Users Guide
使用 RACADM 配置具有标准架构的 Active Directory
使用 RACADM 配置具有标准架构的 iDRAC7 Active Directory:
1. 在 racadm 命令提示符下,运行以下命令:
– 使用 config 命令:
racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g
cfgActiveDirectory -o cfgADType 2 racadm config -g cfgStandardSchema -i
<index> -o cfgSSADRoleGroupName <common name of the role group> racadm
config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupDomain <fully
qualified domain name> racadm config -g cfgStandardSchema -i <index> -o
cfgSSADRoleGroupPrivilege <Bit Mask Value for specific RoleGroup
permissions> racadm config -g cfgActiveDirectory -o
cfgADDomainController1 <fully qualified domain name or IP address of the
domain controller> racadm config -g cfgActiveDirectory -o
cfgADDomainController2 <fully qualified domain name or IP address of the
domain controller> racadm config -g cfgActiveDirectory -o
cfgADDomainController3 <fully qualified domain name or IP address of the
domain controller> racadm config -g cfgActiveDirectory -o
cfgADGlobalCatalog1 <fully qualified domain name or IP address of the
domain controller> racadm config -g cfgActiveDirectory -o
cfgADGlobalCatalog2 <fully qualified domain name or IP address of the
domain controller> racadm config -g cfgActiveDirectory -o
cfgADGlobalCatalog3 <fully qualified domain name or IP address of the
domain controller>
– 使用 set 命令:
racadm set iDRAC.ActiveDirectory.Enable 1 racadm set
iDRAC.ActiveDirectory.Schema 2 racadm set iDRAC.ADGroup.Name <common name
of the role group> racadm set iDRAC.ADGroup.Domain <fully qualified
domain name> racadm set iDRAC.ADGroup.Privilege <Bit Mask Value for
specific RoleGroup permissions> racadm set
iDRAC.ActiveDirectory.DomainController1 <fully qualified domain name or
IP address of the domain controller> racadm set
iDRAC.ActiveDirectory.DomainController2 <fully qualified domain name or
IP address of the domain controller> racadm set
iDRAC.ActiveDirectory.DomainController3 <fully qualified domain name or
IP address of the domain controller> racadm set
iDRAC.ActiveDirectory.GlobalCatalog1 <fully qualified domain name or IP
address of the domain controller> racadm set
iDRAC.ActiveDirectory.GlobalCatalog2 <fully qualified domain name or IP
address of the domain controller> racadm set
iDRAC.ActiveDirectory.GlobalCatalog3 <fully qualified domain name or IP
address of the domain controller>
有关特定角色组权限的位掩码值,请参阅默认角色组权限。
输入域控制器的 FQDN,而不是域的 FQDN。例如,输入 servername.dell.com 而不是
dell.com。
三个地址中至少有一个需要进行配置。iDRAC7 逐一尝试连接到每个配置的地址,直到成功建立连接。
使用标准架构时,这些是用户帐户和角色组所在域控制器的地址。
只有用户帐户和角色组位于不同的域中时,标准架构才需要全局编录服务器。在多个域的情况下,只
能使用通用组。
如果您启用了证书验证,则在此字段中指定的 FQDN 或 IP 地址应与域控制器证书的 Subject(主题)或
Subject Alternative Name(主题备用名称)字段相符。
如果要禁用 SSL 握手过程中的证书验证,请输入以下 RACADM 命令:
– 使用 config 命令:racadm config -g cfgActiveDirectory -o
cfgADCertValidationEnable 0
128