Users Guide
NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.
NOTE: For more information about user privileges, see Types of Users.
Conguring Standard Schema Active Directory
To congure CMC for a Active Directory login access:
1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in.
2 Using the CMC Web interface or RACADM:
a Create a group or select an existing group.
b Congure the role privileges.
3 Add the Active Directory user as a member of the Active Directory group to access CMC.
Conguring Active Directory With Standard Schema Using CMC Web
Interface
NOTE: For information about the various elds, see the
CMC Online Help
.
1 In the system tree, go to Chassis Overview, and then click User Authentication > Directory Services. The Directory Services page
is displayed.
2 Select Microsoft Active Directory (Standard Schema). The settings to be congured for standard schema is displayed on the same
page.
3 Specify the following:
• Enable Active Directory, enter the root domain name, and the timeout value.
• If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional)
option and specify the domain controller and global catalog details.
4 Click Apply to save the settings.
NOTE
: You must apply the settings before continuing. If you do not apply the settings, the settings are lost when you
navigate to the next page.
5 In the Standard Schema Settings section, click a Role Group. The Congure Role Group page is displayed.
6 Specify the group name, domain, and privileges for a role group.
7 Click Apply to save the role group settings and then click Go Back To Conguration page.
8 If you have enabled certicate validation, you must upload the domain forest root certicate authority-signed certicate to CMC. In
the Manage Certicates section, type the le path of the certicate or browse to the certicate le. Click Upload to upload the le to
CMC.
NOTE
: The File Path value displays the relative le path of the certicate you are uploading. You must type the absolute le
path, which includes the full path and the complete le name and le extension.
The SSL certicates for the domain controllers must be signed by the root certicate authority-signed certicate. The root certicate
authority-signed certicate must be available on the management station accessing CMC.
9 If you have enabled Single Sign-On (SSO), in the Kerberos Keytab section, click Browse, specify the keytab le and click Upload.
When the upload is complete, a message is displayed indicating a successful or failed upload.
10 Click Apply. The CMC Web server automatically restarts after you click Apply.
11 Log out and then log in to CMC to complete the CMC Active Directory conguration.
12 Select Chassis in the system tree, and navigate to the Network tab. The Network Conguration page appears.
13 Under Network Settings, if Use DHCP (for CMC Network Interface IP Address) is selected, select Use DHCP to obtain DNS
server address.
To manually enter a DNS server IP address, clear Use DHCP to obtain DNS server addresses and type the primary and alternate DNS
server IP addresses.
144
Conguring User Accounts and Privileges