Users Guide
Supported Active Directory authentication mechanisms
You can use Active Directory to dene CMC user access using two methods:
• Standard schema solution that uses Microsoft’s default Active Directory group objects only.
• Extended schema solution that has customized Active Directory objects provided by Dell. All the access control objects are maintained
in Active Directory. It provides maximum exibility to congure user access on dierent CMCs with varying privilege levels.
Standard schema Active Directory overview
As shown in the following gure, using standard schema for Active Directory integration requires conguration on both Active Directory and
CMC.
In Active Directory, a standard group object is used as a role group. A user who has CMC access is a member of the role group. To give this
user access to a specic CMC card, the role group name and its domain name need to be congured on the specic CMC card. The role
and the privilege level is dened on each CMC card and not in the Active Directory. You can congure up to ve role groups in each CMC.
The following table shows the default role group privileges.
Table 20. : Default Role Group Privileges
Role Group Default Privilege Level Permissions Granted Bit Mask
1 None
• CMC Login User
• Chassis Conguration Administrator
• User Conguration Administrator
• Clear Logs Administrator
• Chassis Control Administrator (Power Commands)
• Server Administrator
• Test Alert User
• Debug Command Administrator
• Fabric A Administrator
0x00000f
2 None
• CMC Login User
• Clear Logs Administrator
• Chassis Control Administrator (Power Commands)
• Server Administrator
• Test Alert User
• Fabric A Administrator
0x00000ed9
3 None CMC Login User 0x00000001
4 None No assigned permissions 0x00000000
5 None No assigned permissions 0x00000000
NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.
NOTE: For more information about user privileges, see Types of Users.
114 Conguring user accounts and privileges