Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 3.20 For Dell PowerEdge VRTX

131

132

133

134

135

136

137

138

139

140

11 Log out and then log in to CMC to complete the CMC Active Directory conguration.

12 Select Chassis in the system tree, and navigate to the Network tab. The Network Conguration page is displayed.

13 Under Network Settings, if Use DHCP (for CMC Network Interface IP Address) is selected, select Use DHCP to obtain DNS

server address.

To manually enter a DNS server IP address, clear Use DHCP to obtain DNS server addresses and type the primary and alternate DNS

server IP addresses.

14 Click Apply Changes.

The CMC Standard Schema Active Directory feature conguration is complete.

Conguring Active Directory With Standard Schema Using RACADM

At the RACADM command prompt, run the following commands:

• Using cong command:

racadm config -g cfgActiveDirectory -o cfgADEnable 1

racadm config -g cfgActiveDirectory -o cfgADType 2

racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupName <common name of the

role group>

racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupDomain <fully qualified

domain name>

racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupPrivilege <Bit Mask

Value for specific RoleGroup permissions>

racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully qualified domain

name or IP address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully qualified domain

name or IP address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully qualified domain

name or IP address of the domain controller>

NOTE

: Enter the FQDN of the domain controller, not the FQDN of the domain. For example, enter

servername.dell.com instead of dell.com.

NOTE:

At least one of the three addresses is required to be congured. CMC attempts to connect to each of the congured addresses

one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers

where the user accounts and the role groups are located.

racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog1 <fully qualified domain name

or IP address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog2 <fully qualified domain name

or IP address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog3 <fully qualified domain name

or IP address of the domain controller>

NOTE

: The Global Catalog server is only required for standard schema when the user accounts and role groups are in

dierent domains. In multiple domain case, only the Universal Group can be used.

NOTE: The FQDN or IP address that you specify in this eld should match the Subject or Subject Alternative Name eld of

your domain controller certicate if you have certicate validation enabled.

If you want to disable the certicate validation during the SSL handshake, run the following RACADM command:

• Using the cong command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0

In this case, you do not have to upload the Certicate Authority (CA) certicate.

To enforce the certicate validation during SSL handshake (optional):

• Using the cong command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1

136

Conguring User Accounts and Privileges