Dell Drac 5 User Guide
Here you can view all the pages of manual Dell Drac 5 User Guide. The Dell manuals for System are available online for free. You can easily download all the documents as PDF.
Page 141
Using the DRAC 5 With Microsoft Active Directory141 5Click Next and select whether you would like Windows to automatically select the certificate store based on the type of certificate, or browse to a store of your choice. 6Click Finish and click OK. Setting the SSL Time on the DRAC 5 When the DRAC 5 authenticates an Active Directory user, the DRAC 5 also verifies the certificate published by the Active Directory server to ensure that the DRAC is communicating with an authorized Active Directory...
Page 142
142Using the DRAC 5 With Microsoft Active Directory DRAC 5 Active Directory supports multiple domain environments provided the domain forest function level is Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups. NOTE: The Association Object and the Privilege Object must be in the same domain. The Dell-extended Active Directory Users and Computers snap-in forces you to...
Page 143
Using the DRAC 5 With Microsoft Active Directory143 Using Active Directory Single Sign-On You can enable the DRAC 5 to use Kerberos—a network authentication protocol—to enable single sign-on and log into the DRAC 5. For more information on setting up the DRAC 5 to use the Active Directory Single Sign-On feature, see Enabling Kerberos Authentication on page 147. Configuring the DRAC 5 to Use Single Sign-On 1Navigate to Remote Access Configuration tab Active Directory subtabselectConfigure Active...
Page 144
144Using the DRAC 5 With Microsoft Active Directory Frequently Asked Questions Are there any restrictions on Domain Controller SSL configuration? Yes. All Active Directory servers’ SSL certificates in the forest must be signed by the same root CA since DRAC 5 only allows uploading one trusted CA SSL certificate. I created and uploaded a new RAC certificate and now the Web-based interface does not launch. If you use Microsoft Certificate Services to generate the RAC certificate, one possible cause of...
Page 145
Using the DRAC 5 With Microsoft Active Directory145 eEnsure that your DRAC Name, Root Domain Name, and DRAC Domain Name match your Active Directory environment configuration. fEnsure that the DRAC 5 password has a maximum of 127 characters. While the DRAC 5 can support passwords of up to 256 characters, Active Directory only supports passwords that have a maximum length of 127 characters. SSO login fails with Active Directory users on Windows 7 operating systems. What should I do to resolve this?...
Page 146
146Using the DRAC 5 With Microsoft Active Directory Perform the following additional settings for extended schema: 1 Go to Start and run regedit. The Registry Editor window is displayed. 2Navigate to HKEY_LOCAL_MACHINESystem CurrentControlSetControlLSA. 3In the right-pane, right-click and select NewDWORD (32-bit) Value. 4Name the new key as SuppressExtendedProtection. 5Right-click SuppressExtendedProtection and click Modify. 6In the Va l u e d a t a field, type 1 and click OK. 7Close the...
Page 147
Enabling Kerberos Authentication147 7 Enabling Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 use Kerberos as their default authentication method. Starting with DRAC 5 version 1.40, the DRAC 5 uses Kerberos to support two types of...
Page 148
148Enabling Kerberos Authentication cSelect Register DRAC on DNS. dProvide a valid DNS Domain Name. NOTE: Ensure that the DNS name is resolved by the DNS server. See the DRAC 5 Online Help for more information. • Synchronize the DRAC 5 time settings with that of the Active Directory Domain Controller. Kerberos authentication on DRAC 5 fails if the DRAC time differs from the Domain Controller time. A maximum offset of 5 minutes is allowed. To enable successful authentication, synchronize the server...
Page 149
Enabling Kerberos Authentication149 eStart a command prompt, and then type the following command: C:\>ktpass -princ HOST/dracname.domain- [email protected] -mapuser account - crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL - pass password -out c:\krbkeytab where: • dracname is the DRAC 5’s DNS name. • domain-name is the Active Directory domain name with which you want to authenticate. It should be replaced by the actual domain name in capital letters. • account is the user name, a valid user...
Page 150
150Enabling Kerberos Authentication Configuring DRAC 5 for Kerberos Authentication Upload the keytab obtained from the Active Directory root domain, to the DRAC 5: 1 Navigate to Remote Access Configuration tab Active Directory subtab. 2Select Upload Kerberos Keytab and click Next. 3On the Kerberos Keytab Upload page, select the keytab file to upload and click Apply.