Users Guide
162 Using the iDRAC6 With Microsoft Active Directory
I'm using an IP address for a Domain Controller Address and I failed
certificate validation. What's the problem?
Please check the
Subject or Subject Alternative Name
field of your domain
controller certificate. Usually Active Directory uses the hostname, not the
IP address, of the domain controller in the
Subject or Subject Alternative
Name
field of the domain controller certificate. You can fix the problem in
several ways:
1
Configure the hostname (FQDN) of the domain controller as the
domain
controller address(es)
on iDRAC6 to match the Subject or Subject
Alternative Name of the server certificate.
2
Re-issue the server certificate to use an IP address in the Subject or
Subject Alternative Name field so it matches the IP address configured in
iDRAC6.
3
Disable certificate validation if you choose to trust this domain controller
without certificate validation during the SSL handshake.
I'm using extended schema in a multiple domain environment, how should
I configure the domain controller address(es)?
This should be the host name (FQDN) or the IP address of the domain
controller(s) that serves the domain in which the iDRAC6 object resides.
When do I need to configure Global Catalog Address(es)?
If you are using extended schema, the Global Catalog Address is not used.
If you are using standard schema and users and role groups are from different
domains, Global Catalog Address(es) are required. In this case, only Universal
Group can be used.
If you are using standard schema and all the users and all the role groups are
in the same domain, Global Catalog Address(es) are not required.