Manualshelf

User guide

ManualsBrandsReach ManualsComputer equipmentDSS-ENC
11121314151617181920
15
Active Directory login troubleshooting
If you want to verify whether your configuration works, or if you need to diagnose the problem with
your failed Active Directory login, you can test your settings from the iDRAC6 Web-based interface.
After you finish configuring settings in the iDRAC6 Web-based interface, click Test Settings at the bottom
of the page. You will be required to enter a test user's name (for example, username@domain.com) and
password to run the test. Depending on your configuration, it may take some time for all of the test
steps to complete and display the results of each step. A detailed test log will display at the bottom of
the results page.
Log in via Generic LDAP Directory services
The iDRAC6 provides a generic solution to support Lightweight Directory Access Protocol (LDAP) based
authentication. This feature does not require any schema extension on the site directory services. To
make the iDRAC6 LDAP implementation generic, the commonality between different directory services
is utilized to group users and the map the user-group relationship. The directory service specific action
is the schema. For example, they may have different attribute names for the group, user, and the link
between the user and the group. These actions can be configured in iDRAC6.
The Generic LDAP feature is similar to the schema-less Active Directory login support; a standard group
object has been used as a role group object. Any users in that role group have assigned privileges on
certain a iDRAC6. The privilege of that role group has been defined in each individual IDRAC 6
configuration database. Different iDRAC6 controllers can give the same role group object different
privileges.
Public Key Authentication over SSH
iDRAC6 supports the Public Key Authentication (PKA) over SSH. This authentication method improves
SSH scripting automation by removing the need to embed or prompt for a user ID/password.
Up to four public keys can be configured per user that can be used over an SSH interface. Before adding
or deleting public keys, ensure that you use the view command to see what keys are already set up, so a
key is not accidentally overwritten or deleted. When the PKA over SSH is set up and used correctly, you
do not have to enter the username or password when logging into the iDRAC6. This can be very useful
for setting up automated scripts to perform various functions. This feature can be managed with
RACADM and also from the GUI. When adding new public keys, ensure that the existing keys are not
already at the index where the new key is added. iDRAC6 does not perform checks to ensure previous
keys are deleted before a new one is added. As soon as a new key is added, it is automatically in effect
as long as the SSH interface is enabled.
Generating Public Keys
Before adding an account, a public key is required from the system that will access the iDRAC6 over SSH.
There are two ways to generate the public/private key pair: using PuTTY Key Generator application for