Users Guide
Using iDRAC6 Directory Service 169
You can fix the problem by taking any of the following actions:
• Configure the hostname (FQDN) of the domain controller as the
domain
controller address(es)
on iDRAC6 to match the Subject or Subject
Alternative Name of the server certificate.
• Re-issue the server certificate to use an IP address in the Subject or
Subject Alternative Name field so it matches the IP address configured
in iDRAC6.
• Disable certificate validation if you choose to trust this domain controller
without certificate validation during the SSL handshake.
Why does iDRAC6 enable certificate validation by default?
iDRAC6 enforces strong security to ensure the identity of the domain
controller that iDRAC6 connects to. Without certificate validation, a hacker
could spoof a domain controller and hijack the SSL connection. If you choose
to trust all the domain controllers in your security boundary without
certificate validation, you can disable it through the GUI or the CLI.
Extended and Standard Schema
I'm using extended schema in a multiple domain environment. How do I configure
the domain controller address(es)?
Use the host name (FQDN) or the IP address of the domain controller(s)
that serves the domain in which iDRAC6 object resides.
Do I need to configure Global Catalog Address(es)?
If you are using extended schema, you cannot configure global catalog
addresses, because they are not used with extended schema.
If you are using standard schema, and users and role groups are from different
domains, you must configure global catalog address(es). In this case, you can
use only Universal Group.
If you are using standard schema, and all the users and all the role groups are
in the same domain, you are not required to configure global catalog
address(es).