Re: external server authentication and licensing

On May 15, 4:41 pm, Chris Brown <cbr...@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

ESA from the FM documentation is the recommended method as I interpreted
it. It is a booking system so security is an issue.

External Authentication is the "recommended" solution because it
integrates with an organizations existing centrally managed systems
(e.g. Apple Open Directory or Windows ActiveDirectory).

It's not inherently more secure. Its not inherently better.

Its just really convenient if you already have all these accounts and
groups set up -- and then you can have filemaker's security integrate
with it and manage it all centrally. This beats having to recreate and
manage them again separately in filemaker.

But if an organization doesn't manage these external accounts in
active directory, and the ONLY purpose for creating these accounts is
to manage access to filemaker, there is really no point to it at all.

It anything its just a whole lot of extra needless clutter in what
was, until now, a simple SBS setup; with the added bonus, that if you
have any trouble with active directory, your website goes down too.

As stated, my understanding is that ESA is the recommended method.

Recommended for organizations that can derive some sort of benefit
from having all the accounts in active directory... usually because
all those accounts already are in active directory.

Implementing active directory for 1000 external accounts, upgrading
SBS to Standard server, and purchasing the External Connector license,
all for the sole purpose of managing access to filemaker is, no
offense, absurd.

If SMB itself is the issue, and vanilla windows server
(2003/2008) as the domain controller allows unlimited users, then this
would be the comfortable option.

Nobody sets up a 1000+ Active Directory accounts for external
customers simply to manage access to a database driven website.

-regards,
Dave
.

Relevant Pages

  • Re: hide organizational unit from view in active directory
    ... The security of a security principal isn't supposed to be in its identifier, it comes from the authenticator (password/certificate/biometric/etc). ... As for hiding the admin accounts, I have yet to have seen a good valid ... Author of O'Reilly Active Directory Third Editionwww.joeware.net ...
    (microsoft.public.windows.server.active_directory)
  • RE: [fw-wiz] Architecture Q - Public access domain integrated pc s
    ... security within Active Directory, utilizing Group Policy objects. ... the Group Policy editor, there are configurations for user accounts policy, ... there are some good starting points for GPO security at the ...
    (Firewall-Wizards)
  • How to monitor "domain controllers" without domain admin rights
    ... I manage a fairly large active directory ... environment and I'm trying to lock things down to prevent security breaches, ... I stripped the security of the service accounts we ... My problem is now specifically with DCs. ...
    (microsoft.public.security)
  • Re: KDC error suggestions?
    ... I have followed the steps in the Microsoft Article that you referred to. ... we need to locate the machine accounts that have the ... > 250455 How to Change Display Names of Active Directory Users ... I have the Windows Support Tools installed that some have ...
    (microsoft.public.windows.server.sbs)
  • Re: Active Directory Value Proposition
    ... > backup purposes - which leads to centralized backups (including open file ... > 1) Central administration of accounts, permissions, and policy. ... > What are the risks? ... >> Would you recommend using Active Directory in a small-business setting? ...
    (microsoft.public.win2000.active_directory)