Users Guide
The settings are saved.
You can test the Active Directory using Kerberos authentication using the RACADM command:
testfeature -f adkrb -u <user>@<domain>
where <user> is a valid Active Directory user account.
A command success indicates that CMC is able to acquire Kerberos credentials and access the user's Active Directory account.
If the command is not successful, resolve the error and run the command again. For more information, see RACADM Chassis
Management Controller for Dell PowerEdge M1000e RACADM Command Line Reference Guide on dell.com/support/manuals.
Uploading the Keytab File
The Kerberos keytab le serves as the CMC's user name and password credentials to the Kerberos Data Center (KDC), which in
turns allows access to the Active Directory. Each CMC in the Kerberos realm must be registered with the Active Directory and must
have a unique keytab le.
You can upload a Kerberos Keytab generated on the associated Active Directory Server. You can generate the Kerberos Keytab from
the Active Directory Server by executing the ktpass.exe utility. This keytab establishes a trust relationship between the Active
Directory Server and CMC.
To upload the keytab le:
1. In the system tree, go to Chassis Overview, and then click User Authentication → Directory Services.
2. Select Microsoft Active Directory (Standard Schema).
3. In the Kerberos Keytab section, click Browse, select keytab le, and click Upload.
When the upload is complete, a message is displayed indicating whether the keytab le is successfully uploaded or not.
Conguring CMC SSO Login Or Smart Card Login For Active Directory Users Using RACADM
In addition to the steps performed while conguring Active Directory, run the following command to enable SSO:
racadm config -g cfgActiveDirectory -o cfgADSSOEnable 1
In addition to the steps performed while conguring Active Directory, use the following objects to enable smart card login:
• cfgSmartCardLogonEnable
• cfgSmartCardCRLEnable
144