Users Guide
– Specify a Domain — enter the domain name to use for the DNS lookup
• To enable CMC to use the specied Active Directory Domain Controller server addresses, select Specify Domain Controller
Addresses . These are the addresses of the domain controllers where the CMC device object and the associated objects are
located.
4 Click Apply to save the settings.
NOTE: You must apply the settings before continuing. If you do not apply the settings, the settings are lost when you
navigate to the next page.
5
In the Extended Schema Settings section, type the CMC device name and the domain name.
6 If you have enabled certicate validation, you must upload the domain forest root certicate authority-signed certicate to CMC. In
the Manage Certicates section, type the le path of the certicate or browse to the certicate le. Click Upload to upload the le to
CMC.
NOTE: The File Path value displays the relative le path of the certicate you are uploading. You must type the absolute
le path, which includes the full path and the complete le name and le extension.
The SSL certicates for the domain controllers must be signed by the root certicate authority-signed certicate. The root certicate
authority-signed certicate must be available on the management station accessing CMC.
CAUTION: SSL certicate validation is required by default. Disabling this certicate is not
recommended.
7 If you have enabled Single Sign-On (SSO), in the Kerberos Keytab section, click Browse, specify the keytab le and click Upload.
When the upload is complete, a message is displayed indicating a successful or failed upload.
8 Click Apply.
The CMC web server automatically restarts after you click Apply.
9 Log in to the CMC Web interface.
10 Select Chassis in the system tree, click the Network tab, and then click the Network subtab. The Network Conguration page is
displayed.
11 If Use DHCP for CMC Network Interface IP Address is enabled, do one of the following:
• Select Use DHCP to Obtain DNS Server Addresses to enable the DHCP server to obtain the DNS server addresses
automatically.
• Manually congure a DNS server IP address by leaving the Use DHCP to Obtain DNS Server Addresses check box unchecked
and then typing your primary and alternate DNS server IP addresses in the elds provided.
12 Click Apply Changes.
The Active Directory settings for extended schema is congured.
Conguring Active Directory With Extended Schema Using RACADM
To congure a CMC Active Directory with Extended Schema by using the RACADM commands, oen a command prompt and enter the
following commands at the command prompt:
racadm config -g cfgActiveDirectory -o cfgADEnable 1
racadm config -g cfgActiveDirectory -o cfgADType 1
racadm config -g cfgActiveDirectory -o cfgADRacName <RAC common name>
racadm config -g cfgActiveDirectory -o cfgADRacDomain < fully qualified rac domain name >
racadm config -g cfgActiveDirectory -o cfgADDomainController1 < fully qualified domain name or
IP Address of the domain controller >
racadm config -g cfgActiveDirectory -o cfgADDomainController2 < fully qualified domain name or
IP Address of the domain controller >
racadm config -g cfgActiveDirectory -o cfgADDomainController3 < fully qualified domain name or
IP Address of the domain controller >
NOTE
: You must congure at least one of the three addresses. CMC attempts to connect to each of the congured addresses
one-by-one until it makes a successful connection. With Extended Schema, these are the FQDN or IP addresses of the domain
controllers where this CMC device is located.
Conguring User Accounts and Privileges 145