Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC7 with Lifecycle Controller Version 2.40.40.40
131132133134135136137138139140
If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC
Server certicate to the Active Directory Domain controller. This additional step is not required if the Active Directory does not
perform a client authentication during an SSL session’s initialization phase.
NOTE: If your system is running Windows 2000, the following steps may vary.
NOTE: If iDRAC rmware SSL certicate is CA-signed and the certicate of that CA is already in the domain controller's
Trusted Root Certicate Authority list, do not perform the steps in this section.
To import iDRAC rmware SSL certicate to all domain controller trusted certicate lists:
1. Download iDRAC SSL certicate using the following RACADM command:
racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>
2. On the domain controller, open an MMC Console window and select CerticatesTrusted Root Certication Authorities.
3. Right-click Certicates, select All Tasks and click Import.
4. Click Next and browse to the SSL certicate le.
5. Install iDRAC SSL Certicate in each domain controller’s Trusted Root Certication Authority.
If you have installed your own certicate, make sure that the CA signing your certicate is in the Trusted Root Certication
Authority list. If the Authority is not in the list, you must install it on all your domain controllers.
6. Click Next and select whether you want Windows to automatically select the certicate store based on the type of certicate,
or browse to a store of your choice.
7. Click Finish and click OK. The iDRAC rmware SSL certicate is imported to all domain controller trusted certicate lists.
Supported Active Directory authentication mechanisms
You can use Active Directory to dene iDRAC user access using two methods:
Standard schema solution, which uses Microsoft’s default Active Directory group objects only.
Extended schema solution, which has customized Active Directory objects. All the access control objects are maintained in
Active Directory. It provides maximum exibility to congure user access on dierent iDRACs with varying privilege levels.
Related links
Standard schema Active Directory overview
Extended schema Active Directory overview
Standard schema Active Directory overview
As shown in the following gure, using standard schema for Active Directory integration requires conguration on both Active
Directory and iDRAC.
131