Home » Dell Manuals » Servers » Dell PowerEdge VRTX » Manual Viewer

Dell PowerEdge VRTX Chassis Management Controller Version 1.0 for Dell PowerEd - Page 119

Configuring CMC For Single Sign-On Or Smart Card Login, System Requirements, Client Systems

View all Dell PowerEdge VRTX manuals

Add to My Manuals
Save this manual to your list of manuals

Page 119 highlights

10 Configuring CMC For Single Sign-On Or Smart Card Login This section provides information to configure CMC for Smart Card login and Single Sign-On (SSO) login for Active Directory users. SSO uses Kerberos as an authentication method allowing users, who have signed in as an automatic- or single sign-on to subsequent applications such as Exchange. For single sign-on login, CMC uses the client system's credentials, which are cached by the operating system after you log in using a valid Active Directory account. Two-factor-authentication, provides a higher-level of security by requiring users to have a password or PIN, and a physical card containing a private key or digital certificate. Kerberos uses this two-factor authentication mechanism allowing systems to prove their authenticity. NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces, for example, SSH. You must set other policy attributes for other login interfaces also. If you want to disable all other login interfaces, navigate to the Services page and disable all (or some) the login interfaces. Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008 can use Kerberos as the authentication mechanism for SSO and smart card login. For information about Kerberos, see the Microsoft Website. System Requirements To use the Kerberos authentication, the network must include: • DNS server • Microsoft Active Directory Server NOTE: If you are using Active Directory on Microsoft Windows 2003, make sure that you have the latest service packs and patched installed on the client system. If you are using Active Directory on Microsoft Windows 2008, make sure that you have installed SP1 along with the following hot fixes: Windows6.0-KB951191-x86.msu for the KTPASS utility. Without this patch the utility generates bad keytab files. Windows6.0-KB957072-x86.msu for using GSS_API and SSL transactions during an LDAP bind. • Kerberos Key Distribution Center (packaged with the Active Directory Server software). • DHCP server (recommended). • The DNS server reverse zone must have an entry for the Active Directory server and CMC. Client Systems • For only Smart Card login, the client system must have the Microsoft Visual C++ 2005 redistributable. For more information see www.microsoft.com/downloads/details.aspx?FamilyID= 32BC1BEEA3F9-4C13-9C99-220B62A191EE&displaylang=en • For Single Sign-On or smart card login, the client system must be a part of the Active Directory domain and Kerberos Realm. 119

