Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC8 with Lifecycle Controller Version 2.05.05.05
111112113114115116117118119120
NOTE: If iDRAC firmware SSL certificate is CA-signed and the certificate of that CA is already in the domain controller's
Trusted Root Certificate Authority list, do not perform the steps in this section.
To import iDRAC firmware SSL certificate to all domain controller trusted certificate lists:
1. Download iDRAC SSL certificate using the following RACADM command:
racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>
2. On the domain controller, open an MMC Console window and select Certificates > Trusted Root Certification Authorities.
3. Right-click Certificates, select All Tasks and click Import.
4. Click Next and browse to the SSL certificate file.
5. Install iDRAC SSL Certificate in each domain controller’s Trusted Root Certification Authority.
If you have installed your own certificate, make sure that the CA signing your certificate is in the Trusted Root Certification
Authority list. If the Authority is not in the list, you must install it on all your domain controllers.
6. Click Next and select whether you want Windows to automatically select the certificate store based on the type of certificate, or
browse to a store of your choice.
7. Click Finish and click OK. The iDRAC firmware SSL certificate is imported to all domain controller trusted certificate lists.
Supported Active Directory Authentication Mechanisms
You can use Active Directory to define iDRAC user access using two methods:
Standard schema solution, which uses Microsoft’s default Active Directory group objects only.
Extended schema solution, which has customized Active Directory objects. All the access control objects are maintained in Active
Directory. It provides maximum flexibility to configure user access on different iDRACs with varying privilege levels.
Related concepts
Standard Schema Active Directory Overview
Extended Schema Active Directory Overview
Standard Schema Active Directory Overview
As shown in the following figure, using standard schema for Active Directory integration requires configuration on both Active Directory
and iDRAC.
Figure 1. Configuration of iDRAC with Active Directory Standard Schema
In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give
this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and
the privilege level is defined on each iDRACand not in the Active Directory. You can configure up to five role groups in each iDRAC. Table
reference no shows the default role group privileges.
Configuring User Accounts and Privileges
117