Manualshelf

Owner's Manual

ManualsBrandsDell ManualsSoftwareDell Chassis Management Controller Version 4.1
301302303304305306307308309310
302 Using the CMC Directory Service
Run the ktpass utility—part of Microsoft Windows—on the domain
controller (Active Directory server) where you want to map CMC to a user
account in Active Directory. For example,
C:\>ktpass -princ
HTTP/cmcname.domain_name.com@REALM_NAME.COM -mapuser
dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL
-pass * -out c:\krbkeytab
NOTE: The cmcname.domainname.com must be lower case as required
by RFC and the REALM name, @REALM_NAME must be uppercase. In addition,
CMC supports the DES-CBC-MD5 type of cryptography for Kerberos authentication.
This procedure produces a keytab file that you must upload to CMC.
NOTE: The keytab contains an encryption key and must be kept secure. For more
information on the ktpass utility, see the Microsoft website at:
technet2.microsoft.com/windowsserver/en/library/64042138-9a5a-4981-84e9-
d576a8db0d051033.mspx?mfr=true.
Configuring CMC
NOTE: The configuration steps described in this section apply only to the CMC's
Web access.
Configure CMC to use the Standard Schema role group(s) set up in Active
Directory. For more information, see "Configuring Standard Schema Active
Directory to Access CMC" on page 272.
Uploading the Kerberos Keytab File
The Kerberos keytab file serves as the CMC's user name and password
credentials to the Kerberos Data Center (KDC), which in turns allows access
to the Active Directory. Each CMC in the Kerberos realm must be registered
with the Active Directory and must have a unique keytab file.