How to setup PcP2 with Active Directory

Thursday, April 29 2010 @ 12:18 AM CEST

If you've ever tried to setup Podcast Producer or Podcast Producer 2 and found yourself dropping f bombs left and right, you're not alone. Although PcP2's documentation clearly states that it works with Active Directory, there is no clear way on how to get the two working together. We have this working at Northwestern University's School of Education and Social Policy. http://www.sesp.northwestern.edu/

Step 1.

Make sure you have the DNS entry that you desire setup and ready to go prior to the install. Also, forward and reverse records must be working perfectly. Please confirm the DNS record is correct by running sudo changeip -checkhostname You should see something similar to the following:

podcast (192.168.1.2)

Primary address = 192.168.1.2

Current HostName = podcast.myorganization.org
DNS HostName = podcast.myorganization.org

The names match. There is nothing to change.
dirserv:success = "success"

Step 2.
Insert the Snow Leopard Server disk and reboot off the DVD. Format the drive. Install Snow Leopard Server.

Step 3.
Upon reboot, click through the defaults, setup your IP and use your active directory domain as your search base, i.e myorganization.org. Be careful NOT to setup either a bind to AD or to setup OD as a master server. Click custom setup and uncheck binding to AD or setting up an OD master server. Instead, just select "Manually Setup Users and Groups". Finally, run Software Update and apply all available patches.

Step 4.
When the install is complete, and the updates have been applied, bind to AD. Next, in the Terminal run sudo dsconfigad -enablesso to enable sign-sign on. Next, run the command serveradmin settings teams:enableClearTextAuth = yes ) This allows clear text authentication to AD. This must be done because of a limitation in the authentication of PcP2 to AD. (It's a good idea to login to the server with your an Active Directory account, open the Terminal and run klist -ek to verify your Kerberos credentials.

Step 5.

Open Server Admin from the Server Tools folder inside of Applications.
Connect to your remote host.
Enable Mail, NFS, OD, PCP, QT Streaming, Web and XGrid

Step 6.

Setup Open Directory.

- Next to role: Connected to another directory, click Change.
- Remain connected to AD and setup OD master
- Set your LDAP admin name to be the same as your local Admin account. This isn't required, however, I've found it easier to keep the two the same. Click through the defaults until you finish.
- LDAP search base is the AD record of the machine i.e. - dc=podcast,dc=myorganization, dc=edu
- Click on Info and make sure that Kerberos is not running. This shouldn't be running because we are using AD's Kerberos realm.

Step 7.

Next we will setup NFS

- Share Library/PodcastProducer
(THIS DIRECTORY DOES NOT EXIST UNTIL YOU CLICK ON THE PODCAST PRODUCER SERVICE, THEN CLICK CONFIGURE. DOING THIS WILL CREATE THE DIRECTORY. DO NOT DO ANYTHING MORE THAN MERELY START THE CONFIG PROCESS TO INVOKE THE CREATION OF THE DIRECTORY)
- Hit share
- Enable Automount
- Use LDAP domain
- Share over NFS
- Map to Shared Library folder (use the LDAP admin account to bind)
- Protocol options - Make sure afp, smb and ftp are off.
- NFS on: Select Export this item to a virtual interface/NIC
- Export to a particular subnet that what to have access.
- Map root to root
- Start NFS

Step 8.

Configure XGrid

- Run setup assistant
- Host a grid
- Bind with an AD account. This should be a regular domain account with no special privileges.

Step 9.

Next to last step, we will setup the Podcast Producer service.

- DO NOT CLICK CONFIGURE PP. Instead, click on Settings and change Podcast Library to /Library/PodcastProducer/Shared
- Xgrid username - Standard Domain user. Should be the same as what was used in the XGrid section of this document.
- Change Admin shortname to the short name of your admin account
- Start the Podcast Producer Service

Step 10.

In this step, we will configure the Web portion, which is the wiki/blog service

- Click on Sites
- In the hostname field, name the site default
- Click on the duplicate button (the button that looks like two over lapping windows)
- Change the host name of the duplicate to the FQDN of the website, then change the port to 443
- Click back on the "default" web entry. Click on Web Services. Make sure Wikis, Blogs, Calendars and Mail are all turned off. Click on Aliases. Click the + button on URL Aliases and Redirects. Choose RedirectMatch for the Type. The pattern should be ^(.*)$ The Path should be: https://podcast.myorganization.org/$1
- Click the secure web host entry. (the one with the FQDN and is secure on port 443). Click Web Services. Make sure that Wikis, Blogs and Calendar are all checked.
- Finally, start the Web service.

