150, Typical Setup for Active Directory Objects | Dell IDRAC6

Figure 7-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization.

Figure 7-1. Typical Setup for Active Directory Objects

iDRAC Association Object

	User(s)	Privilege Object	iDRAC
	Group(s)		Device Object(s)

You can create as many or as few association objects as required. However,

you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC on the network that you want to integrate with Active Directory for Authentication and Authorization with the iDRAC.

The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the Users who have Privileges on the iDRACs.

The Dell extension to the Active Directory Users and Computers MMC Snap-in only allows associating the Privilege Object and iDRAC Objects from the same domain with the Association Object. The Dell extension does not allow a group or an iDRAC object from other domains to be added as a product member of the Association Object.

Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema solutions support any user group type and any user group nesting across multiple domains allowed by Microsoft Active Directory.

150

Using the iDRAC6 Directory Service

Image 150

Dell IDRAC6 manual 150, Typical Setup for Active Directory Objects

Contents

User Guide July Contents Installing the Software on Accessing the Web InterfaceUpdating the iDRAC6 Firmware Using Multiple Browser Tabs and Windows Viewing Internal Dual SD Module Connecting the DB-9 or Null ModemConfiguring the Management Station Cable for the Serial Console 106 Frequently Asked Questions about 125Using the Web Interface to Configure 109 143 Using the Racadm Utility to Configure 139Supported Active Directory Authentication 148 Prerequisites for Enabling Microsoft 168 Generic Ldap Directory Service 178Frequently Asked Questions about 177 193 Troubleshooting the Smart Card191 198 221 213Launching Virtual Console and Virtual 219 231 Configuring Serial Over LAN Using 254 Creating a Bootable Image File 240Using the Ipmi Remote Access 254 239 259 255257 264 274 Frequently Asked Questions 288Power Inventory, Power Budgeting 284 295 293294 298 325 Configuring Platform Events 316Frequently Asked Question about 322 326 332 Using the System Event Log SEL 330Using the Diagnostics Console 337 333 342 Using the Secure Shell SSH 353341 Removable Flash Media Probes 342 IDRAC6 Express Management Features IDRAC6 Overview IDRAC6 Overview IDRAC6 Express Enterprise With vFlash IDRAC6 Feature ListIDRAC6 Enterprise and vFlash Media Interface and Standards Support Security and Authentication ConnectivityRemote Management and Remediation Monitoring Logging RAC Log Lifecycle Controller Unified Server Configurator SM-CLP IDRAC6 Overview IDRAC6 Ports Supported Remote Access ConnectionsSupported Remote Access Connections Features IDRAC6 Server Listening Ports Port Number Function Other Documents You May Need IDRAC6 Client Ports Port Number Function IDRAC6 Overview IDRAC6 Overview IDRAC6 Overview Getting Started With the iDRAC6 Getting Started With the iDRAC6 Basic Installation of the iDRAC6 Installing the iDRAC6 Express/Enterprise HardwareBefore You Begin Configuring Your System to Use an iDRAC6 Select Save Changes and Exit Software Installation and Configuration Overview Installing iDRAC6 SoftwareConfiguring iDRAC6 Installing the Software on the Managed System Installing the Software on the Management Station Installing Racadm Uninstalling Racadm Updating the iDRAC6 Firmware Before You BeginDownloading the iDRAC6 Firmware Updating the iDRAC6 Firmware Using the Web-Based Interface Updating the iDRAC6 Firmware Using Racadm Configuring a Supported Web Browser List of Trusted DomainsClick Tools, and click Internet Options Viewing Localized Versions of the Web-Based Interface WindowsLinux Updated entry Basic Installation of the iDRAC6 Configuring the iDRAC6 Using the Web Interface Accessing the Web Interface Logging Using Multiple Browser Tabs and Windows Logging Out Configuring the iDRAC6 NIC Configuring the Network and Ipmi LAN SettingsClick Remote Access→ Network/Security→ Network Network Settings Setting Description Click the appropriate button to continue. See Table Network Settings Description Common Settings Description Common Settings SettingDescription IPv4 Settings DescriptionPreferred DNS Server and Alternate DNS Server fields IPv6 Settings Description IPv6 Settings SettingDescription Ipmi Settings DescriptionVlan Settings SettingDescription Configuring IP Filtering and IP Blocking Network Configuration Page Buttons DescriptionApply Network Security Page Settings Description Configuring Platform Events 10. Network Security Page Buttons Description11. Platform Event Filters Index Processor AbsentCritical Assert Configuring Platform Event Filters PEF Configuring Platform Event Traps PETClick System→ Alerts→ Traps Settings Configuring E-Mail Alerts Configuring Ipmi Using Web Interface