Final Cut Server, Windows 2008 Active Directory, and Windows 7 clients
Thursday, February 10 2011 @ 09:54 PM EST
Contributed by: aaulich
If you implement your Final Cut Server 1.5.2 system into a Windows 2008 Server based Active Directory environment with Mac OS X 10.6 and Windows 7 clients, there are a couple of settings to consider both on the FCSvr system and the AD servers.
First of all, Windows 7 clients are not officially supported by Apple's Final Cut Server. Yet, I have installed enough Windows 7 machines talking to FCSvr to say that this works smoothly.
And this is how you do it:
- Make sure that your FCSvr machine has a unique DNS name on the AD servers. Both DNS lookup and reverse lookup should work reliably.
- Bind the FCSvr machine to your AD using Directory Utility if it's a 10.6 client. If it's a 10.6 server, use Server Admin and then Directory Utility.
- Do the same thing with all your Mac clients.
- Now bind your Windows 7 machines to the 2008 AD.
- And now the tricky part: For every user who needs to access Final Cut Server, activate Kerberos DES encrpytion in the AD: (Sorry, just got this screenshot in german, but I am optimistic, that you can easily find the correct setting on an english system, too.)
- Now make FCSvr talk to the AD following this instruction.
- You will also need to map AD groups to FCSvr internal groups called permission sets using System Preferences on the FCSvr machine.
- Install the appropriate Java version on your Windows machines, then the latest QuickTime version. Then download the FCSvr client.
- To try out if your configuration works fine, log into the FCSvr client from both Macs and Windows machines. These machines need to be bound to the same AD like the FCSvr server. While logging in from Macs should work fine using usernames in the form of "fcsvradmin", on the PCs you need to use user names in the form of "fcsvradmin@MY_AD_DOMAIN.COM", where the domain part of the login name has to be uppercase, so better you choose the long version for both Macs and PCs to make it consistent. Make sure to use the FCSvr server's FQHN as the target for the FCSvr client app, too. The whole thing looks something like this:
I have seen situations where the Kerberos files on the FCSvr machines were messed up after extensive testing. If you need help fixing problems with FCSvr in AD environments, please feel free to get in touch with me.
I'd also appreciate to get your feedback if this article has helped you with your setup!