Home > Dell > Server > Dell Drac 5 User Manual

Dell Drac 5 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Dell Drac 5 User Manual. The Dell manuals for Server are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 131

    Page 131 Using the DRAC 5 With Microsoft Active Directory131 Viewing an Active Directory CA Certificate Use the Active Directory Main Menu page to view a CA server certificate for your DRAC 5. 1 In the Active Directory Main Menu page, select View Active Directory CA Certificate and click Next. Table 6-14 describes the fields and associated descriptions listed in the Certificate window. 2Click the appropriate View Active Directory CA Certificate page button to continue. See Table 6-11. Enabling SSL on a... 
    Using the DRAC 5 With Microsoft Active Directory131
Viewing an Active Directory CA Certificate
Use the Active Directory Main Menu page to view a CA server certificate for 
your DRAC 5.
1
In the Active Directory Main Menu page, select View Active Directory 
CA Certificate 
and click Next.
Table 6-14 describes the fields and associated descriptions listed in the 
Certificate window.
2Click the appropriate View Active Directory CA Certificate page button 
to continue. See Table 6-11.
Enabling SSL on a...

    Page 132

    Page 132 132Using the DRAC 5 With Microsoft Active Directory If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certificate, perform the following steps to enable SSL on each domain controller: 1 Enable SSL on each of your domain controllers by installing the SSL certificate for each controller. aClick Start→ Administrative Tools→ Domain Security Policy. bExpand the Public Key Policies folder, right-click Automatic Certificate Request Settings and... 
    132Using the DRAC 5 With Microsoft Active Directory
If you are using Microsoft Enterprise Root CA to automatically assign all your 
domain controllers to an SSL certificate, perform the following steps to 
enable SSL on each domain controller:
1
Enable SSL on each of your domain controllers by installing the SSL 
certificate for each controller. 
aClick Start→ Administrative Tools→ Domain Security Policy. 
bExpand the Public Key Policies folder, right-click Automatic 
Certificate Request Settings 
and...

    Page 133

    Page 133 Using the DRAC 5 With Microsoft Active Directory133 13Click Next and select Base-64 encoded X.509 (.cer) as the format. 14Click Next and save the certificate to a directory on your system. 15Upload the certificate you saved in step 14 to the DRAC 5. To upload the certificate using RACADM, see Configuring the DRAC 5 With Extended Schema Active Directory and Web-Based Interface. To upload the certificate using the Web-based interface, perform the following procedure: aOpen a supported Web browser... 
    Using the DRAC 5 With Microsoft Active Directory133
13Click Next and select Base-64 encoded X.509 (.cer) as the format.
14Click Next and save the certificate to a directory on your system. 
15Upload the certificate you saved in step 14 to the DRAC 5. 
To upload the certificate using RACADM, see Configuring the DRAC 5 
With Extended Schema Active Directory and Web-Based Interface.
To upload the certificate using the Web-based interface, perform the 
following procedure:
aOpen a supported Web browser...

    Page 134

    Page 134 134Using the DRAC 5 With Microsoft Active Directory The DRAC 5 SSL certificate is the identical certificate used for the DRAC 5 Web server. All DRAC 5 controllers are shipped with a default self-signed certificate. To access the certificate using the DRAC 5 Web-based interface, select Configuration→ Active Directory→ Download DRAC 5 Server Certificate. 1 On the domain controller, open an MMC Console window and select Certificates→ Trusted Root Certification Authorities. 2Right-click Certificates,... 
    134Using the DRAC 5 With Microsoft Active Directory
The DRAC 5 SSL certificate is the identical certificate used for the DRAC 5 
Web server. All DRAC 5 controllers are shipped with a default self-signed 
certificate. 
To access the certificate using the DRAC 5 Web-based interface, select 
Configuration→ Active Directory→ Download DRAC 5 Server Certificate.
1
On the domain controller, open an MMC Console window and select 
Certificates→ Trusted Root Certification Authorities.
2Right-click Certificates,...

    Page 135

    Page 135 Using the DRAC 5 With Microsoft Active Directory135 Supported Active Directory Configuration The Active Directory querying algorithm of the DRAC 5 supports multiple trees in a single forest. DRAC 5 Active Directory Authentication supports mixed mode (that is, the domain controllers in the forest run different operating systems, such as Microsoft Windows NT® 4.0, Windows 2000, or Windows Server 2003). However, all objects used by the DRAC 5 querying process (among user, RAC Device Object, and... 
    Using the DRAC 5 With Microsoft Active Directory135
Supported Active Directory Configuration
The Active Directory querying algorithm of the DRAC 5 supports multiple 
trees in a single forest.
DRAC 5 Active Directory Authentication supports mixed mode (that is, the 
domain controllers in the forest run different operating systems, such as 
Microsoft Windows NT® 4.0, Windows 2000, or Windows Server 2003). 
However, all objects used by the DRAC 5 querying process (among user, 
RAC Device Object, and...

