3 Replies Latest reply on Jul 2, 2014 9:34 AM by Mike_Mitchell

    AD vs. local account - (seemingly) strange behavior

    Mike_Mitchell

      Good day. I'm seeing what I consider to be odd behavior with a database, and I'm hoping someone can explain it to me.

       

      FileMaker Server 11, using a mix of Active Directory and internal accounts. It's a legacy system and, for reasons that are both complex and annoying, we have users that have both membership in an AD group and a local account. This means that if a user needs to log into the local account, he would need to override the AD login by holding down the "Shift" key (Windows) to force the login dialog to appear.

       

      However, what I'm seeing is that users who have both an AD membership and a local account don't authenticate correctly. They authenticate with the privilege set that's attached to the AD account, regardless of whether they log in with the AD account or their local account. If I disable the AD account and they log in with their local account, the correct priv set is attached. But if the AD account is enabled, regardless of the fact that they're coming in using the local account, they're still showing up with the priv set that's attached to the AD account.

       

      As a possible side note, the same account name is being used for both. Might that be confusing things?

       

      What am I missing here?

       

      TIA

       

      Mike