2 Replies Latest reply on Jul 18, 2013 10:01 AM by john__j

    FileMaker Server 11 - Database External Authentication (awareness)

    john__j

      I almost posted a thread earlier last week on this issue, but we were able to work the problem long enough to crank out our own answer.

       

      Essentially what we were trying to accomplish was upgrade our FMS 10 running in Tiger to FMS 11 running in SnowLeopard. Aside from the initial difficulties experienced with the File Maker Console as a result of the Java update 51, see FM forum post, we were seeing some strange DB authentication behavior. The way we authenticate (for the most part) to our databases is by using local fms (FileMakerServer) groups populated with Open Directory Users, pretty common I'm sure. But once all our databases were copied to the new (SL) server, and the proper local groups had been setup and populated with users, we were not able to connect to the database using an Open Directory user accound specified in the local FileMaker Server group. We tried everything, from creating new local groups (rather than exporting/importing from the Tiger server). Using the modifying the Goup IDs on the SL server to match those of the Tiger server. We uninstalled and re-installed FMS. I built up a whole new SL Server on different hardware. But no matter what, we'd see the same behavior. As it turns out, in FMS 11, the external authentication groups defined in the hosted database file have to match the short name of the local file maker server access group! In Tiger, this was not the case. In that environment you could setup the external authentication group in the DB file to reference the group name (the easy reading/non-shortname version). Maybe this is a commonly known limitation of FMS 11.

       

      See the attached png for the difference I'm talking about between Group Name and Goup Shortname. Again, USE THE GROUP SHORTNAME when referencing external authentication in the DB file.

        • 1. Re: FileMaker Server 11 - Database External Authentication (awareness)
          ch0c0halic

          Why not "Bind" the Computer to your OD domain server? Then you only have to maintain the groups in one place. The OS will do the authentication and you don't have to make any local groups and people assignments on the FMS computer.

           

          Generally it goes like this:

          Open the System Preference.

          Select User's and Groups

          Select Login Options

          - At bottom of right side of panel should be the "Network Account Server:"

          Select Edit

          - a New window will slide down

          Select Open Directory Utility

          - This app is what we need. If you can find this utility app another way you might get to it faster.

          Edit the "LDAPv3" service

          Click New

          Add your OD Domain server and authenticate with a Domain administrator account.

           

          Click OK on all the windows to get back out of the set up.

           

          Apple provides better instructions than I do so I suggest looking into their knowledge base.

          • 2. Re: FileMaker Server 11 - Database External Authentication (awareness)
            john__j

            I'm aware of Binding, but we choose not to as a company. There's no real need for it for us. The main purpose of posting this was to put the information out there for anyone else who might have, or will, run into the same problem. Just thought it odd that FMS 11 behaved differently than FMS 10 with regard to the external authentication groups within the DB file.