Home > Dell > Server > Dell Drac 5 User Manual

Dell Drac 5 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Dell Drac 5 User Manual. The Dell manuals for Server are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 141

    Page 141 Configuring Smart Card Authentication141 Configuring Local DRAC 5 Users for Smart Card Logon You can configure the local DRAC 5 users to log into the DRAC 5 using the Smart Card. Navigate to Remote Access→ Configuration→ Users. Figure 7-1. User Management Page for Smart Card However, before the user can log into the DRAC 5 using the Smart Card, you must upload the users Smart Card certificate and the trusted Certificate Authority (CA) certificate to the DRAC 5. Exporting the Smart Card Certificate... 
    Configuring Smart Card Authentication141
Configuring Local DRAC 5 Users for Smart Card 
Logon
You can configure the local DRAC 5 users to log into the DRAC 5 using the 
Smart Card. Navigate to Remote Access→ Configuration→ Users.
Figure 7-1. User Management Page for Smart Card
However, before the user can log into the DRAC 5 using the Smart Card, you 
must upload the users Smart Card certificate and the trusted Certificate 
Authority (CA) certificate to the DRAC 5. 
Exporting the Smart Card Certificate...

    Page 142

    Page 142 142Configuring Smart Card Authentication the Base64 encoded form. You should upload this file as the trusted CA certificate for the user. Configure the user with the username that forms the user’s User Principle Name (UPN) in the Smart Card certificate. NOTE: To log into the DRAC 5, the user name that you configure in the DRAC 5 should have the same case as the User Principle Name (UPN) in the Smart Card certificate. For example, in case the Smart Card certificate has been issued to the user,... 
    142Configuring Smart Card Authentication
the Base64 encoded form. You should upload this file as the trusted CA 
certificate for the user. Configure the user with the username that forms the 
user’s User Principle Name (UPN) in the Smart Card certificate. 
 NOTE: To log into the DRAC 5, the user name that you configure in the DRAC 5 
should have the same case as the User Principle Name (UPN) in the Smart Card 
certificate.
For example, in case the Smart Card certificate has been issued to the user,...

    Page 143

    Page 143 Configuring Smart Card Authentication143 Table 7-1. Smart Card Settings Setting Description Configure Smart Card Logon Disabled — Disables Smart Card logon. Subsequent logins from the graphical user interface (GUI) display the regular login page. All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM are set to their default state. Enabled — Enables Smart Card logon. After applying the changes, logout, insert your Smart Card and then click Login... 
    Configuring Smart Card Authentication143
Table 7-1. Smart Card Settings
Setting Description
Configure Smart Card 
Logon
 Disabled — Disables Smart Card logon. Subsequent 
logins from the graphical user interface (GUI) display 
the regular login page. All command line out-of-band 
interfaces including secure shell (SSH), Telnet, 
Serial, and remote RACADM are set to their default 
state.
 Enabled — Enables Smart Card logon. After applying 
the changes, logout, insert your Smart Card and then 
click 
Login...

    Page 144

    Page 144 144Configuring Smart Card Authentication Logging Into the DRAC 5 Using the Smart Card The DRAC 5 Web interface displays the Smart Card logon page for all users who are configured to use the Smart Card. NOTE: Ensure that the DRAC 5 local user and/or Active Directory configuration is complete before enabling the Smart Card Logon for the user. NOTE: Depending on your browser settings, you may be prompted to download and install the Smart Card reader ActiveX plug-in when using this feature for the... 
    144Configuring Smart Card Authentication
Logging Into the DRAC 5 Using the Smart Card
The DRAC 5 Web interface displays the Smart Card logon page for all users 
who are configured to use the Smart Card.
 NOTE: Ensure that the DRAC 5 local user and/or Active Directory configuration is 
complete before enabling the Smart Card Logon for the user. 
 
NOTE: Depending on your browser settings, you may be prompted to download and 
install the Smart Card reader ActiveX plug-in when using this feature for the...

    Page 145

    Page 145 Configuring Smart Card Authentication145 2Insert the Smart Card into the reader and click Login. The DRAC 5 prompts you for the Smart Card’s PIN. 3Enter the Smart Card PIN and click OK. . NOTE: If you are an Active Directory user for whom the Enable CRL check for Smart Card Logon is selected, DRAC 5 attempts to download the CRL and checks the CRL for the users certificate. The login through Active Directory fails if the certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for... 
    Configuring Smart Card Authentication145
2Insert the Smart Card into the reader and click Login.
The DRAC 5 prompts you for the Smart Card’s PIN.
3Enter the Smart Card PIN and click OK.
. NOTE: If you are an Active Directory user for whom the Enable CRL check for 
Smart Card Logon is selected, DRAC 5 attempts to download the CRL and checks 
the CRL for the users certificate. The login through Active Directory fails if the 
certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for...