Section	Page
Chassis Management Controller Version 1.0 for Dell PowerEdge VRTX User's Guide	3
Overview	13
Key Features	14
Management Features	14
Security Features	15
Chassis Overview	15
Supported Remote Access Connections	18
Supported Platforms	18
Supported Web Browsers	19
Managing Licenses	19
Types of Licenses	19
Acquiring Licenses	19
License Operations	19
License Component State or Condition and Available Operations	20
Managing Licenses Using CMC Web Interface	20
Managing Licenses Using RACADM	20
Licensable Features In CMC	20
Viewing Localized Versions of the CMC Web Interface	22
Supported Management Console Applications	22
How to Use this User's Guide	22
Other Documents You May Need	22
Accessing Documents From Dell Support Site	23
Installing and Setting Up CMC	25
Before You Begin	25
Installing CMC Hardware	25
Checklist To Set up Chassis	25
Basic CMC Network Connection	26
Installing Remote Access Software on a Management Station	26
Installing RACADM on a Linux Management Station	26
Uninstalling RACADM From a Linux Management Station	27
Configuring a Web Browser	27
Proxy Server	27
Microsoft Phishing Filter	28
Certificate Revocation List (CRL) Fetching	28
Downloading Files From CMC With Internet Explorer	28
Enabling Animations In Internet Explorer	29
Setting Up Initial Access to CMC	29
Configuring Initial CMC Network	29
Interfaces and Protocols to Access CMC	32
Launching CMC Using Other Systems Management Tools	34
Downloading and Updating CMC Firmware	34
Setting Chassis Physical Location and Chassis Name	34
Setting Chassis Physical Location and Chassis Name Using Web Interface	34
Setting Chassis Physical Location and Chassis Name Using RACADM	34
Setting Date and Time on CMC	34
Setting Date and Time on CMC Using CMC Web Interface	35
Setting Date and Time on CMC Using RACADM	35
Configuring LEDs to Identify Components on the Chassis	35
Configuring LED Blinking Using CMC Web Interface	35
Configuring LED Blinking Using RACADM	35
Configuring CMC Properties	36
Understanding Redundant CMC Environment	36
About Standby CMC	36
CMC Failsafe Mode	37
Active CMC Election Process	37
Obtaining Health Status of Redundant CMC	37
Configuring Front Panel	37
Configuring Power Button	38
Configuring LCD	38
Accessing a Server Using KVM	38
Logging in to CMC	41
Accessing CMC Web Interface	41
Logging Into CMC as a Local User, Active Directory User, or LDAP User	41
Logging in to CMC Using a Smart Card	42
Logging Into CMC Using Single Sign-on	43
Logging In To CMC Using Serial, Telnet, Or SSH Console	43
Accessing CMC Using RACADM	43
Logging in to CMC Using Public Key Authentication	44
Multiple CMC Sessions	44
Updating Firmware	45
Downloading CMC Firmware	45
Viewing Currently Installed Firmware Versions	45
Viewing Currently Installed Firmware Versions Using CMC Web Interface	45
Viewing Currently Installed Firmware Versions Using RACADM	46
Updating the CMC Firmware	46
Updating CMC Firmware Using RACADM	46
Updating CMC Firmware Using Web Interface	47
Updating Chassis Infrastructure Firmware	47
Updating Chassis Infrastructure Firmware Using CMC Web Interface	47
Updating Chassis Infrastructure Firmware Using RACADM	48
Updating Server iDRAC Firmware	48
Updating Server iDRAC Firmware Using RACADM	48
Updating Server iDRAC Firmware Using Web Interface	48
Updating Server Component Firmware	49
Enabling Lifecycle Controller	50
Filtering Components for Firmware Updates	50
Viewing Firmware Inventory	51
Viewing Firmware Inventory Using CMC Web Interface	52
Viewing Firmware Inventory Using RACADM	53
Lifecycle Controller Job Operations	53
Reinstalling Server Component Firmware	54
Rolling Back Server Component Firmware	54
Rolling Back Server Component Firmware Using the CMC Web Interface	54
Upgrading Server Component Firmware	54
Upgrading Server Component Firmware Using CMC Web Interface	55
Deleting Scheduled Server Component Firmware Jobs	56
Deleting Scheduled Server Component Firmware Jobs Using the Web Interface	56
Updating Storage Component Using CMC Web Interface	56
Recovering iDRAC Firmware Using CMC	56
Viewing Chassis Information and Monitoring Chassis and Component Health	57
Viewing Chassis and Component Summaries	57
Chassis Graphics	58
Selected Component Information	58
Viewing Server Model Name and Service Tag	59
Viewing Chassis Summary	59
Viewing Chassis Controller Information and Status	59
Viewing Information and Health Status of All Servers	59
Viewing Information and Health Status of the IOM	59
Viewing Information and Health Status of Fans	60
Configuring Fans	60
Viewing Front Panel Properties	61
Viewing KVM Information and Health Status	61
Viewing LCD Information and Health	62
Viewing Information and Health Status of Temperature Sensors	62
Configuring CMC	63
Viewing and Modifying CMC Network LAN Settings	63
Viewing and Modifying CMC Network LAN Settings Using CMC Web Interface	64
Viewing and Modifying CMC Network LAN Settings Using RACADM	64
