Active Directory logins from Windows to Final Cut Server

Similar Messages

• Re: Active Directory Login to Windows 2000 Server

  Continuing http://discussions.apple.com/thread.jspa?threadID=1277356&tstart=0
  So we were able to bind the Mac to the Active Directory Domain once the PC admins created an ID for the computer in their "forest". However the user doesn't have access to all the directories that she does from her PC.
  The AD admin keeps saying the we need to "Map to the share" - Yes, he's from the past!
  So the user on the PC side belongs to a groups called "torcomreg" that seems to give her access from the PC. She can access every other area except for the "Departments" share. (we can see Departments and open it - but we see nothing inside).
  Does anyone know how to use "Mappings" and what does "Map UID to attribute:" mean? Are we supposed to enter a UID for this user, or the ID of the shared attribute? How do we get this person access to the directory or the group membership - I'm convinced that this needs to be done on the AD server - but I don't know the verbiage that the admin needs from us.
  Thanks in advance - taking over the enterprise on Mac at a time - literally in this case.

  You can write an applescript to mount the appropriate shares, then compile the script as an executable.
  Make executable script a login item for the user.
  It's been a long time since I wrote the script, so I can't recall the exact syntax, but it goes to the effect of
  tell application "finder"
  begin tell
  mount "smb://server/share"
  end tell
  repeat for each share.

• Re-installing Qmaster and Compressor on Final Cut Server

  I need to re-install Compressor and Qmaster on an xServe which is our Final Cut Server. I'm reading that re-installing from AppleQmasterNode.mpkg will not work, I have to do it from the Install Final Cut Server icon.
  I'm wondering what effect, if any, re-installing Final Cut Server on our xServe will have on our client computers that run the Final Cut Server client application.
  Thanks so much.
  Matt Taylor

  If you only remove Compressor & Qmaster by following http://support.apple.com/kb/TS1888, then running the Final Cut Server installation will only reinstall those items you removed.  If you're on FCSVR 1.5.2, You will also need to run software update afterwards to update Compressor to 3.5.3.
  ~D

• Integrating Final Cut Server 1.5 with Active Directory

  Following the directions in the Final Cut Server Setup Guide and I am running into errors. Fun with Final Cut Server. Fun with Kerberos.
  Final Cut Server v.1.5 is running on an Intel Xserve running 10.5.6 Server, joined to AD. Active Directory is running on a Windows Server 2008 setup.
  I dropped the ini files on the domain controllers, as directed by Apple KB (http://support.apple.com/kb/HT3688) and I ran the commands directed in the setup guide.
  The adprincadd command should be run literally, of course, but there's a mistake straight-away when it should read "./adprincadd.pl", the ".pl" is missing. Also it says "fcsvr/fqdn of fcsvr", so naturally I replaced the fqdn, but the "fcsvr" prefixed threw me off. It gave me errors until I opened Kerberos.app and notcied that the kerb ticket was in ldap/, then the command worked for me. At least no errors, until I checked the ticket and it said I had no permissions and that the keytab entry was invalid. Wheeee.
  1. First I tried:
  (some info redacted)
  node09:sbin root# ./adprincadd.pl -dc dc01.example.com. fcs.example.com.
  Getting kerberos principal for computer account
  Kerberos principal is ---
  Getting computer id...---
  Getting AD Domain...---
  Base DN is dc=example,dc=com
  getting kerb ticket using [email protected] got ticket
  SASL-bind to dc01.example.com. successful
  Computer record is at CN=---,CN=Computers,DC=example,DC=com
  Checking to see if ---.--.---. exists...000020B5: AtrErr: DSID-031529F7, #1:
  0: 000020B5: DSID-031529F7, problem 1005 (CONSTRAINTATTTYPE), data 0, Att 90303 (servicePrincipalName)
  at ./adprincadd.pl line 165
  2. Then I noticed the /ldap in Kerberos.app and changed the adprinadd command:
  Everything ran well, with no errors...
  Finding kvno...2
  Reading /etc/krb5.keytab...done.
  Creating new keytab file...done.
  Writing out temporary keytab...done.
  Making backup of old keytab and moving new keytab into place...done.
  Operation Completed. You can verify with "kinit <ad user>; kvno -k /etc/krb5.keytab ldap/---.example.com"
  3. Verifying with kinit gave me the keytab errors:
  kinit matx; kvno -k /etc/krb5.keytab ldap/fcs.example.com
  Please enter the password for [email protected]:
  ldap/[email protected]: kvno = 2, keytab entry invalid
  kvno: Permission denied while decrypting ticket for 'ldap/[email protected]'
  Thoughts?

