The FCServer can be bound in a multi domain environment but to a particular server. I did this at several TV stations. You need to bind to a particular AD server. You need to use Fully Qualified Domain Names for everything (reverse DNS) FQDN. The TV stations use PC in the newsroom and FCServer AD authentication.
When you bind to AD your local and OD users can not authenticate to FCServer, only users and groups in AD. Make sure your users are using their AD user names and passwords. Make sure that your AD user's groups have permissions set in FCServer.
Then it works.
As review you need to do this on your FCServer server:
Macintosh clients authenticating via Active Directory need to be running Mac OS X v10.5.8 or later.
Products Affected
Final Cut Server 1.5, Windows Active Directory
To modify the Final Cut Server settings preference file to allow access to Windows Active Directory users and groups:
- Log in as the root user.
- In the Terminal application, run the following command:
defaults write /Library/Preferences/com.apple.FinalCutServer.settings "AUTH_TYPE" -int 1
- Stop and Start Final Cut Server services in Final Cut Server System Preferences.
To add the Final Cut Server system to the Kerberos realm on Mac OS X Leopard, Mac OS X Leopard Server, and Mac OS X Snow Leopard systems:
- Log in as the root user.
- In Terminal, run the following command (entered as a single line in Terminal):
cd /Library/Application\ Support/Final\ Cut\ Server/Final\ Cut\ Server.bundle/Contents/Resources/sbin
- After the command in step 2 is complete, run the following command (entered as a single line in Terminal):
./adprincadd.pl -dc <fully qualified hostname of AD server> fcsvr/<fully qualified hostname of FCSVR machine>
Example: For a setup where the Domain is example.com, the Active Directory hostname is ad.example.com, and the Final Cut Server hostname is finalcutserver.example.com, the syntax would be:
./adprincadd.pl -dc ad.example.com fcsvr/finalcutserver.example.com
Did you run the adprincadd.pl on the FCServer server? Did you set the AUTH_TYPE to 1?