Enabling the CMC Network Interface	64
Enabling or Disabling DHCP for the CMC Network Interface Address	65
Enabling or Disabling DHCP for DNS IP Addresses	65
Setting Static DNS IP addresses	65
Configuring DNS Settings (IPv4 and IPv6)	66
Configuring Auto Negotiation, Duplex Mode, and Network Speed (IPv4 and IPv6)	66
Setting the Maximum Transmission Unit (MTU) (IPv4 and IPv6)	66
Configuring Network Security Settings	67
Configuring Network Security Settings Using CMC Web Interface	67
Configuring CMC Network Security Settings Using RACADM	67
Configuring Virtual LAN Tag Properties for CMC	67
Configuring VLAN Tag Properties for CMC Using RACADM	67
Configuring Virtual LAN Tag Properties for CMC Using Web Interface	68
Configuring Services	68
Configuring Services Using CMC Web Interface	69
Configuring Services Using RACADM	69
Configuring CMC Extended Storage Card	70
Setting Up Chassis Group	70
Adding Members To Chassis Group	71
Removing a Member from the Leader	71
Disbanding a Chassis Group	71
Disabling an Individual Member at the Member Chassis	72
Launching the Web page of a Member Chassis or Server	72
Synchronizing a New Member With Leader Chassis Properties	72
Server Inventory for MCM group	73
Saving Server Inventory Report	73
Configuring Multiple CMCs Using RACADM	74
Creating a CMC Configuration File	75
Parsing Rules	76
Modifying the CMC IP Address	77
Configuring Servers	79
Configuring Slot Names	79
Configuring iDRAC Network Settings	80
Configuring iDRAC QuickDeploy Network Settings	80
Modifying iDRAC Network Settings for Individual Server iDRAC	82
Modifying iDRAC Network Settings Using RACADM	82
Configuring iDRAC VLAN Tag Settings	83
Configuring iDRAC VLAN Tag Settings Using RACADM	83
Configuring iDRAC VLAN Tag Settings Using Web Interface	83
Setting First Boot Device	83
Setting First Boot Device For Multiple Servers Using CMC Web Interface	84
Setting First Boot Device For Individual Server Using CMC Web Interface	84
Setting First Boot Device Using RACADM	85
Configuring Server FlexAddress	85
Configuring Remote File Share	85
Configuring BIOS Settings Using Server Clone	86
Accessing BIOS Profile Page	86
Adding Profile	86
Managing Stored Profiles	86
Applying Profile	87
Viewing BIOS Settings	87
Viewing Profile Log	87
Completion Status And Troubleshooting	88
Launching iDRAC using Single Sign-On	88
Launching Remote Console	89
Configuring CMC To Send Alerts	91
Enabling Or Disabling Alerts	91
Enabling Or Disabling Alerts Using CMC Web Interface	91
Enabling Or Disabling Alerts Using RACADM	91
Filtering Alerts	91
Configuring Alert Destinations	92
Configuring SNMP Trap Alert Destinations	92
Configuring E-Mail Alert Settings	94
Configuring User Accounts and Privileges	97
Types of Users	97
Modifying Root User Administrator Account Settings	101
Configuring Local Users	101
Configuring Local Users Using CMC Web Interface	101
Configure Local Users Using RACADM	101
Configuring Active Directory Users	103
Supported Active Directory Authentication Mechanisms	103
Standard Schema Active Directory Overview	104
Configuring Standard Schema Active Directory	105
Extended Schema Active Directory Overview	107
Configuring Extended Schema Active Directory	108
Configuring Generic LDAP Users	116
Configuring the Generic LDAP Directory to Access CMC	116
Configuring Generic LDAP Directory Service Using CMC Web Interface	117
Configuring Generic LDAP Directory Service Using RACADM	118
Configuring CMC For Single Sign-On Or Smart Card Login	119
System Requirements	119
Client Systems	119
CMC	120
Prerequisites For Single Sign-On Or Smart Card Login	120
Generating Kerberos Keytab File	120
Configuring CMC For Active Directory Schema	120
Configuring Browser For SSO Login	121
Internet Explorer	121
Mozilla Firefox	121
Configuring Browser For Smart Card Login	121
Configuring CMC SSO Or Smart Card Login For Active Directory Users	121
Configuring CMC SSO Or Smart Card Login For Active Directory Users Using Web Interface	121
Uploading Keytab File	122
Configuring CMC SSO Login Or Smart Card Login For Active Directory Users Using RACADM	122
Configuring CMC to Use Command Line Consoles	123
CMC Command Line Console Features	123
CMC Command Line Interface Commands	123
Using Telnet Console With CMC	123
Using SSH With CMC	124
Supported SSH Cryptography Schemes	124
Configure Public Key Authentication Over SSH	125
Configuring Terminal Emulation Software	127
Configuring Linux Minicom	127
Connecting to Servers or I/O Module Using Connect Command	128
Configuring the Managed Server BIOS for Serial Console Redirection	129
Configuring Windows for Serial Console Redirection	129
Configuring Linux for Server Serial Console Redirection During Boot	129
Configuring Linux for Server Serial Console Redirection After Boot	130
Using FlexAddress and FlexAdress Plus Cards	133
About FlexAddress	133
About FlexAddress Plus	133
Activating FlexAddress	134
Activating FlexAddress Plus	135
Verifying FlexAddress Activation	135