  Hello, I'm having issues with the client login after AD integration. I followed the steps from http://support.apple.com/kb/HT3818 and the Terminal output reported a success.
  I'm able to add AD groups in Final Cut Server Group Permissions. However, when I try logging in on the FCServer client using credentials associated with AD group I've added, I'm getting an error message from the client stating:
  "Please re-enter the username and password or contact the server administrator. Please note that the username and password are case-sensitive."
  The FQDN is correct in the Server field of the client.
  I'm able to log into the client using locally created user accounts that I've created on the server so I know the client is communicating correctly.
  The only thing I can find in the Console for the client machine is this:
  11/25/09 10:50:12 AM /Users/*/Desktop/Final Cut Server.app/Contents/MacOS/Final Cut Server[1773] Warning: accessing obsolete X509Anchors.
  In the server Console, this is a suspect message: /Library/Application Support/Final Cut Server/Final Cut Server.bundle/Contents/MacOS/fcsvr_stored[77891] pps proxy error: dsDoDirNodeAuth = -14091
  Not finding much info out there regarding this. Any guidance is appreciated.

• Final Cut Server & Active Directory authentication

  Hi all,
  This is an older question that was not be answered in the past.
  I have a Xserve with Mac OS X server 10.5.6, running Final Cut Server 1.1.1 and a Windows 2003 AD server with hundreds of users.
  The issue is FCS is not authenticating against AD even though clients can do it, being binded with Directory Utility without trouble.
  Could somebody tell me if is this a known issue?
  Did somedody make it work?
  Thanks

  Same problem here. We couldn't make it work, that is login to FCS using AD users.
  Don't remember where but I was reading about it in a forum, somebody said that they talk to someone in Apple and they told him this is a problem and that they were going to fix it in the next FCS update/release.
  Hope they do
  PS: De donde sos nono??

• Can't login to Final Cut Server with AD group...

  I just setup the Final Cut server and I also linked it to Active Directory so we could use the groups on it. I opened up the preferences and added a group to that from AD and then set them with admin. However, when I login with a user who is a member of that group it won't let me in. The only user I can get on with is the local admin. Does anyone know how I can use the members of the AD group so if their password changes or the group membership changes I don't always have to go and update it?

  now when I run:
  ./adprincadd.pl -dc <fully qualified hostname of AD server> fcsvr/<fully qualified hostname of FCSVR machine>
  I get:
  No Kerberos TGT!
  You must have kerberos ticket that allows writing to the computer record in AD. Use kinit to get a ticket
  but kinit give me: Cannot find KDC for requested realm
  How can I correct this so I can get the kerberos ticket and resolve this?

• Final Cut Server 1.5: G5 clients won't launch from icon

  So I upgraded my client from FCServer 1.1.1 to 1.5. They have a mix of G5 and Mac Pro stations. The 4 Mac Pros are all working fine after some fiddling and Java cache deleting. The G5s, however, won't run the client launched from the saved icon.
  Scenario:
  Access the client download from (IP address)/finalcutserver in a web browser - this works.
  The applet downloads and saves - this works.
  SOMETIMES it asks where to save the app - sometimes works.
  The client app runs, logs in, all working fine - great.
  BUT...if you quit and try to relaunch from that icon, it doesn't work. Purged Java caches, emptied the cache in the client, etc. - nothing. Updated from 10.5.7 to 10.5.8, same problem.
  The Intel boxes all work, none of the G5s do - seems entirely platform specific.
  -mike

  Heh... I solved this... in a manner of speaking. I really appreciate the input from Nicholas, Andy, RadUS, and everyone else, but nothing worked.
  Weird. May be actually a Java problem, not a FCSvr problem, maybe something in the Java implementation of 10.5.7 and later. But who knows? No word on this from Apple. There's a surprise.
  Here's the solution I ended up with. It's a cop-out I know, but it works!
  My solution was to put the Final Cut Server.jnlp file on my desktop and just launch it from there. You can even make it look like the desktop app if you want. Here's how:
  First you have to get the Final Cut Server.jnlp file on your desktop. It's not easy to find, because it's located in some weird temp directory somewhere buried in the recesses of the OS. If you don't know where it is, look through your browser's download history and find it. You can always redownload it by going to your server (yourserver.com/finalcutserver) and redownloading it. When you find it, move it to your desktop. Then do a Get Info on both the desktop app and jnlp file. Click on the icon for the app (the tray with the balls) and press Command C to copy the icon. Then click on the jnlp icon (the document with the cup of java) and press Command V to paste the FCSvr desktop app icon to the jnlp. Then check "hide extension" in the jnlp's get info window. Voila. You now have a "fake" desktop app. Yes, it's fake. Get over it! You won't be able to tell a difference. This is the only solution I came up with and I reinstalled Leopard twice.
  Hope this helps others too!
  Jason
  Message was edited by: nylonoxygen77
  Message was edited by: nylonoxygen77

• Final Cut Server Info Window - Which Group Controls the information?

