AnsweredAssumed Answered

Client Authentication against multiple OD Masters broken in FMSA 12?

Question asked by gsokolsky on Sep 4, 2012
Latest reply on Sep 5, 2012 by gsokolsky

We have two Open Directory Master (10.6.8) servers. One for students and teachers, one for administrative staff. The Filemaker Server is a standalone server that does not hold user accounts. I am using External server accounts to authenticate FM users.

 

With FMSA 11 running on 10.6.8 server I was able to add both OD Masters to the Filemaker server's Authentication path (using Directory Utility) which allowed users on both servers to authenticate and use Filemaker client - it worked like a dream!

 

Screen Shot 2012-09-04 at 9.13.06 AM.JPG

 

 

With FMSA 12 running on 10.7.4 or 10.8.1 server, only users hosted on the server that's first in the LDAPv3 authentication path list can authenticate successfully. For example, using the configuration above, users on the server ushome can open a filemaker database. If a user from castlehome tries to open a database they get "The account and password you entered cannot be used to access this file."

 

setup2.jpg

Using this configuration, users on the server castlehome can open filemaker databases. If a user from ushome tries to open a database they get the same error as above.

 

 

I have wiped, reinstalled server more times than I'd like to count - it's not an OS issue. Did they remove the ability to authenticate to more than one OD Master in 12 server or am I missing a checkbox somewhere?

 

Any ideas?

Outcomes