Users Guide
154 Configuring Smart Card Authentication
When you select
Enable with Remote Racadm
, all CLI out-of-band
interfaces, except remote racadm, are disabled.
NOTE: Dell recommends that the DRAC 5 administrator use the Enable with
Remote Racadm setting only to access the DRAC 5 user interface to run
scripts using the remote racadm commands. If the administrator does not
need to use the remote racadm, Dell recommends the Enabled setting for
Smart Card logon. Also, ensure that the DRAC 5 local user configuration
and/or Active Directory configuration is complete before enabling Smart
Card Logon.
•
Enable CRL check for Smart Card Logon
, the user's DRAC certificate,
which is downloaded from the Certificate Revocation List (CRL)
distribution server is checked for revocation in the CRL.
NOTE: The CRL distribution servers are listed in the Smart Card certificates of
the users.
Configuring Local DRAC 5 Users for
Smart Card Logon
You can configure the local DRAC 5 users to log into the DRAC 5 using the
Smart Card. Navigate to Remote Access Configuration Users.
However, before the user can log into the DRAC 5 using the Smart Card,
you must upload the user's Smart Card certificate and the trusted Certificate
Authority (CA) certificate to the DRAC 5.
Exporting the Smart Card Certificate
You can obtain the user's certificate by exporting the Smart Card certificate
using the card management software (CMS) from the Smart Card to a file in
the Base64 encoded form. You can usually obtain the CMS from the vendor
of the Smart Card. This encoded file should be uploaded as the user's
certificate to the DRAC 5. The trusted Certificate Authority that issues the
Smart Card user certificates should also export the CA certificate to a file in
the Base64 encoded form. You should upload this file as the trusted CA
certificate for the user. Configure the user with the username that forms the
user’s User Principle Name (UPN) in the Smart Card certificate.
NOTE: To log into the DRAC 5, the user name that you configure in the DRAC 5
should have the same case as the User Principle Name (UPN) in the Smart Card
certificate.