  I have been searching the forums and have found similar postings but none that solve what i am seeing and wondering if it is my database (been configuring quite a bit and may have messed something up) or just an oversight of the wrong metadata group. I did notice that it happened when shortly after i needed to recover from a backed up version of the database.
  Here is my issue. When you look at the main assets pane of final cut server you see all of the thumbnails which is great. Double clicking an asset bring up what i refer to as the info window for that asset. in configuration i have inadvertently removed the thumbnail representation of the asset and all of the data underneath from there, except for one custom metadata field. the productions still have the thumbnail, but have also lost a significant amount of data under the thumbnail.
  I would like to put some of the info back but do not know which group to modify. I have looked inside the metadata groups from this post to see if it would help but no luck:
  <http://discussions.apple.com/thread.jspa?messageID=9136299&#9136299>
  thought it was the AssetTilesView that affected that window's info on that pane. I looked inside that group but many fields in are listed in that configuration list when brought up. like i mentioned above, only one is listed when viewed outside the configuration window what the client app would see.
  The only group that i have been modifying as per my knowledge was the asset_search group to add custom fields i made to the search criteria.
  hope this is clear. i am tired and a little exhausted from racking my brain. thanks in advance.

  i figured it out. it was an error between the chair and the keybord..
  for those that stumble on this...
  aside from the order the groups show up in the list Asset, P2.. ect.
  the display priority affects the layout of the variables on the info page. so if the window layout looks odd (no thumbnail, or missing metadata) check the display priority.

• Removing an 1 way trust Active Directory Domain from SearchActiveDirectoryDomains

  One of our AD domains is being retired.  After configuration for both, we need to change to only point to one domain.  Is running the following advisable to fix?
  stsadm
  -o setapppassword
  -password ******
  stsadm
  -o setproperty
  -pn peoplepicker-searchadforests
  -pv "domain:***.**.*****.**.***,TDC\***********,**********"
  -url http://url
  iisreset
  /noforce
  Thank you,
  Mark

  Hi,
  According to your post, my understanding is that you wanted to remove an one way trust Active Directory Domain from SearchActiveDirectoryDomains.
  People Picker will only query the forests or domains that you specify in the
  peoplepicker-searchadforests property setting.
  To specify the forests or domains to be queried together with the credentials, type the following command:
  stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv
  <Valid list of forests or domains, Login name, Password> -url
  <Web application URL>
  More information:
  Configure People Picker in SharePoint 2013
  All you want to know about People Picker in SharePoint ( Functionality | Configuration
  | Troubleshooting )
  Thanks,
  Jason
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jason Guo
  TechNet Community Support

• Query Microsoft Active Directory info from PL/SQL

  Hi,
  We are developping an APEX application that would need to query information about the enterprise computers defined on the Active directory. Anyone knows it would be possible acces to this info from PL/SQL?
  I ahve read that exists a package that enables manipulate COM objectes (http://download-east.oracle.com/docs/cd/B10501_01/win.920/a95499/ch3core.htm#1006978)
  and I know that they exists COM interfases to Active Diretory (they are named Active Directory Service Interfaces (ADSI) ) but I have no idea if its possible to succesfully merge these 2 concepts.
  Has anyone tried to query Active directory info from PL/SQL using COM components or any other method?
  Thanks by advance

  Why not use DBMS_LDAP? That is what APEX's (built-in) LDAP authentication module uses. And it works just fine (doing a bind call) against a MS Active Directory Server.
  As for mucking about with COM from Oracle.. me no like. That ties your Oracle and PL/SQL to a specific operating system and you loose of the biggest advantages of Oracle - portability. Worse, you are at the mercy of the o/s vendor sticking to whatever standards used. In the case of Microsoft, that means mostly proprietary "standards" and very likely changes in those "standards" with every new version of the o/s - which will break your software. (personal experience talking)
  Rather let Oracle deal with the o/s complexities and restrict your code to using Oracle features only, as far as possible.

