Users Guide
146 Using the iDRAC6 Directory Service
Prerequisites for Enabling Active Directory
Authentication for the iDRAC6
To use the Active Directory authentication feature of the iDRAC6, you must
have already deployed an Active Directory infrastructure. See the Microsoft
website for information on how to set up an Active Directory infrastructure,
if you don't already have one.
iDRAC6 uses the standard Public Key Infrastructure (PKI) mechanism to
authenticate securely into the Active Directory; therefore, you would also
require an integrated PKI into the Active Directory infrastructure. See the
Microsoft website for more information on the PKI setup.
To correctly authenticate to all the domain controllers, you also need to
enable the Secure Socket Layer (SSL) on all domain controllers that
iDRAC6 connects to. See "Enabling SSL on a Domain Controller" for
more specific information.
Supported Active Directory Authentication
Mechanisms
You can use Active Directory to define user access on the iDRAC6 through
two methods: you can use the extended schema solution, which Dell has
customized to add Dell-defined Active Directory objects. Or, you can use the
standard schema solution, which uses Active Directory group objects only.
See the sections that follow for more information about these solutions.
When using Active Directory to configure access to iDRAC6, you must
choose either the extended schema or the standard schema solution.
The advantages of using the extended schema solution are:
• All of the access control objects are maintained in Active Directory.
• Configuring user access on different iDRAC6 with varying privilege levels
is provided.
The advantage of using the standard schema solution is that no schema
extension is required because all of the necessary object classes are provided
by Microsoft’s default configuration of the Active Directory schema.