Users Guide
9. Log in to the CMC Web interface.
10. Select Chassis in the system tree, click the Network tab, and then click the Network subtab. The Network Configuration
page is displayed.
11. If Use DHCP for CMC Network Interface IP Address is enabled, do one of the following:
• Select Use DHCP to Obtain DNS Server Addresses to enable the DHCP server to obtain the DNS server addresses
automatically.
• Manually configure a DNS server IP address by leaving the Use DHCP to Obtain DNS Server Addresses check box
unchecked and then typing your primary and alternate DNS server IP addresses in the fields provided.
12. Click Apply Changes.
The Active Directory settings for extended schema is configured.
Configuring Active Directory With Extended Schema Using RACADM
To configure a CMC Active Directory with Extended Schema by using the RACADM commands, oen a command prompt and enter
the following commands at the command prompt:
racadm config -g cfgActiveDirectory -o cfgADEnable 1
racadm config -g cfgActiveDirectory -o cfgADType 1
racadm config -g cfgActiveDirectory -o cfgADRacName <RAC common name>
racadm config -g cfgActiveDirectory -o cfgADRacDomain < fully qualified rac domain name >
racadm config -g cfgActiveDirectory -o cfgADDomainController1 < fully qualified domain name
or IP Address of the domain controller >
racadm config -g cfgActiveDirectory -o cfgADDomainController2 < fully qualified domain name
or IP Address of the domain controller >
racadm config -g cfgActiveDirectory -o cfgADDomainController3 < fully qualified domain name
or IP Address of the domain controller >
NOTE: You must configure at least one of the three addresses. CMC attempts to connect to each of the configured
addresses one-by-one until it makes a successful connection. With Extended Schema, these are the FQDN or IP
addresses of the domain controllers where this CMC device is located.
To disable the certificate validation during an handshake (optional):
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0
NOTE: In this case, you do not have to upload a CA certificate.
To enforce the certificate validation during SSL handshake (optional):
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1
In this case, you must upload a CA certificate:
racadm sslcertupload -t 0x2 -f < ADS root CA certificate >
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that
DNS is configured correctly under.
Using the following RACADM command may be optional:
racadm sslcertdownload -t 0x1 -f < RAC SSL certificate >
Configuring Generic LDAP Users
CMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does
not require any schema extension on your directory services.
A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires configuration on both
LDAP server and CMC. On the LDAP server, a standard group object is used as a role group. A user who has CMC access becomes
a member of the role group. Privileges are still stored on CMC for authorization similar to the working of the Standard Schema
setup with Active Directory support.
To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured on the
specific CMC card. You can configure a maximum of five role groups in each CMC. A user has the option to be added to multiple
groups within the directory service. If a user is a member of multiple groups, then the user obtains the privileges of all their groups.
129