Users Guide
172 Configuring iDRAC6 for Single Sign-On and Smart Card Login
You can also use the following RACADM time zone offset command to
synchronize the time:
racadm config -g cfgRacTuning -o
cfgRacTuneTimeZoneOffset <offset value>
Prerequisites for Active Directory SSO and Smart
Card Authentication
The pre-requisites for both Active Directory SSO and Smart Card
authentication are:
• Configure iDRAC6 for Active Directory login. For more information, see
"Using iDRAC6 Directory Service" on page 127.
• Register iDRAC6 as a computer in the Active Directory root domain.
a
Click
System
iDRAC Settings
Network/Security
Network
subtab.
b
Provide a valid
Preferred/Alternate DNS Server
IP address. This value
is the IP address of the DNS that is part of the root domain,
which authenticates the Active Directory accounts of the users.
c
Select
Register iDRAC6 on DNS
.
d
Provide a valid
DNS Domain Name
.
e
Verify that network DNS configuration matches with the Active
Directory DNS information.
See iDRAC6 Online Help for more information.
• To support the two new types of authentication mechanisms, iDRAC6
supports the configuration to enable itself as a kerberized service on a
Windows Kerberos network. The Kerberos configuration on iDRAC6
entails the same steps as configuring a non–Windows Server Kerberos
service as a security principal in Windows Server Active Directory.
The Microsoft tool
ktpass
(supplied by Microsoft as part of the server
installation CD/DVD) is used to create the Service Principal Name (SPN)
bindings to a user account and export the trust information into a
MIT–style Kerberos
keytab
file, which enables a trust relation between an
external user or system and the Key Distribution Centre (KDC). The
keytab file contains a cryptographic key, which is used to encrypt the