Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC6 for Monolithic Servers Version 1.2

161

162

163

164

165

166

167

168

169

170

168 Using the iDRAC6 With Microsoft Active Directory

Check the

Subject or Subject Alternative Name

field of your domain controller

certificate. Usually Active Directory uses the hostname, not the IP address, of

the domain controller in the

Subject or Subject Alternative Name

field of the

domain controller certificate. You can fix the problem in several ways:

Configure the hostname (FQDN) of the domain controller as the

domain

controller address(es)

on iDRAC6 to match the Subject or Subject

Alternative Name of the server certificate.

Re-issue the server certificate to use an IP address in the Subject or

Subject Alternative Name field so it matches the IP address configured in

iDRAC6.

Disable certificate validation if you choose to trust this domain controller

without certificate validation during the SSL handshake.

I am using extended schema in a multiple domain environment. How

should I configure the domain controller address(es)?

This should be the host name (FQDN) or the IP address of the domain

controller(s) that serves the domain in which the iDRAC6 object resides.

When do I need to configure Global Catalog Address(es)?

If you are using extended schema, the Global Catalog Address is not used.

If you are using standard schema and users and role groups are from different

domains, Global Catalog Address(es) are required. In this case, only Universal

Group can be used.

If you are using standard schema and all the users and all the role groups are

in the same domain, Global Catalog Address(es) are not required.

How does standard schema query work?

iDRAC6 connects to the configured domain controller address(es) first, if the

user and role groups are in that domain, the privileges will be saved.

If Global Controller Address(es) is configured, iDRAC6 continues to query

the Global Catalog. If additional privileges are retrieved from the Global

Catalog, these privileges will be accumulated.

Does iDRAC6 always use LDAP over SSL?

Yes. All the transportation is over secure port 636 and/or 3269.

During test setting, iDRAC6 does a LDAP CONNECT only to help isolate

the problem, but it does not do an LDAP BIND on an insecure connection.