Dell PowerEdge R830 Integrated Remote Access Controller 8 Version 2.70.70.70 U - Page 130
Configuring Active Directory with Standard schema using RACADM
View all Dell PowerEdge R830 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 130 highlights
4. Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when communicating with the Active Directory (AD) server. For this, the Domain Controllers and Global Catalog FQDN must be specified. This is done in the next steps. And hence the DNS should be configured properly in the network settings. 5. Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 6. Enable Active Directory and specify the location information about Active Directory servers and user accounts. Also, specify the time iDRAC must wait for responses from Active Directory during iDRAC login. NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Make sure that DNS is configured correctly under Overview > iDRAC Settings > Network. 7. Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed. 8. Select Standard Schema and click Next. The Active Directory Configuration and Management Step 4a of 4 page is displayed. 9. Enter the location of Active Directory global catalog server(s) and specify privilege groups used to authorize users. 10. Click a Role Group to configure the control authorization policy for users under the standard schema mode. The Active Directory Configuration and Management Step 4b of 4 page is displayed. 11. Specify the privileges and click Apply. The settings are applied and the Active Directory Configuration and Management Step 4a of 4 page is displayed. 12. Click Finish. The Active Directory settings for standard schema are configured. Configuring Active Directory with Standard schema using RACADM 1. Use the following commands: racadm set iDRAC.ActiveDirectory.Enable 1 racadm set iDRAC.ActiveDirectory.Schema 2 racadm set iDRAC.ADGroup.Name racadm set iDRAC.ADGroup.Domain racadm set iDRAC.ADGroup.Privilege racadm set iDRAC.ActiveDirectory.DomainController1 racadm set iDRAC.ActiveDirectory.DomainController2 racadm set iDRAC.ActiveDirectory.DomainController3 racadm set iDRAC.ActiveDirectory.GlobalCatalog1 racadm set iDRAC.ActiveDirectory.GlobalCatalog2 racadm set iDRAC.ActiveDirectory.GlobalCatalog3 • Enter the Fully Qualified Domain Name (FQDN) of the domain controller, not the FQDN of the domain. For example, enter servername.dell.com instead of dell.com. • For bit-mask values for specific Role Group permissions, see Table 21. Default role group privileges . • You must provide at least one of the three domain controller addresses. iDRAC attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located. • The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains. In multiple domain case, only the Universal Group can be used. • If certificate validation is enabled, the FQDN or IP address that you specify in this field must match the Subject or Subject Alternative Name field of your domain controller certificate. • To disable the certificate validation during SSL handshake, use the following command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 0 In this case, no Certificate Authority (CA) certificate needs to be uploaded. • To enforce the certificate validation during SSL handshake (optional), use the following command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 1 130 Configuring user accounts and privileges