Users Guide
Table Of Contents
- Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers Version 3.0
- User Guide
- Contents
- iDRAC6 Enterprise Overview
- Configuring iDRAC6 Enterprise
- Before You Begin
- Interfaces for Configuring iDRAC6
- Configuration Tasks
- Configure the Management Station
- Configure iDRAC6 Networking
- Configure iDRAC6 Users
- Configure Directory Services
- Configure IP Filtering and IP Blocking
- Configure Platform Events
- Enabling or Disabling Local Configuration Access
- Configure iDRAC6 Services
- Configure Secure Sockets Layer (SSL)
- Configure Virtual Media
- Configure a vFlash Media Card
- Install the Managed Server Software
- Configure the Managed Server for the Last Crash Screen Feature
- Configuring Network Settings Using CMC Web Interface
- Viewing FlexAddress Mezzanine Card Fabric Connections
- Remote Syslog
- First Boot Device
- Remote File Share
- Internal Dual SD Module
- Updating iDRAC6 Firmware
- Updating the USC Repair Package
- Configuring iDRAC6 For Use With IT Assistant
- Using iDRAC6 Configuration Utility to Enable Discovery and Monitoring
- Using iDRAC6 Web Interface to Enable Discovery and Monitoring
- Using IT Assistant to View iDRAC6 Status and Events
- Configuring the Management Station
- Management Station Set Up Steps
- Management Station Network Requirements
- Configuring a Supported Web Browser
- Installing iDRAC6 Software on the Management Station
- Installing a Java Runtime Environment (JRE)
- Installing Telnet or SSH Clients
- Installing a TFTP Server
- Installing Dell OpenManage IT Assistant
- Installing Dell Management Console
- Configuring the Managed Server
- Configuring iDRAC6 Enterprise Using the Web Interface
- Accessing the Web Interface
- Configuring iDRAC6 NIC
- Configuring Platform Events
- Configuring IPMI Over LAN
- Adding and Configuring iDRAC6 Users
- Securing iDRAC6 Communications Using SSL and Digital Certificates
- Configuring and Managing Microsoft Active Directory Certificates
- Enabling or Disabling Local Configuration Access
- Configuring iDRAC6 Services
- Updating iDRAC6 Firmware
- Using iDRAC6 Directory Service
- Using iDRAC6 With Microsoft Active Directory
- Prerequisites for Enabling Active Directory Authentication for iDRAC6
- Supported Active Directory Authentication Mechanisms
- Extended Schema Active Directory Overview
- Configuring Extended Schema Active Directory to Access iDRAC6
- Extending the Active Directory Schema
- Installing the Dell Extension to the Active Directory Users and Computers Snap-In
- Adding iDRAC6 Users and Privileges to Active Directory
- Configuring Microsoft Active Directory With Extended Schema Using iDRAC6 Web Interface
- Configuring Active Directory With Extended Schema Using RACADM
- Standard Schema Active Directory Overview
- Configuring Standard Schema Active Directory to Access iDRAC6
- Testing Your Configurations
- Using iDRAC6 with LDAP Directory Service
- Frequently Asked Questions
- Configuring iDRAC6 for Single Sign- On and Smart Card Login
- About Kerberos Authentication
- Prerequisites for Active Directory SSO and Smart Card Authentication
- Using Active Directory SSO
- Configuring Smart Card Authentication
- Configuring Smart Card Login in iDRAC6
- Logging Into iDRAC6 Using Active Directory Smart Card Authentication
- Frequently Asked Questions About SSO
- Troubleshooting the Smart Card Logon in iDRAC6
- Viewing the Configuration and Health of the Managed Server
- Configuring and Using Serial Over LAN
- Using GUI Virtual Console
- Configuring the vFlash SD Card and Managing vFlash Partitions
- Configuring and Using Virtual Media
- Using the RACADM Command Line Interface
- RACADM Subcommands
- Using local RACADM Commands
- Using the RACADM Utility to Configure iDRAC6
- Displaying Current iDRAC6 Settings
- Managing iDRAC6 Users with RACADM
- Adding an iDRAC6 User
- Enabling an iDRAC6 User With Permissions
- Uploading, Viewing, and Deleting SSH Keys Using RACADM
- Removing an iDRAC6 User
- Testing E-mail Alerting
- Testing iDRAC6 SNMP Trap Alert Feature
- Configuring iDRAC6 Network Properties
- Configuring IPMI Over LAN
- Configuring PEF
- Configuring PET
- Configuring IP Filtering (IP Range)
- Configuring IP Blocking
- Configuring iDRAC6 Telnet and SSH Services Using Local RACADM
- Remote and SSH/Telnet RACADM
- Using an iDRAC6 Configuration File
- Configuring Multiple iDRAC6s
- Power Monitoring and Power Management
- Using iDRAC6 Enterprise SM-CLP Command Line Interface
- Using the WS-MAN Interface
- Deploying Your Operating System Using iVMCLI
- Using iDRAC6 Configuration Utility
- Recovering and Troubleshooting the Managed System
- Safety First - For You and Your System
- Trouble Indicators
- Problem Solving Tools
- Checking the System Health
- Checking the System Event Log (SEL)
- Checking the Post Codes
- Viewing the Last System Crash Screen
- Viewing the Most Recent Boot Sequences
- Checking the Server Status Screen for Error Messages
- Viewing iDRAC6 Log
- Viewing System Information
- Identifying the Managed Server in the Chassis
- Using the Diagnostics Console
- Managing Power on a Remote System
- Troubleshooting and Frequently Asked Questions
- Index
Configuring iDRAC6 for Single Sign-On and Smart Card Login 167
information between the server and the KDC. The ktpass tool allows
UNIX–based services that support Kerberos authentication to use the
interoperability features provided by a Windows Server Kerberos KDC
service.
The keytab obtained from the ktpass utility is made available to iDRAC6
as a file upload and is enabled to be a kerberized service on the network.
Since iDRAC6 is a device with a non-Windows operating system, run the
ktpass
utility—part of Microsoft Windows—on the Domain Controller
(Active Directory server) where you want to map iDRAC6 to a user
account in Active Directory.
For example, use the following
ktpass
command to create the Kerberos
keytab file:
C:\> ktpass.exe -princ
HTTP/idracname.domainname.com@DOMAINNAME.COM -
mapuser DOMAINNAME\username -mapOp set -crypto
DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass
<password> +DesOnly -out c:\krbkeytab
NOTE: If you find any issues with iDRAC6 user the keytab file is created for,
create a new user and a new keytab file. If the same keytab file which was
initially created is again executed, it will not configure correctly.
After the above command executes successfully, run the following
command:
C:\>setspn -a HTTP/idracname.domainname.com
username
The encryption type that iDRAC6 uses for Kerberos authentication is
DES-CBC-MD5. The principal type is KRB5_NT_PRINCIPAL. The
properties of the user account that the Service Principal Name is mapped
to should have Use DES encryption types for this account property
enabled.
NOTE: You must create an Active Directory user account for use with the
-mapuser option of the ktpass command. Also, you should have the same
name as iDRAC6 DNS name to which you will upload the generated keytab
file.