Manualshelf

User's Manual

ManualsBrandsEmerson ManualsInfrastructure ManagementEmerson Avocent Rack Power Manager
101102103104105106107108109110
Click Use SSL in Certificate-based Trust Mode to use SSL encryption for data
transmission. The Rack Power Manager software will approve the server and then the
certificate before transmitting data. This SSL method provides maximum security.
10. Click Use Kerberos for User Authentication to use the Kerberos protocol for authentication
requests, including the browsing. If enabled, you must use DES encryption types for this
account. If an account was created prior to Active Directory, the user’s password must be
changed after this setting is changed. In addition, the Active Directory server addresses
must be resolvable to their host names via DNS.
When this is not checked, the LDAP protocol will be used.
11. Click Enable Chasing of Referrals to allow the Active Directory server to refer Rack
Power Manager software clients to additional directory servers.
12. Specify the search mode:
Enable Use Recursion to search groups if you wish to have the AD service access the
domain controller for the specified domain name. This search includes the "Member"
attribute of ObjectClass=group. This search is recursive and finds nested groups. This
search may be slow, depending on the number of groups and levels of nesting.
-or-
Enable Use an Active Directory Global Catalog to have the AD service access the
global catalog for the specified domain name. The search includes the "TokenGroups"
attribute of the ObjectClass=user. This search is faster but only retrieves the nested
groups SIDs; subsequent calls must be made to find the group name and specific SIDs.
-or-
Enable Use Windows 2003 Universal Group Caching if you wish to have the AD
service access the domain controller for the specified domain name. The search
includes the "TokenGroups" attribute of the ObjectClass=user. This search is faster but
only retrieves the nested groups SIDs; subsequent calls must be made to find the group
name and specific SIDs. The Windows 2003 Universal Group Caching feature must be
enabled in the Windows 2003 AD server.
13. Click Allow use of Users/Groups from Trusted Forests to allow logins by users belonging
to a forest that are assigned to groups in a different forest. If enabled, the Rack Power
Manager will query all trusted forests in the Active Directory service to find the user and
user groups to which the authenticated user belongs.
If you deselect Allow use of Users/Groups from Trusted Forests, any previously
discovered trusted forests will be hidden from the User Authentication Services
window and users belonging to trusted forests will not be permitted to log in.
Chapter 7: Authentication Services 89