Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 2.10 For Dell PowerEdge FX2

121

122

123

124

125

126

127

128

129

130

Conguring CMC SSO login or Smart Card login for

Active Directory users using RACADM

In addition to the steps performed while conguring Active Directory, run the following command to enable SSO:

racadm config -g cfgActiveDirectory -o cfgADSSOEnable 1

In addition to the steps performed while conguring Active Directory, use the following objects to enable smart card login:

• cfgSmartCardLogonEnable

• cfgSmartCardCRLEnable

Conguring CMC SSO Or Smart Card Login For

Active Directory Users Using Web Interface

To congure Active Directory SSO or smart card login for CMC:

NOTE: For information about the options, see the

CMC for Dell PowerEdge FX2/FX2s Online Help

1 While conguring Active Directory to setup a user account, perform the following additional steps:

• Upload the keytab le.

• To enable SSO, select the Enable Single Sign-On option.

• To enable smart card login, select the Enable Smart-Card Login option.

NOTE

: If these two options are selected, all command line out-of-band interfaces, including secure shell (SSH), Telnet,

Serial, and remote RACADM remain unchanged .

2 Click Apply.

The settings are saved.

You can test the Active Directory using Kerberos authentication using the RACADM command:

testfeature -f adkrb -u <user>@<domain>

where <user> is a valid Active Directory user account.

A command success indicates that CMC is able to acquire Kerberos credentials and access the user's Active Directory account. If the

command is not successful, resolve the error and run the command again. For more information, see the Dell Chassis Management

Controller for PowerEdge FX2/FX2s RACADM Command Line Reference Guide on dell.com/support/manuals.

Uploading Keytab le

The Kerberos keytab le serves as the CMC's user name and password credentials to the Kerberos Data Center (KDC), which in turns

allows access to the Active Directory. Each CMC in the Kerberos realm must be registered with the Active Directory and must have a

unique keytab le.

You can upload a Kerberos Keytab generated on the associated Active Directory Server. You can generate the Kerberos Keytab from the

Active Directory Server by executing the ktpass.exe utility. This keytab establishes a trust relationship between the Active Directory Server

and CMC.

To upload the keytab le:

1 In the left pane, click Chassis Overview > User Authentication > Directory Services.

2 Select Microsoft Active Directory (Standard Schema).

3 In the Kerberos Keytab section, click Browse, select a keytab le, and click Upload.

When the upload is complete, a message is displayed indicating whether the keytab le is successfully uploaded or not.

Conguring

CMC for Single Sign-On or Smart Card login 121