Click System→ Alerts→ Email Alert Settings Network/Security tab, click Serial Set the Channel Privilege Level Limit and Flow Control Configuring iDRAC6 Users Secure Sockets Layer SSL Certificate Signing Request CSR Accessing SSL Through the Web-Based InterfaceClick Remote Access→ Network/Security 12. SSL Page Options Field Description Generating a Certificate Signing Request Upload Server CertificateView Server Certificate Organization Unit Common NameOrganization Name Locality Menu Uploading a Server CertificateRefresh Reloads the Generate Certificate Signing Request 15. Certificate Upload Page Buttons Description 17. View Server Certificate Page Buttons Viewing a Server Certificate16. Certificate Information Field Description Button Description Schema Selection Configuring and Managing Active DirectoryEnabled Single Sign-On Active Directory Timeout User Domain Name Extended Schema SettingsCertificate Configuring and Managing Generic Ldap Configuring iDRAC6 ServicesPrint 20. Local Configuration Setting Description 21. Web Server Settings 23. Telnet Settings 21. Web Server Settings SettingDescription22. SSH Settings Description Port Number 25. Snmp Settings 23. Telnet Settings Description24. Remote Racadm Settings 26. Automated System Recovery Agent Setting Updating the iDRAC6 Firmware/System Services Recovery Image 27. Services Page Buttons Description File upload in progress Remote Syslog IDRAC6 Firmware Rollback 28. Remote Syslog Settings AttributeDescription First Boot Device First Boot Device29. First Boot Device Attribute Description Boot Once Remote File Share 30 lists the remote file share settings 30. Remote File Server Settings Attribute Description Internal Dual SD Module Viewing Internal Dual SD Module Status Using GUI 32. SD Card States Description Advanced iDRAC6 Configuration Configuring the iDRAC6 Settings to Enable SSH/Telnet Starting a Text Console Through Telnet or SSHClick Apply Changes Using a Telnet Console Running Telnet Using Microsoft Windows XP or Windows Enable Telnet in Windows Component Services Using the Secure Shell SSH Configuring Linux for Serial Console During Boot Cryptography Schemes Scheme Type Sample File /etc/grub.conf Serial --unit=1 --speed=57600 terminal --timeout=10 serial Enabling Login to the Virtual Console After Boot Shows a sample file with the new line Sample File /etc/innitab Sample File /etc/innitab Configuring iDRAC6 for Serial Connection Sample File /etc/securetty Racadm config -g cfgSerial -o cfgSerialConsoleEnable For Direct Connect Terminal mode 100 101 Signal Name 102 Configuring Linux Minicom for Serial Console Emulation 103 Select Save setup as configname and press Enter Required Minicom Settings for Serial Console Emulation104 Configuring HyperTerminal for Serial Console 105 Management Station COM Port Settings Setting Description Configuring Serial and Terminal ModesConfiguring Ipmi and iDRAC6 Serial Ipmi Serial Settings Description IDRAC6 Serial Settings 10. Serial Page Settings107 11. Terminal Mode Settings Description Configuring Terminal ModeSerial page, click Terminal Mode Settings 12. Terminal Mode Settings Page Buttons Description 12. Terminal Mode Settings Page Buttons ButtonDescription Configuring the iDRAC6 Network SettingsAccessing the iDRAC6 Through a Network 109 Powercycle, and hardreset commands 11013. iDRAC6 Interfaces InterfaceDescription Using Racadm Remotely 11113. iDRAC6 Interfaces Description 112 Racadm Options 14. racadm Command Options DescriptionRacadm Synopsis 113 Racadm Subcommands Enabling and Disabling the Racadm Remote Capability114 15. Racadm Subcommands Command Description 115 116 Frequently Asked Questions About Racadm Error Messages What does this message mean?117 Configuring Multiple iDRAC6 Controllers 118 Creating an iDRAC6 Configuration File 119 120 Parsing Rules Example121 Modifying the iDRAC6 IP Address 122 Configuring iDRAC6 Network Properties 123 124 IDRAC6 Modes Frequently Asked Questions about Network Security16. iDRAC6 NIC Configurations Mode Description 125 Why doesn’t my DNS server register my iDRAC6? 126 127 128 Click Remote Access→ Network/Security→ Users Adding and Configuring IDRAC6 UsersAdding and Configuring iDRAC6 Users 129 User States and Permissions Setting Description 130 131 Smart Card Configuration Options OptionDescriptionEnable User Upload Trusted CA Ipmi User Privileges PropertyDescription General User Settings132 IDRAC User Privileges Property Description 133 Reasons, assign this privilege carefullyIDRAC Group Permissions User Group Permissions Granted Before You Begin Public Key Authentication over SSHUser Configuration Page Buttons Action 134 Generating Public Keys for Windows Generating Public Keys for Linux135 Logging Logging in Using Public Key AuthenticationSending racadm commands 136 Upload SSH Keys Option Description SSH Key Configurations Option Description137 10. View/Remove SSH Keys Option Description