User's Manual
Configuring the DRAC 4 Active Directory Settings Using the racadm CLI
Using the following commands to configure the DRAC 4 Active Directory Feature using the racadm CLI instead of the Web-based interface.
1. Open a command prompt and type the following racadm commands:
racadm config -g cfgActiveDirectory -o cfgADEnable 1
racadm config -g cfgActiveDirectory -o cfgRacDomain <fully qualified rac domain name>
racadm config -g cfgActiveDirectory -o cfgRootDomain <fully qualified root domain name>
racadm config -g cfgActiveDirectory -o cfgRacName <RAC common name>
racadm sslcertupload -t 0x2 -f <ADS root CA certificate>
racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>
2. If DHCP is enabled on the DRAC 4 and you want to use the DNS provided by the DHCP server, type following:
racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1
3. If DHCP is disabled on the DRAC 4 or you want manually to input your DNS IP address, type following commands:
racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1 <primary DNS IP address>
racadm config -g cfgLanNetworking -o cfgDNSServer2 <secondary DNS IP address>
4. Press Enter to complete the DRAC 4 Active Directory feature configuration.
Using Active Directory to Log In To the DRAC 4
You can use Active Directory to log in to the DRAC 4 through the Web–based interface, with remote racadm, or through the serial or telnet console.
The login syntax is consistent for all three methods:
<username@domain> or <domain>\<username> or <domain>/<username> (where username is an ASCII string of 1–256 bytes). No white space and no special
characters (such as \, /, or @) are allowed in either the user name or the domain name.
Frequently Asked Questions
Table5-8 lists frequently asked questions and answers.
Table 5-8. Using the DRAC 4 With Active Directory: Frequently Asked Questions
NOTE: You cannot specify NetBIOS domain names, such as Americas, since those names cannot be resolved.
Question
Answer
Can I login to the DRAC 4 using Active Directory across multiple
forests?
The DRAC 4's Active Directory querying algorithm only supports a single tree in a single
forest.
Does the login to the DRAC 4 using Active Directory work in
mixed mode (that is, the domain controllers in the forest run
different operating systems, such as Microsoft
®
Windows NT
®
4.0, Windows®2000, or Windows Server 2003)?
Yes. In mixed mode, all objects used by the DRAC 4 querying process (among user, RAC
Device Object, and Association Object) have to be in the same domain.
The Dell-extended Active Directory Users and Computers snap-in checks the mode and
limits users in order to create objects across domains if in mixed mode.
Does using the DRAC 4 with Active Directory support multiple
domain environments?
Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In
addition, the groups among Association Object, RAC user objects, and RAC Device Objects
(including Association Object) must be universal groups.
Can these Dell extended objects (Dell Association Object, Dell
RAC Device, and Dell Privilege Object) be in different domains?
The Association Object and the Privilege Object must be in the same domain. The Dell-
extended Active Directory Users and Computers snap-in forces you to create these two
objects in the same domain. Other objects can be in different domains.
Are there any restrictions on Domain Controller SSL
configuration?
Yes. All Active Directory servers' SSL certificates in the forest must be signed by the same
root CA since DRAC 4 only allows uploading one trusted CA SSL certificate.
I created and uploaded a new RAC certificate and now the
Web–based interface does not launch.
If you use Microsoft Certificate Services to generate the RAC certificate, one possible cause
of this is you inadvertently chose User Certificate instead of Web Certificate when
creating the certificate. To recover, create a new Web certificate from Microsoft Certificate
Services and load it using the racadm CLI from the managed system by typing:
racadm sslcertupload -t 0x1 -f <web_sslcert>