Users Guide

NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.
NOTE: For more information about user privileges, see Types of Users.
Conguring Standard Schema Active Directory
To congure CMC for a Active Directory login access:
1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in.
2 Using the CMC Web interface or RACADM:
a Create a group or select an existing group.
b Congure the role privileges.
3 Add the Active Directory user as a member of the Active Directory group to access CMC.
Conguring Active Directory With Standard Schema Using CMC Web
Interface
NOTE: For information about the various elds, see the
CMC Online Help
.
1 In the system tree, go to Chassis Overview, and then click User Authentication > Directory Services. The Directory Services page
is displayed.
2 Select Microsoft Active Directory (Standard Schema). The settings to be congured for standard schema is displayed on the same
page.
3 Specify the following:
Enable Active Directory, enter the root domain name, and the timeout value.
If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional)
option and specify the domain controller and global catalog details.
4 Click Apply to save the settings.
NOTE
: You must apply the settings before continuing. If you do not apply the settings, the settings are lost when you
navigate to the next page.
5 In the Standard Schema Settings section, click a Role Group. The Congure Role Group page is displayed.
6 Specify the group name, domain, and privileges for a role group.
7 Click Apply to save the role group settings and then click Go Back To Conguration page.
8 If you have enabled certicate validation, you must upload the domain forest root certicate authority-signed certicate to CMC. In
the Manage Certicates section, type the le path of the certicate or browse to the certicate le. Click Upload to upload the le to
CMC.
NOTE
: The File Path value displays the relative le path of the certicate you are uploading. You must type the absolute le
path, which includes the full path and the complete le name and le extension.
The SSL certicates for the domain controllers must be signed by the root certicate authority-signed certicate. The root certicate
authority-signed certicate must be available on the management station accessing CMC.
9 If you have enabled Single Sign-On (SSO), in the Kerberos Keytab section, click Browse, specify the keytab le and click Upload.
When the upload is complete, a message is displayed indicating a successful or failed upload.
10 Click Apply. The CMC Web server automatically restarts after you click Apply.
11 Log out and then log in to CMC to complete the CMC Active Directory conguration.
12 Select Chassis in the system tree, and navigate to the Network tab. The Network Conguration page appears.
13 Under Network Settings, if Use DHCP (for CMC Network Interface IP Address) is selected, select Use DHCP to obtain DNS
server address.
To manually enter a DNS server IP address, clear Use DHCP to obtain DNS server addresses and type the primary and alternate DNS
server IP addresses.
144
Conguring User Accounts and Privileges