6 Replies Latest reply on Apr 16, 2013 3:24 AM by taylorsharpe

    Remote Domain Login

    psuchad

      I have two identical servers running Windows Server 2008 R2 in a virtual environment and FileMaker Server 12 Advanced. One server is a live production machine, the other is a development machine. I have been developing a remote solution for the iPad on the development server and am now moving the setup to the production machine. I have run into an issue with user login with the production server.

       

      When users attempt to log into the production machine, they are forced to enter the domain\username and password. I have tested this using both an iPad and a desktop machine running FileMaker Pro. This was not the case on the development server. The dev server only required username and password with no reference to the domain.

       

      This is not only an annoyance for the user because they need to type more. On the iPad there are extra hoops to jump through to get to the "\" character on the onscreen keyboard. There are also issues with the database setup since we match Get (AccountName) to a username field in the database to pull up relevant employee data when they login. Get (AccountName) returns normally returns the username alone, whereas remotely it now returns "domain\username" since that is what was entered when they logged in.

       

      I have confirmed that the FM Server configurations are identical on both machines. Any ideas on where this behavior is coming from?

        • 1. Re: Remote Domain Login
          taylorsharpe

          Were you using Active Directory authentication on the development machine too?  Is it the same Active Directory that it is being authenticated to?  Are the iPads somehow bound to the development machines domain?  What if you use a new iPad that wasn't bound to the development machine?  Does the iPad get its DHCP IP from the server?  If so, which server?  Just throwing some ideas out there. 

          • 2. Re: Remote Domain Login
            psuchad

            We use active directory for all the desktop machines in the office, however the iPads are setup to be stand alone devices as they will be used away from the office in remote locations.  They will be using local database files synced with GoZync.  I have tested an install of FMPro Advanced on a machine at my house (obviously not on the domain) and it has the same behavior.  Connecting to the production server requires domain\username but connecting to the development server requires username alone.

            • 3. Re: Remote Domain Login
              taylorsharpe

              I'm guessing they are not in the same Workgroup, but obviously is a networking issue and hopefully someone will speak up about that soon.  But from what you say, the iPad accounts are hard coded FileMaker security accounts and not Active Directory accounts.  If that is the case, then there is no domain to authenticate through.  It is just FileMaker.  Is there some issue where the development server had a FileMaker Security account that was the same name as an Active Directory one and when you went to the Production Machine, the FileMaker Security account wasn't there, so authenitcation goes to Active Directory, which finds the same account name, but it must have the domain correct to authenticate?  Could that be what is happening?

              • 4. Re: Remote Domain Login
                wimdecorte

                What does the windows security log say about the login attempts that do not use the domain prefix?

                (As an aside; AD supports two username syntaxes: UNC which is domain\user and UPN which is user@domain - the latter one may be easier for the iPad users)

                 

                You didn't happen to create local windows accounts on the dev machine for early testing, did you?  Or even local groups where you added the domain users too?  Those would interfere with authentication.

                 

                Is the production box on the same domain as the dev box?  If so, is there more than one AD box in the domain / forest?  If so it could be that the production box is talking to a different AD box than the development one is.

                 

                Make sure that the clocks on all the devices are in sync and use the same time server.  Including the FMS box.

                • 5. Re: Remote Domain Login
                  psuchad

                  It appears that a good old reboot of the server fixed the problem.

                  • 6. Re: Remote Domain Login
                    taylorsharpe

                    Ahhhh... the good ole "reboot" solution <grin>.  Well, glad it is working and best of luck with it!