    Page 136

    Page 136 136Using the DRAC 5 With Microsoft Active Directory White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, because these names cannot be resolved. You can also log into the DRAC 5 using the Smart Card. For more information, see Logging Into the DRAC 5 Using Active Directory Smart Card Authentication. Using Active Directory Single Sign-On You can enable the DRAC 5 to use Kerberos—a... 
    136Using the DRAC 5 With Microsoft Active Directory
White space and special characters (such as \, /, or @) cannot be used in the 
user name or the domain name.
 NOTE: You cannot specify NetBIOS domain names, such as Americas, because 
these names cannot be resolved.
You can also log into the DRAC 5 using the Smart Card. For more 
information, see Logging Into the DRAC 5 Using Active Directory Smart 
Card Authentication.
Using Active Directory Single Sign-On
You can enable the DRAC 5 to use Kerberos—a...

    Page 137

    Page 137 Using the DRAC 5 With Microsoft Active Directory137 3Click Login. The DRAC 5 logs you in, using your credentials that were cached in the operating system when you logged in using your valid Active Directory account . Frequently Asked Questions Are there any restrictions on Domain Controller SSL configuration? Yes. All Active Directory servers’ SSL certificates in the forest must be signed by the same root CA since DRAC 5 only allows uploading one trusted CA SSL certificate. I created and uploaded a... 
    Using the DRAC 5 With Microsoft Active Directory137
3Click Login.
The DRAC 5 logs you in, using your credentials that were cached in the 
operating system when you logged in using your valid Active Directory 
account
.
Frequently Asked Questions
Are there any restrictions on Domain Controller SSL configuration?
Yes. All Active Directory servers’ SSL certificates in the forest must be signed 
by the same root CA since DRAC 5 only allows uploading one trusted CA 
SSL certificate.
I created and uploaded a...

    Page 138

    Page 138 138Using the DRAC 5 With Microsoft Active Directory dCheck the Domain Controller SSL certificates to ensure that they have not expired. eEnsure that your DRAC Name, Root Domain Name, and DRAC Domain Name match your Active Directory environment configuration. fEnsure that the DRAC 5 password has a maximum of 127 characters. While the DRAC 5 can support passwords of up to 256 characters, Active Directory only supports passwords that have a maximum length of 127 characters. 
    138Using the DRAC 5 With Microsoft Active Directory
dCheck the Domain Controller SSL certificates to ensure that they 
have not expired.
eEnsure that your DRAC Name, Root Domain Name, and DRAC 
Domain Name
 match your Active Directory environment 
configuration.
fEnsure that the DRAC 5 password has a maximum of 127 characters. 
While the DRAC 5 can support passwords of up to 256 characters, 
Active Directory only supports passwords that have a maximum length 
of 127 characters.

    Page 139

    Page 139 Configuring Smart Card Authentication139 Configuring Smart Card Authentication The Dell™ Remote Access Controller 5 (DRAC 5) version 1.30 and later support the two-factor-authentication for logging into the DRAC 5 Web interface. This support is provided by the Smart Card Logon feature on the DRAC 5. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security. Two-factor-authentication, on the other hand, provides a higher-level of... 
    Configuring Smart Card Authentication139
Configuring Smart Card 
Authentication
The Dell™ Remote Access Controller 5 (DRAC 5) version 1.30 and later 
support the two-factor-authentication for logging into the DRAC 5 Web 
interface. This support is provided by the Smart Card Logon feature on the 
DRAC 5. 
The traditional authentication schemes use user name and password to 
authenticate users. This provides minimal security.
Two-factor-authentication, on the other hand, provides a higher-level of...

    Page 140

    Page 140 140Configuring Smart Card Authentication NOTE: Dell recommends that the DRAC 5 administrator use the Enable with Remote Racadm setting only to access the DRAC 5 user interface to run scripts using the remote racadm commands. If the administrator does not need to use the remote racadm, Dell recommends the Enabled setting for Smart Card logon. Also, ensure that the DRAC 5 local user configuration and/or Active Directory configuration is complete before enabling Smart Card Logon. Enable CRL check... 
    140Configuring Smart Card Authentication
 NOTE: Dell recommends that the DRAC 5 administrator use the Enable with 
Remote Racadm setting only to access the DRAC 5 user interface to run 
scripts using the remote racadm commands. If the administrator does not 
need to use the remote racadm, Dell recommends the Enabled setting for 
Smart Card logon. Also, ensure that the DRAC 5 local user configuration 
and/or Active Directory configuration is complete before enabling Smart 
Card Logon. 
Enable CRL check...
    Start reading Dell Drac 5 User Manual

    Related Manuals for Dell Drac 5 User Manual

    All Dell manuals