AnsweredAssumed Answered

Authentication Order Mac v. PC

Question asked by CDPub on Apr 24, 2012
Latest reply on Apr 25, 2012 by CDPub

I've spent the past few hours scouring Google and the forums, and several hours before that testing various set-ups, all to no avail. I have a new user starting tomorrow(!) and am hoping to be at least a little closer to a solution by the time she starts trying to log in.


Since our implementation of external user authorization, we've set up local FM accounts for individual users who need more access than other members of their Active Directory accounts. I didn't realize until last week that they've all been Mac users. When our first "special" PC user started last week, we started running into trouble.


What appears to be happening is that accounts authenticate differently on a Mac vs. a PC. On the Mac, as expected, the accounts authenticate in the order listed in the "Manage Security" box. On the PC, however, the FileMaker account only authenticates first when its privileges are more restricted than the AD account. If the local account has Full Access and the AD account has read-only, the AD account will be the one used to sign in.


Example: account NEmp is set up to authenticate through the file with access to create and edit. NEmp is a member of the AD group called "employees" that has read-only access. On the Mac, NEmp authenticates through her local account and can create and edit. On the PC, NEmp can only read. However, if NEmp uses a one-step script to relogin (relogin, no options), she gets her edit access. As though FileMaker authenticates differently (on the PC) when actually opening a file vs. only "relogging in."

This has been consistent as I mix and match privileges. I have set the privileges and signed in on the PC and then the Mac and had different access on the two computers.


In my searching, I haven't been able to find any documentation confirming this finding, or hints as to what I might be doing wrong. Can anyone confirm what I'm seeing? Can anyone tell me what I'm doing wrong? Suggest a solid work-around other than having her relogin every single time, while not affecting the processes of standard PC users or all Mac users?


Thanks in advance!