Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 5.10 for Dell PowerEdge M1000E

171

172

173

174

175

176

177

178

179

180

Service Principal Name (SPN) bindings to a user account and export the trust information into a MIT-style

Kerberos keytab file. For more information on the ktpass utility, see the Microsoft website.

Before generating a keytab file, you must create an Active Directory user account for use with the -

mapuser option of the ktpass command. You must use the same name as the CMC DNS name, to which

you upload the generated keytab file.

To generate a keytab file using the ktpass tool:

1. Run the ktpass utility on the domain controller (Active Directory server) where you want to map CMC

to a user account in Active Directory.

2. Use the following ktpass command to create the Kerberos keytab file:

C:\>ktpass -princ HTTP/cmcname.domainname.com@DOMAINNAME.COM -mapuser

keytabuser -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out c:

\krbkeytab

NOTE: The cmcname.domainname.com must be lower case as required by RFC and the

@REALM_NAME must be uppercase. In addition, CMC supports the DES-CBC-MD5 type of

cryptography for Kerberos authentication.

A keytab file is generated that must be uploaded to CMC.

NOTE: The keytab contains an encryption key and must be kept secure. For more information

on the ktpass utility, see the Microsoft website.

Configuring CMC For Active Directory Schema

For information to configure CMC for Active Directory standard schema, see Configuring Standard

Schema Active Directory.

For information to configure CMC for Extended Schema Active Directory, see Extended Schema Active

Directory Overview.

Configuring Browser For SSO Login

Single Sign-On (SSO) is supported on Internet Explorer versions 6.0 and later and Firefox versions 3.0 and

later.

NOTE: The following instructions are applicable only if CMC uses Single Sign-On with Kerberos

authentication.

Internet Explorer

To configure Internet Explorer for Single Sign-On:

1. In the Internet Explorer, select Tools → Internet Options.

2. On the Security tab, under Select a zone to view or change security settings, select Local Intranet.

3. Click Sites.

The Local Intranet dialog box is displayed.

4. Click Advanced.

The Local Intranet Advance Settings dialog box is displayed.

5. In the Add this site to the zone, type the name of CMC and the domain it belongs to and click Add.

NOTE: You can use a wildcard (*) to specify all devices or users in that domain.

174