external server authentication not working

[mac_novice]

Hi All,
I would sincerely appreciate anyone shedding some light on my problem. We are converting some databases from FM6 to FM7. So, we decided to go for external server authentication.
I refered to thetech briefs concerning this and havetried for nearly a week with no luck.
We have set the groups in the work group manager and introduced changes in filemaker file and also set the settings in the FileMaker Server7 advanced.
Here is the problem-
In the Directory Service tab of FM Server 7, I entered
ip address of domain controller for Directory Service Name
389 -LDAP Port
Distinguished name – I tried various combinations
1. ou=FileMaker,dc=abc,dc=de f,dc=geh,dc=edu (because the name of domain controller is abc.def.geh.edu)
2. ou=admin, dc=abc,dc=def,dc=geh,dc=e du
3. ou=Administrator,dc=abc,d c=def,dc=geh,dc=edu
4. cn=tried FileMaker and then admin and then Administrator
I am using Open Directory Services.
For the Login Settings, I tried
1. Login using Account – Administrator and then admin
2. Login as current user.

With all these permutations and combinations, I get two types of error messages
1. Registration with directory service failed. (Invalid DN syntax)
2. Registration with directory service failed. (Strong(er) authentication required)

And then I tried without the directory service. Then there are no messages logged in the event logs. However, when I login from the client machine to filemaker served database, with a username that is set to be authenticated externally,I get the message – You donot have the privileges to perform this action.

Any suggestions from anyone will bevery helpful. Also, I understand that ou=organizational unit and is used when weuse active directory. do we use cn or ou in case of open directory and how do i determine whatthe distinguished name is.

Thanks

[firehaus]

I realize you may have resolved this issue but I want to post my solution as it may help others and/or generate further ideas.

You DO NOT need to set up the “Directory Service” part found in the FM Pro server admin as this is not what links it to Directory Access. First make sure your firewall, if active on your FM Pro server, has the necessary ports open. Launch the Directory Access application from the Applications -> Utilities folder or from Server Admin. Once this is configured then accounts can be authenticated.

Following are the directions from Apple for setting up Directory Access should resolve the issue.

Some of the relevant docs:

[url]http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c5od9.html[/url]

[url]http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c7od24.html[/url]

In my experience always enter the LDAP/OD server using its IP address. Do not use its FQDN. Leave the server settings as-is and do not try and figure them out yourself (if you are authenticating against a Mac OS X Server).

Also in some instances the various db files that store your connection info don’t refresh as the changes are saved. More than once an Apple Systems Engineer has told me to restart my FM Pro server to initialize the changes. In one extreme case then told me to delete ALL the directory access info so nothing was entered, restart, then put in the correct settings, and then restart again to get everything working (which it did).

I hope this helps. Both Apple and Filemaker make this set up sound really easy and it is as long as you know your network inside and out, it doesn’t work so well if you didn’t set up the LDAP/OD yourself or the network authentication settings aren’t properly documented.

Good luck.

[Author]

Posts