When accessing the CMC Web interface, a security warning stating that the host name of the SSL certificate does not match the host name of CMC is displayed.

CMC includes a default CMC server certificate to ensure network security for the web interface and remote RACADM features. When this certificate is used, the web browser displays a security warning if the default certificate does not match the host name of CMC (for example, the IP address).

To address this security concern, upload a CMC server certificate issued to the IP address of CMC. When generating the certificate signing request (CSR) to be used for issuing the certificate, ensure that the common name (CN) of the CSR matches the IP address of CMC (for example, 192.168.0.120) or the registered DNS CMC name.

To ensure that the CSR matches the registered DNS CMC name:

1.In the left pane, click Chassis Overview.

2.Click Network.

The Network Configuration page appears.

3.Select the Register CMC on DNS option.

4.Type a CMC name in the DNS CMC Name field.

5.Click Apply Changes.

Active Directory

Does Active Directory support CMC login across multiple trees?

Yes. The CMC’s Active Directory querying algorithm supports multiple trees in a single forest.

Does the login to CMC using Active Directory work in mixed mode (that is, the domain controllers in the forest run different operating systems, such as Microsoft Windows 2000 or Windows Server 2003)?

Yes. In mixed mode, all objects used by the CMC querying process (among user, RAC Device Object, and Association Object) must be in the same domain.

The Dell-extended Active Directory Users and Computers Snap-In checks the mode and limits users in order to create objects across domains, if in a mixed mode.

Does using CMC with Active Directory support multiple domain environments?

Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups.

Can these Dell-extended objects (Dell Association Object, Dell RAC Device, and Dell Privilege Object) be in different domains?

The Association Object and the Privilege Object must be in the same domain. The Dell-extended Active Directory Users and Computers Snap-In allows to create these two objects in the same domain only. Other objects can be in different domains.

228

Page 227 Page 229
Page 228
Image 228
Dell 2 manual Active Directory
Page 227 Page 229
Top Page Image Contents