Users Guide
• To enable CMC to use the specied Active Directory Domain Controller server addresses, select Specify Domain Controller
Addresses . These server addresses are the addresses of the domain controllers where the user accounts and the role
groups are located.
4. Click Apply to save the settings.
NOTE: You must apply the settings before continuing. If you do not apply the settings, the settings are lost when
you navigate to the next page.
5. In the Standard Schema Role Groups section, click a Role Group. The Congure Role Group page is displayed.
6. Specify the group name, domain, and privileges for a role group.
7. Click Apply to save the role group settings and then click Go Back To Conguration page.
8. If you have enabled certicate validation, you must upload the domain forest root certicate authority-signed certicate to
CMC. In the
Manage Certicates section, type the le path of the certicate or browse to the certicate le. Click Upload to
upload the le to CMC.
NOTE: The File Path value displays the relative le path of the certicate you are uploading. You must type the
absolute le path, which includes the full path and the complete le name and le extension.
The SSL certicates for the domain controllers must be signed by the root certicate authority-signed certicate. The root
certicate authority-signed certicate must be available on the management station accessing CMC.
9. If you have enabled Single Sign-On (SSO), in the Kerberos Keytab section, click Browse, specify the keytab le and click
Upload. When the upload is complete, a message is displayed indicating a successful or failed upload.
10. Click Apply. The CMC Web server automatically restarts after you click Apply.
11. Log out and then log in to CMC to complete the CMC Active Directory conguration.
12. Select Chassis in the system tree, and navigate to the Network tab. The Network Conguration page is displayed.
13. Under Network Settings, if Use DHCP (for CMC Network Interface IP Address) is selected, select Use DHCP to obtain
DNS server address.
To manually enter a DNS server IP address, clear Use DHCP to obtain DNS server addresses and type the primary and
alternate DNS server IP addresses.
14. Click Apply Changes.
The CMC Standard Schema Active Directory feature conguration is complete.
Conguring Active Directory With Standard Schema Using RACADM
At the RACADM command prompt, run the following commands:
• Using cong command:
racadm config -g cfgActiveDirectory -o cfgADEnable 1
racadm config -g cfgActiveDirectory -o cfgADType 2
racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupName <common name of
the role group>
racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupDomain <fully
qualified domain name>
racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupPrivilege <Bit Mask
Value for specific RoleGroup permissions>
racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully qualified domain
name or IP address of the domain controller>
racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully qualified domain
name or IP address of the domain controller>
racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully qualified domain
name or IP address of the domain controller>
NOTE: Enter the FQDN of the domain controller, not the FQDN of the domain. For example, enter
servername.dell.com instead of dell.com.
NOTE:
At least one of the three addresses is required to be congured. CMC attempts to connect to each of the congured
addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the
domain controllers where the user accounts and the role groups are located.
racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog1 <fully qualified domain
name or IP address of the domain controller>
119