• Creating a Simple Excel Report from Final Cut Server

  1. Modify the following Metadata Group (ASSETLISTVIEW) to contain the field you want to output in your report
  2. Create Ruby file. In this example I named mine searchallassets.rb
  Be sure to make the file executable, using the following command at the terminal sudo chmod 755 [file]
  Copy and Paste this block of code into the searchallassets.rb
  --Code Starts Here
  #!/usr/bin/env ruby
  # Created by Nicholas Stokes
  # Copyright (c) 2009 XPlatform Consulting LLC
  # All rights reserved
  time_file = Time.now.strftime "%Y%m%d%I:%M%P"
  FCSVRCLIENTCMD = "/Library/Application\\ Support/Final\\ Cut\\ Server/Final\\ Cut\\ Server.bundle/Contents/MacOS/fcsvr_client"
  # What this will do:
  # This will create a .csv file that contains all asset records from Final Cut Server database
  # If you wish to modify the report further below is the command line syntax for searching the Final Cut Server database
  # fcsvr_client search [ --verbose --noheader --mdonly --tabdelim --xml --limit <n> --depth <n> --xmlcrit --crit <str> --ctxaddr <addr> --dirs --linkparentaddr <address> --linkparentrecursive ] <address>
  # Note, I am using the --tabdelim option to output the file as a tab delimited file. This will allow for easy importing into Excel or another database management system.
  searchfor_allassets = "#{FCSVRCLIENTCMD} search --tabdelim /asset >"
  output_file = "/Users/nicholasstokes/Desktop/DickClarkFCSvr_AllAssetsReport_#{timefile}.csv"
  runsearch_for_all_export_ascsv = `#{searchfor_allassets} #{output_file}`
  --Code Ends Here
  Finally. Edit the searchallassets.rb to include the path that you wish to save the output file.
  In FCSvr, setup a Script Response to call this.
  Then either trigger the Script Response via a Subscription or Schedule.
  Hope this helps.
  Nicholas Stokes
  XPlatform Consulting

  http://www.roxio.com/enu/products/toast/default.html?gclid=CIyG7Zqclp4CFdpb2godL HXnkw

• Retrieving Active Directory infomation from SQL Server

  Dear All
  We have a requirement to load active directory users and user groups into a SQL Server database. Looking at the information available it seems you need to create a Linked Server of type 'Active Directory Service Interfaces'. Creating a linked server will
  be a problem for out customers so I was wondering if there was another way of doing it. I will accept all ideas no matter how odd :D
  Thanks
  Peter

  Please refer the below link for incremental loading of data from AD:
  http://beyondrelational.com/modules/2/blogs/557/posts/15401/incremental-dl-porting-in-sql-server-querying-ldap-to-get-the-users-belongs-to-a-dl-group-in-sql-ser.aspx

• Importing Metadata to Final Cut Server from Excel

  I'm getting ready to implement Final Cut Sever on an extremely asset-heavy media project, and I'm in need of a way to batch-import custom metadata from an excel spreadsheet.
  Does anyone know if Final Cut Server has way to do this out of the box?
  Specifically, if I have a an excel doc where column A = file name (of all media files) and columns b-??? = custom metadata, how can bring that information into FCS so that I can search my assets by the custom metadata?
  DL

  Yes it can be done but with the help of scripts.
  If I have to do it today I would try to save those excel into a comma separated plain text files. Then I would build an script to read those columns of data from the text file (easy with awk command) and then write those fields to the FCS metadata. The tricky part is to link the file to the right asset inside final (you need to get the asset ID from the asset to be able to "setmd") The best way for me to do this (without accesing the database itself) is to have the name of the file (the plain text file) to be the same as the filename of the asset. This way you can then perform a "Write XML" from Final and you get an filename.xml where the Asset ID is located. After this is easy to build a custom XML file to fill with the excel metadata and perform a "setmd" to write back to FCS.
  Hope this help

• How do you import music from itunes to Final Cut Express 4?

  I tried dragging and dropping the file from itunes to Final Cut Express, but that doesn't work, so I tried to import a file using the "import file" and that didn't work either. Then I found the original file using finder, and dragged it into Final Cut Express, which did put the file there, and I can hear the audio in the sample player, but when I try to play it in the sequence, this weird beeping happens. Any help?

  jpaulholl wrote:
  Then I found the original file using finder, and dragged it into Final Cut Express, which did put the file there, and I can hear the audio in the sample player, but when I try to play it in the sequence, this weird beeping happens.
  The beeping is relating to audio you have placed into your sequence that doesn't match your sequence settings, therefore needing to be rendered.
  Here is an article for iTunes to FCE http://docs.info.apple.com/article.html?artnum=93165 and here http://docs.info.apple.com/article.html?artnum=93463 that should aid with addressing your current audio woes.
  Enjoy.

• QT Error -8961 generated when exporting from Final Cut Server

  Not sure about this one.  We have a user that is trying to export a clip through quick time via Final Cut Server, but they are getting error -8961.
  Has any one heard of this error before?

  Yes, go into the Admin window in the Java client (as opposed to the System Preferences pane) and go to Transcode Settings. FInd the setting you wish to be able to export with, double click to open it, and add the "Export" device to its list of destination devices. Save and close. You may need to log out and back into FCSvr to see the changes reflected in your Export window.