User's Manual

ManualsBrandsDell ManualsSoftwareDell Chassis Management Controller Version 3.0

271

272

273

274

275

276

277

278

279

280

Using the CMC Directory Service 271

CMC

• The CMC must have firmware version 2.10 or later

• Each CMC must have an Active Directory account

• The CMC must be a part of the Active Directory domain

and Kerberos Realm

Configuring Settings

Prerequisites

• The Kerberos realm & Key Distribution Center (KDC) for Active

Directory (AD) has been setup (ksetup).

• A robust NTP and DNS infrastructure to avoid issues with clock drift &

reverse lookup

• The CMC standard schema role group with authorized members

Configuring Active Directory

On the CMC Properties dialog box under the Accounts options section,

configure these settings:

•

Account is trusted for delegation

— Currently the CMC does not use

forwarded credentials that are created when this option is selected.

You may or may not select this option depending upon other

services requirements.

•

Account is sensitive and cannot be delegated

— You may or may not

select this option depending upon other services requirements.

•

User Kerberos DES encryption types for the account

— Select this option.

•

Do not require Kerberos preauthentication

— Do not select this option.

Run the ktpass utility—part of Microsoft Windows—on the domain

controller (Active Directory server) where you want to map the CMC to a

user account in Active Directory. For example,

C:\>ktpass -princ

HTTP/cmcname.domain_name.com@REALM_NAME.COM -mapuser

dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL

-pass * -out c:\krbkeytab