Step 11.

Configuring the Mail Service.

- Click Settings
- Click on Relay
- Check the option to Accept SMTP relays only from networks that your trust. The only entries permitted to relay should be 127.0.0.0/8 (localhost) and any other network that has access to your Podcast Producer service.
- Start the Mail service.

Step 12.

Configure QT Streaming Service

- Start Quicktime Streaming service

General trouble shooting:

PcP2 is highly dependent on XGrid. XGrid seems to be the Achilles Heel of PcP2. If you are submitting jobs successfully and find that that XGrid is failing, you can try deleting krb_cc in/var/pcast/serve/and then restarting the PcP server.

How to setup PcP2 with Active Directory | 13 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Authored by: ksmith52 on Thursday, May 20 2010 @ 08:45 PM CEST

Thanks for posting this. It seems to have resolved some of the problems I was having with PCP2.

I had PCP2 setup with AD, and no OD master, essentially following the steps in Apple's Podcast Producer 2 Admin document -- just using the "Configure Podcast Producer" button and chose "Standard Setup", and not starting any services this wizard did not automatically start, and could create podcasts, but there were all sorts of odd problems that would come up - cameras would be "Offline" even though they should have been "Ready"; Xgrid would be "Stopped" according to the Podcast Producer service even though it would be "Running" according to the Xgrid service; encoding jobs would randomly fail, usually at the "preflight" part of the job, and I'd have to hack around it to get it working again; and dual source encoding jobs always crashed at (I think) the merge-core-master task.

However, I recently rebuilt the system following your steps here and so far it seems to be working without problem. It seems that one of the differences between how I had it setup before using the "Configure Podcast Producer" wizard and the manual steps here is that you are setting up an OD master on a PCP2 server bound to AD, whereas I was not using an OD master. Does anyone know if it is a requirement that an OD master be setup for PCP2 to work correctly, even if using AD for authentication? I haven't set anything up in OD outside of the diradmin account, so I can't even see that it's being used.

Another difference is that before I never turned on NFS because I'm running Podcast Producer and Xgrid on just one and the same server, and it's my understanding that NFS is only really needed if you have multiple nodes in an Xgrid cluster. Does anyone know if it is a requirement that NFS be configured and running for PCP2 to work correctly even if the entire system is running on just one server?

I'm just trying to better understand why this setup seems to work while my previous setup was so flaky.

Authored by: niebuhr.eliz on Thursday, June 10 2010 @ 05:38 PM CEST

Hi there!

Thanks for this post, it has helped me a lot in the past few weeks while trying to set up our test Podcast Producer test server.

This is my first server setup--so I am new to it. I have had to re-install the server a few times already because of AD issues. I was wondering if you could help me out with the "serveradmin settings teams:enableClearTextAuth = yes" part. Whenever I run this in terminal I get "serveradmin must be run as root" I'm not sure how to fix this. I have root user enabled, have changed the password and I'm logged in as the (only) administrator. I'm not sure if I have missed a step somewhere or what I am doing wrong.

Any help would be much appreciated!

Thanks!

Authored by: Marcel Borsten on Friday, June 11 2010 @ 02:51 PM CEST

You can execute a command as root by typing 'sudo' in front of it. So instead of serveradmin <arguments>, do sudo serveradmin <arguments>. You will be prompted for a password. This is the password of the user you are currently logged in as. This user has to be an administrator.

Authored by: robertojok on Monday, June 21 2010 @ 03:08 PM CEST

interesting I managed to get podcast producer2 to work with AD integration. Quite easy in the end BUT not straight forward. If any one is interested let me know and I will explain it

Authored by: techizen on Tuesday, June 22 2010 @ 12:27 AM CEST

@robertojok, are you able to share your method of integrating PcP to AD? While I've followed the method described here, some of it worked but hasn't worked 100%. I want to compare what methods others are using to achieve a successful setup.

Authored by: peacedotnik on Monday, June 28 2010 @ 07:00 AM CEST

Yes, please share. It seems as if there have been varying categories of "success" in rergards to AD integration with PcP. The more documented examples the better!

Topics

User Functions

Advertising

Older Stories

Tuesday 12-Oct

Thursday 02-Sep

Sunday 09-May

Thursday 29-Apr

How to setup PcP2 with Active Directory

What's Related

Story Options