Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC7 with Lifecycle Controller Version 2.40.40.40

141

142

143

144

145

146

147

148

149

150

• You must provide at least one of the three addresses. iDRAC attempts to connect to each of the congured addresses one-

by-one until it makes a successful connection. With Extended Schema, these are the FQDN or IP addresses of the domain

controllers where this iDRAC device is located.

• To disable the certicate validation during SSL handshake, use the following command:

racadm set iDRAC.ActiveDirectory.CertValidationEnable 0

In this case, you do not have to upload a CA certicate.

• To enforce the certicate validation during SSL handshake (optional):

racadm set iDRAC.ActiveDirectory.CertValidationEnable 1

In this case, you must upload a CA certicate using the following command:

racadm sslcertupload -t 0x2 -f <ADS root CA certificate>

NOTE: If certicate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Ensure

that DNS is congured correctly under Overview → iDRAC Settings → Network.

Using the following RACADM command may be optional:

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following command:

racadm set iDRAC.IPv4.DNSFromDHCP 1

3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command:

racadm set iDRAC.IPv4.DNSFromDHCP 0

racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 <primary DNS IP address>

racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 <secondary DNS IP address>

4. If you want to congure a list of user domains so that you only need to enter the user name during log in to iDRAC web

interface, use the following command:

racadm set iDRAC.UserDomain.<index>.Name <fully qualified domain name or IP Address of

the domain controller>

You can congure up to 40 user domains with index numbers between 1 and 40.

Testing Active Directory settings

You can test the Active Directory settings to verify whether your conguration is correct, or to diagnose the problem with a failed

Active Directory log in.

Testing Active Directory settings using iDRAC web interface

To test the Active Directory settings:

1. In iDRAC Web Interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Microsoft

Active Directory.

The Active Directory summary page is displayed.

2. Click Test Settings.

3. Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and

the test log displays.

If there is a failure in any step, examine the details in the test log to identify the problem and a possible solution.

NOTE: When testing Active Directory settings with Enable Certicate Validation checked, iDRAC requires that the

Active Directory server be identied by the FQDN and not an IP address. If the Active Directory server is identied

by an IP address, certicate validation fails because iDRAC is not able to communicate with the Active Directory

server.

Testing Active Directory settings using RACADM

To test the Active Directory settings, use the testfeature command.

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

144