Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC6 for Blade Servers Version 3.5
121122123124125126127128129130
Using iDRAC6 Directory Service 129
Prerequisites for Enabling Active Directory
Authentication for iDRAC6
To use the Active Directory authentication feature of iDRAC6, you must
have already deployed an Active Directory infrastructure. See the Microsoft
website for information on how to set up an Active Directory infrastructure,
if you don't already have one.
iDRAC6 uses the standard Public Key Infrastructure (PKI) mechanism to
authenticate securely into the Active Directory; therefore, you would also
require an integrated PKI into the Active Directory infrastructure.
See the Microsoft website for more information on the PKI setup.
To correctly authenticate to all the domain controllers, you also need to enable
the Secure Socket Layer (SSL) on all domain controllers that iDRAC6 connects
to. See "Enabling SSL on a Domain Controller" on page 129 for more specific
information.
Enabling SSL on a Domain Controller
When iDRAC6 authenticates users against an Active Directory domain
controller, it starts an SSL session with the domain controller. At this time,
the domain controller should publish a certificate signed by the Certificate
Authority (CA)—the root certificate of which is also uploaded into iDRAC6.
In other words, for iDRAC6 to authenticate to any domain controller—
whether it is the root or the child domain controller—that domain controller
should have an SSL-enabled certificate signed by the domain’s CA.
If you are using Microsoft Enterprise Root CA to automatically assign all your
domain controllers to an SSL certificate, perform the following steps to
enable SSL on each domain controller:
1
Enable SSL on each of your domain controllers by installing the SSL
certificate for each controller.
a
Click
Start
Administrative Tools
Domain Security Policy
.
b
Expand the
Public Key Policies
folder, right-click
Automatic
Certificate Request Settings
and click
Automatic Certificate Request
.
c
In the
Automatic Certificate Request Setup Wizard
, click
Next
and
select
Domain Controller
.
d
Click
Next
and click
Finish
.