racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupPrivilege <Bit Mask Value for specific RoleGroup permissions>

racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully qualified domain name or IP address of the domain controller> racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully qualified domain name or IP address of the domain controller> racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully qualified domain name or IP address of the domain controller>

NOTE: Enter the FQDN of the domain controller, not the FQDN of the domain. For example, enter servername.dell.com instead of dell.com.

NOTE:

At least one of the three addresses is required to be configured. CMC attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.

racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog1 <fully qualified domain name or IP address of the domain controller> racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog2 <fully qualified domain name or IP address of the domain controller> racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog3 <fully qualified domain name or IP address of the domain controller>

NOTE:

The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains. In multiple domain case, only the Universal Group can be used.

NOTE:

The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled.

If you want to disable the certificate validation during the SSL handshake, run the following RACADM command:

Using the config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0

In this case, you do not have to upload the Certificate Authority (CA) certificate.

To enforce the certificate validation during SSL handshake (optional):

Using the config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1

In this case, you must upload the CA certificate using the following RACADM command:

racadm sslcertupload -t 0x2 -f <ADS root CA certificate>

129

Page 129
Image 129
Dell manual Racadm sslcertupload -t 0x2 -f ADS root CA certificate