Users Guide
Using the DRAC 5 With Microsoft Active Directory 141
5
Click
Next
and select whether you would like Windows to automatically
select the certificate store based on the type of certificate, or browse to a
store of your choice.
6
Click
Finish
and click
OK
.
Setting the SSL Time on the DRAC 5
When the DRAC 5 authenticates an Active Directory user, the DRAC 5 also
verifies the certificate published by the Active Directory server to ensure that
the DRAC is communicating with an authorized Active Directory server.
This check also ensures that the validity of the certificate is within the time
range specified by the DRAC 5. However, there could be a mismatch between
the time zones specified on the certificate and the DRAC 5. This could
happen when the DRAC 5 time reflects the local system time and the
certificate reflects time in GMT.
To ensure that the DRAC 5 uses the GMT time to compare with the
certificate times, you must set the time zone offset object.
racadm config -g cfgRacTuning -o
cfgRacTuneTimeZoneOffset <offset value>
See "cfgRacTuneTimezoneOffset (Read/Write)" on page 380 for more
details.
Supported Active Directory Configuration
The Active Directory querying algorithm of the DRAC 5 supports multiple
trees in a single forest.
DRAC 5 Active Directory Authentication supports mixed mode (that is, the
domain controllers in the forest run different operating systems, such as
Microsoft Windows NT 4.0, Windows 2000, or Windows Server 2003).
However, all objects used by the DRAC 5 querying process (among user,
RAC Device Object, and Association Object) should be in the same domain.
The Dell-extended Active Directory Users and Computers snap-in checks
the mode and limits users in order to create objects across domains if in
mixed mode.