Users Guide
Using the iDRAC6 Directory Service 185
The
Configure encryption types allowed for Kerberos
policy setting is
located at
Computer Configuration\Security Settings\Local
Policies\Security Options
.
2
The domain clients must have the updated GPO. At the command line,
type
gpupdate /force
and delete the old key tab with
klist
purge
cmd.
3
Once the GPO has been updated, create the new keytab.
4
Upload the keytab to the iDRAC6.
SSO will work now with iDRAC6.
My Active Directory login failed. How can I troubleshoot the problem?
iDRAC6 provides a diagnostic tool from the Web-based interface. Log in as a
local user with administrator privilege from the Web-based interface. Click
Remote Access
→
Network/Security tab
→
Directory Service→ Microsoft Active
Directory. Scroll to the bottom of the Active Directory Configuration and
Management page and click Test Settings. Enter a test user name and
password, and click Start Test. iDRAC6 runs the tests step-by-step and
displays the result for each step. A detailed test result is also logged to help
you resolve any problems. Return to the Active Directory Configuration and
Management page. Scroll to the bottom of the page and click Configure
Active Directory to change your configuration and run the test again until the
test user passes the authorization step.
I enabled certificate validation but my Active Directory login failed.
I ran the diagnostics from the GUI and the test results show the following
error message:
ERROR: Can't contact LDAP server, error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:
Please check the correct Certificate Authority (CA) certificate has been
uploaded to iDRAC. Please also check if the iDRAC date is within the valid
period of the certificates and if the Domain Controller Address configured
in iDRAC matches the subject of the Directory Server Certificate.
What could be the problem and how can I fix it?
If certificate validation is enabled, iDRAC6 uses the uploaded CA certificate
to verify the directory server certificate when iDRAC6 establishes the SSL
connection with the directory server. The most common reasons for failing
certification validation are: