Manualshelf

User guide

ManualsBrandsReach ManualsComputer equipmentDSS-ENC
12345678910
10
Enable setting, reserving the Enable with Remote RACADM setting for iDRAC administrators needing to
access the iDRAC6 to run scripts using remote RACADM commands.
After administrators have configured smart card logon for local iDRAC6 and Microsoft Active Directory
users and enabled the smart card logon feature, the iDRAC6 GUI displays the smart card login page
when users attempt to access the iDRAC6. If the Microsoft ActiveX® smart card reader plug-in is not
present on the user’s client system, the system prompts them to download and install it before
continuing. After the smart card is inserted into the reader, and the login link is clicked, the IDRAC 6
prompts them for the smart card PIN.
If the user enters the correct PIN, the IDRAC 6 verifies the user’s private key on the smart card, the
validity of the digital signature of the certificate, the certification chain from the trusted CA, and the
expiration date of the certificate. It also confirms that the user administrators to install the appropriate
CSPs provided by the smart card vendor. Administrators can check whether smart card CSPs are present
on a particular client by inserting the smart card in the reader at the Windows login screen (accessed by
pressing Ctrl+Alt+Del) and determining whether Windows detects the smart card and prompts for the
PIN. They can also try to log in to Windows using the smart card.
Currently, this feature is supported only on Microsoft Windows clients using Microsoft Internet Explorer
6 and later.
Active Directory with Dell Schema Extension
A directory service maintains a common database of all information needed for controlling users,
computers, and printers on a network. If your company uses the Active Directory service software, you
can configure the software to provide access to the IDRAC6 allowing you to add and control IDRAC6 user
privileges to existing users in the Active Directory software.
The Active Directory data is a distributed database of Attributes and Classes. The Active Directory
schema includes the rules that determine the type of data that can be added or included in the
database. The user class is one example of a Class that is stored in the database. Some example user
class attributes can include the user’s first name, last name, phone number, and so on. Companies can
extend the Active Directory database by adding their own unique Attributes and Classes to solve
environment-specific needs. Dell has extended the schema to include the necessary changes to support
remote management Authentication and Authorization. To provide the greatest flexibility in a variety of
customer environments, Dell provides a group of properties that can be configured by the user
depending on the desired results. Dell has extended the schema to include Association, Device, and
Privilege properties. The Association property is used to link together the users or groups with a specific
set of privileges to one or more RAC (Remote Access Controller) devices. This model provides an
Administrator with maximum flexibility over the different combinations of users, RAC privileges, and
RAC devices on the network without adding too much complexity.
The iDRAC6 authenticates against Active Directory using LDAP simple binding and queries Active
Directory objects via an SSL channel. All data including user name and password for authentication are