Deactivating FlexAddress	136
Viewing FlexAddress Information	136
Viewing FlexAddress Information For Chassis	137
Viewing FlexAddress Information For All Servers	137
Viewing FlexAddress Information for Individual Servers	138
Configuring FlexAddress	138
Wake-On-LAN with FlexAddress	138
Configuring FlexAddress for Chassis-Level Fabric and Slots	139
Viewing World Wide Name/Media Access Control (WWN/MAC) IDs	140
Command Messages	140
FlexAddress DELL SOFTWARE LICENSE AGREEMENT	141
Managing Fabrics	143
Invalid Configurations	143
Fresh Power-up Scenario	143
Monitoring IOM Health	143
Configuring Network Settings for IOM	144
Configuring Network Settings for IOM Using CMC Web Interface	144
Configuring Network Settings for IOM Using RACADM	144
Managing and Monitoring Power	145
Redundancy Policies	145
AC Redundancy Policy	146
Power Supply Redundancy Policy	146
Dynamic Power Supply Engagement	146
Default Redundancy Configuration	147
AC Redundancy	147
Power Supply Redundancy	148
Power Budgeting For Hardware Modules	148
Server Slot Power Priority Settings	149
Assigning Priority Levels To Servers	149
Assigning Priority Levels To Servers Using CMC Web Interface	150
Assigning Priority Levels To Servers Using RACADM	150
Viewing Power Consumption Status	150
Viewing Power Consumption Status Using CMC Web Interface	150
Viewing Power Consumption Status Using RACADM	150
Viewing Power Budget Status Using CMC Web Interface	150
Viewing Power Budget Status Using RACADM	151
Redundancy Status and Overall Power Health	151
Power Management After PSU Failure	151
Power Management After Removing PSU	151
New Server Engagement Policy	151
Power Supply and Redundancy Policy Changes in System Event Log	152
Configuring Power Budget and Redundancy	153
Power Conservation and Power Budget	153
Maximum Power Conservation Mode	154
Server Power Reduction to Maintain Power Budget	154
110V PSUs AC Operation	154
Remote Logging	154
External Power Management	154
Configuring Power Budget and Redundancy Using CMC Web Interface	155
Configuring Power Budget and Redundancy Using RACADM	155
Executing Power Control Operations	157
Executing Power Control Operations on the Chassis	157
Executing Power Control Operations on the Chassis Using Web Interface	157
Executing Power Control Operations on the Chassis Using RACADM	157
Executing Power Control Operations on a Server	158
Executing Power Control Operations for Multiple Servers Using CMC Web Interface	158
Executing Power Control Operations on the IOM	158
Executing Power Control Operations on IOM Using CMC Web Interface	158
Executing Power Control Operations on the IOM Using RACADM	159
Managing Chassis Storage	161
Viewing Status of the Storage Components	161
Viewing the Storage Topology	161
Assigning Virtual Adapters To Slots	161
Viewing Controller Properties Using CMC Web Interface	162
Viewing Controller Properties Using RACADM	162
Importing or Clearing Foreign Configuration	162
Viewing Physical Disk Properties Using the CMC Web Interface	162
Viewing Physical Disk Drives Properties Using RACADM	163
Identifying Physical Disks and Virtual Disks	163
Assigning Global Hot Spares Using CMC Web Interface	163
Assigning Global Hot Spares Using RACADM	163
Viewing Virtual Disk Properties Using CMC Web Interface	163
Viewing Virtual Disk Properties Using RACADM	164
Creating Virtual Disk Using CMC Web Interface	164
Applying Virtual Adapter Access Policy To Virtual Disks	164
Modifying Virtual Disk Properties Using CMC Web Interface	164
Viewing Enclosure Properties Using CMC Web Interface	165
Managing PCIe Slots	167
Viewing PCIe Slot Properties Using CMC Web Interface	167
Assigning PCIe Slots To Servers Using CMC Web Interface	167
Managing PCIe Slots Using RACADM	168
Troubleshooting and Recovery	169
Gathering Configuration Information, Chassis Status, and Logs Using RACDUMP	169
Supported Interfaces	169
Downloading SNMP Management Information Base (MIB) File	170
First Steps to Troubleshoot a Remote System	170
Power Troubleshooting	170
Troubleshooting Alerts	172
Viewing Event Logs	172
Viewing Hardware Log	172
Viewing Chassis Log	173
Using Diagnostic Console	173
Resetting Components	174
Saving or Restoring Chassis Configuration	174
Troubleshooting Network Time Protocol (NTP) Errors	174
Interpreting LED Colors and Blinking Patterns	175
Troubleshooting Non-responsive CMC	177
Observing LEDs to Isolate the Problem	177
Obtain Recovery Information from DB-9 Serial Port	177
Recovering Firmware Image	178
Troubleshooting Network Problems	178
Troubleshooting Controller	179
Using LCD Panel Interface	181
LCD Navigation	181
Main Menu	182
KVM Mapping Menu	182
DVD Mapping	182
Enclosure Menu	183
IP Summary Menu	183
Settings	183
Settings	183
Diagnostics	184
Front Panel LCD Messages	184
LCD Module and Server Status Information	185
Frequently Asked Questions	189
RACADM	189
Managing and Recovering a Remote System	189
Active Directory	191
FlexAddress and FlexAddressPlus	191