    Page 146

    Page 146 146Configuring Smart Card Authentication 3Enter the PIN and click OK. You are logged into the DRAC 5 with your credentials as set in Active Directory. For more information, see Enabling Kerberos Authentication. Troubleshooting the Smart Card Logon in DRAC 5 Use the following tips to help you debug an inaccessible Smart Card: ActiveX plug-in unable to detect the Smart Card reader Ensure that the Smart Card is supported on the Microsoft Windows® operating system. Windows supports a limited number of... 
    146Configuring Smart Card Authentication
3Enter the PIN and click OK.
You are logged into the DRAC 5 with your credentials as set in Active 
Directory.
For more information, see Enabling Kerberos Authentication.
Troubleshooting the Smart Card Logon in DRAC 5
Use the following tips to help you debug an inaccessible Smart Card: 
ActiveX plug-in unable to detect the Smart Card reader
Ensure that the Smart Card is supported on the Microsoft Windows® 
operating system. Windows supports a limited number of...

    Page 147

    Page 147 Configuring Smart Card Authentication147 Unable to Log into DRAC 5 as an Active Directory User If you cannot log into the DRAC 5 as an Active Directory user, try to log into the DRAC 5 without enabling the Smart Card logon. If you have enabled the CRL check, try the Active Directory logon without enabling the CRL check. The DRAC 5 trace log should provide important messages in case of CRL failure. You also have the option of disabling the Smart Card Logon through the local racadm using the... 
    Configuring Smart Card Authentication147
Unable to Log into DRAC 5 as an Active Directory User
If you cannot log into the DRAC 5 as an Active Directory user, try to log into 
the DRAC 5 without enabling the Smart Card logon. If you have enabled the 
CRL check, try the Active Directory logon without enabling the CRL check. 
The DRAC 5 trace log should provide important messages in case of CRL 
failure. 
You also have the option of disabling the Smart Card Logon through the local 
racadm using the...

    Page 148

    Page 148 148Configuring Smart Card Authentication 
    148Configuring Smart Card Authentication

    Page 149

    Page 149 Enabling Kerberos Authentication149 Enabling Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. Microsoft ® Windows® 2000, Windows XP, Windows Server® 2003, Windows Vista®, and Windows Server 2008 use Kerberos as their default authentication method. Starting with DRAC 5 version 1.40, the DRAC 5 uses Kerberos to support two types of... 
    Enabling Kerberos Authentication149
Enabling Kerberos Authentication 
Kerberos is a network authentication protocol that allows systems to 
communicate securely over a non-secure network. It achieves this by allowing 
the systems to prove their authenticity.
Microsoft
® Windows® 2000, Windows XP, Windows Server® 2003, 
Windows Vista®, and Windows Server 2008 use Kerberos as their default 
authentication method. 
Starting with DRAC 5 version 1.40, the DRAC 5 uses Kerberos to support two 
types of...

    Page 150

    Page 150 150Enabling Kerberos Authentication Since the DRAC 5 is a device with a non-Windows operating system, run the ktpass utility—part of Microsoft® Windows®—on the Domain Controller (Active Directory server) where you want to map the DRAC 5 to a user account in Active Directory. For example, C:\>ktpass -princ HOST/dracname.domain- name .com@domain-name.COM -mapuser dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab NOTE: The cryptography type that DRAC 5 supports for... 
    150Enabling Kerberos Authentication
Since the DRAC 5 is a device with a non-Windows operating system, run 
the 
ktpass utility—part of Microsoft® Windows®—on the Domain 
Controller (Active Directory server) where you want to map the DRAC 5 
to a user account in Active Directory. For example,
C:\>ktpass -princ HOST/dracname.domain- 
name
[email protected] -mapuser dracname -crypto 
DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out 
c:\krbkeytab
 NOTE: The cryptography type that DRAC 5 supports for...
    Start reading Dell Drac 5 User Manual

    Related Manuals for Dell Drac 5 User Manual

    All Dell manuals