Users Guide
166 Using iDRAC6 Directory Service
I have configured Active Directory for a domain present in Windows Server 2008
Active Directory and have made these configurations. A child or sub domain is
present for the domain, the User and Group is present in the same child domain, and
the User is a member of that Group. Now if I try to log in to iDRAC6 using the User
present in the child domain, Active Directory Single Sign-On login fails.
This may be because of the wrong Group type. There are two kinds of Group
types in the Active Directory server:
•
Security
—Security groups allow you to manage user and computer access
to shared resources and to filter Group Policy settings.
•
Distribution
—Distribution groups are intended to be used only as e–mail
distribution lists.
Always ensure that the Group Type is Security. You cannot use distribution
groups to assign permission on any objects and use them to filter Group
Policy settings.
My Active Directory log in failed. What do I do?
iDRAC6 provides a diagnostic tool in the Web interface.
1
Log in as a local user with administrator privilege from the Web interface.
2
In the system tree, select
System
iDRAC Settings
Network/Security
tab
Directory Service
Microsoft Active Directory
.
The
Active Directory
summary screen is displayed.
3
Scroll to the bottom of the screen and click
Test Settings
.
The
Test Active Directory Settings
screen is displayed.
4
Enter a test user name and password, and then click
Start Test
.
iDRAC6 runs the tests step-by-step and displays the result for each step.
iDRAC6 also logs a detailed test result to help you resolve any problems.
If problems persist, configure your Active Directory settings, change your
user configuration, and run the test again until the test user passes the
authorization step.