Match case Limit results 1 per page

Configuring CMC For Single Sign-On Or Smart

Card Login

This section provides information to configure CMC for Smart Card login and Single Sign-On (SSO) login for Active

Directory users.

SSO uses Kerberos as an authentication method allowing users, who have signed in as an automatic- or single sign-on

to subsequent applications such as Exchange. For single sign-on login, CMC uses the client system’s credentials, which

are cached by the operating system after you log in using a valid Active Directory account.

Two-factor-authentication, provides a higher-level of security by requiring users to have a password or PIN, and a

physical card containing a private key or digital certificate. Kerberos uses this two-factor authentication mechanism

allowing systems to prove their authenticity.

NOTE:

Selecting a login method does not set policy attributes with respect to other login interfaces, for example,

SSH. You must set other policy attributes for other login interfaces also. If you want to disable all other login

interfaces, navigate to the

Services

page and disable all (or some) the login interfaces.

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008

can use Kerberos as the authentication mechanism for SSO and smart card login.

For information about Kerberos, see the Microsoft Website.

System Requirements

To use the Kerberos authentication, the network must include:

•

DNS server

•

Microsoft Active Directory Server

NOTE:

If you are using Active Directory on Microsoft Windows 2003, make sure that you have the latest

service packs and patched installed on the client system. If you are using Active Directory on Microsoft

Windows 2008, make sure that you have installed SP1 along with the following hot fixes:

Windows6.0-KB951191-x86.msu

for the KTPASS utility. Without this patch the utility generates bad keytab

files.

Windows6.0-KB957072-x86.msu

for using GSS_API and SSL transactions during an LDAP bind.

•

Kerberos Key Distribution Center (packaged with the Active Directory Server software).

•

DHCP server (recommended).

•

The DNS server reverse zone must have an entry for the Active Directory server and CMC.

Client Systems

•

For only Smart Card login, the client system must have the Microsoft Visual C++ 2005 redistributable. For more

information see

www.microsoft.com/downloads/details.aspx?FamilyID=

32BC1BEEA3F9-4C13-9C99-220B62A191EE&displaylang=en

•

For Single Sign-On or smart card login, the client system must be a part of the Active Directory domain and

Kerberos Realm.

119