Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC6 for Monolithic Servers Version 1.3
191192193194195196197198199200
Enabling Kerberos Authentication 199
Since the iDRAC6 is a device with a non-Windows operating system, run
the
ktpass
utility—part of Microsoft Windows—on the domain controller
(Active Directory server) where you want to map the iDRAC6 to a user
account in Active Directory.
For example, use the following
ktpass
command to create the Kerberos
keytab file:
C:\>ktpass -princ
HOST/dracname.domainname.com@DOMAINNAME.COM -
mapuser dracname -crypto DES-CBC-MD5 -ptype
KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab
The encryption type that iDRAC6 uses for Kerberos authentication is
DES-CBC-MD5. The principal type is KRB5_NT_PRINCIPAL. The
properties of the user account that the Service Principal Name is mapped
to should have the following account properties enabled:
Use DES encryption types for this account
Do not require Kerberos preauthentication
NOTE: It is recommended that you use the latest ktpass utility to create the
keytab file.
This procedure will produce a keytab file that you should upload to the
iDRAC6.
NOTE: The keytab contains an encryption key and should be kept secure.
For more information on the
ktpass
utility, see the Microsoft website at:
http://technet2.microsoft.com/windowsserver/en/library/64042138-9a5a-
4981-84e9-d576a8db0d051033.mspx?mfr=true
The iDRAC6 time should be synchronized with the Active Directory
domain controller.