been working well for person based accounts for a while.
Recently I've this role based account giving me grief and authentication fails every time. The same account is working fine for other network services (e.g. email, VPN). This rules out general authentication problems. The problem is ONLY when logging in to FM databases hosted on server.
I understand FM server may form a search query that possibly looks like this
&(objectClass="People";AccntName="ADAccount") and sent off to Directory Services. I am suspecting for role based accounts, the objectClass may not be people (its a Role) and due to this the authentication fails.
The question here is
1. Does FM server forms a query string that is sent to Domain Controller? If not how does it authenticate existing users of a domain.
2. If so, where is that created and how this can be modified.
As you may understand, my theory is based on FM Server forming a query string to send info to AD's Directory Service. I may be wrong too.
Appreciate your thoughts on this.