View Uploading, Viewing, and Deleting SSH Keys Using RacadmUpload Delete Using the Racadm Utility to Configure iDRAC6 Users 139 Adding an iDRAC6 User Example140 Removing an iDRAC6 User Enabling an iDRAC6 User With Permissions141 142 Using iDRAC6 With Microsoft Active Directory 143IDRAC6 User Privileges Description 144 Privilege Description Click Start→ Administrative Tools→ Domain Security Policy Enabling SSL on a Domain Controller145 146 Importing the iDRAC6 Firmware SSL Certificate 147 Active Directory Schema Extensions Supported Active Directory Authentication MechanismsExtended Schema Active Directory Overview 148 Overview of the iDRAC Schema Extensions Active Directory Object Overview149 Typical Setup for Active Directory Objects 150 Accumulating Privileges Using Extended Schema 151 152 Extending the Active Directory Schema 153 Using the Dell Schema Extender 154 155 DellProduct Class 156DellPrivileges Class 840.113556.1.8000.1280.1.1.1.5 157 SingleValued 158 Installing the Administrator Pack 159 Creating a Privilege Object Creating an iDRAC Device ObjectSelect iDRAC Device Object Select Privilege Object Adding Users or User Groups Configuring an Association ObjectCreating an Association Object Adding Privileges Adding iDRAC Devices 162 163 Racadm 164 165 166 167 Standard Schema Active Directory Overview 168 169 Default Role Group PrivilegesSingle Domain Versus Multiple Domain Scenarios Permissions Granted Bit Mask Groups Level Directory Users and Computers Snap-in 170 171 172 173 174 175 176 Testing Your Configurations 177 Generic Ldap Directory Service Login Syntax Directory User versus Local User178 179 180 181 Use Racadm to confirm whether login is possible Configuring Generic Ldap Directory Service Using RacadmView the settings using the below commands Additional settings to test BindDN option Frequently Asked Questions about Active Directory 183 When do I need to configure Global Catalog Addresses? How does standard schema query work?184 Does iDRAC6 always use Ldap over SSL? Why does iDRAC6 enable certificate validation by default?Does iDRAC6 support the NetBIOS name? 185 186 Configuring iDRAC6 for Single Sign- On or Smart Card Login About Kerberos Authentication Click Remote Access→ Network/Security tab→ Network subtab 188 189 Click Advanced Browser Settings to Enable Active Directory SSOSelect Tools→ Internet Options→ Security→ Local Intranet 190 Using Microsoft Active Directory SSO Configuring iDRAC6 to Use SSO191 Logging Into iDRAC6 Using SSO Using Racadm192 Exporting the Smart Card Certificate Configuring Smart Card AuthenticationConfiguring Local iDRAC6 Users for Smart Card Logon 193 Network/Security→ tab Smart Card Configuring Active Directory Users for Smart Card LogonConfiguring Smart Card Using iDRAC6 194 If you select Enabled or Enabled with Remote Racadm, you Smart Card Settings DescriptionEnabled with Remote Racadm Enables Smart Card Enable with Remote Racadm setting only to access 196 Logging Into the iDRAC6 Using the Smart CardIDRAC6 under Remote Access→ Network/Security→ Network 197 Incorrect Smart Card PIN Troubleshooting the Smart Card Logon in iDRAC6ActiveX plug-in unable to detect the Smart Card reader Unable to Log into Local iDRAC6 Unable to Log into iDRAC6 as an Active Directory User 199 Frequently Asked Questions About SSO 200 201 202 Overview Using GUI Virtual ConsoleUsing Virtual Console 203 Configuring Your Management Station 204 205 Clear Your Browser’s Cache Java Cache viewer is displayed206 Common Settings for Microsoft Windows Operating Systems 207 Supported Screen Resolutions and Refresh Rates Configuring Virtual Console in the iDRAC6 Web Interface208 209 Remote Presence PortLocal Server Video 210 Configuration Page Buttons DefinitionOpening a Virtual Console Session Plug-in Type Enabled Remote Presence Port Virtual Console EnabledVideo Encryption Enabled 211 Virtual Console and Virtual Media Page Buttons Definition Virtual Console Preview212 Refresh Reloads the Virtual Console and Virtual Media 213 Using iDRAC6 Virtual Console Video ViewerSettings on the Console/Media Configuration Virtual Console Preview Options Descritpion Pin icon 214Viewer Menu Bar Selections Menu Item Description Virtual Launch Virtual 215 216 Viewer Menu Bar Selections Menu Item Item Description 217 Click System→ Console/Media→ Configuration Disabling or Enabling Local Server Video218 Launching Virtual Console and Virtual Media Remotely URL Format219 General Error Scenarios Error Scenarios Reason Behavior220 Frequently Asked Questions on Virtual Console 221 Using Virtual Console Frequently Asked Questions Answer 222CfgRacTuneLocalServerVideo Bios 223 224 225 Using the WS-MAN InterfaceSupported CIM Profiles Standard Dmtf Standard Dmtf 227 Standard Dmtf Dell Extensions 229 WS-MAN release notes or readme file Using the iDRAC6 SM-CLP Command Line Interface IDRAC6 SM-CLP Support SM-CLP Targets SM-CLP FeaturesUsing SM-CLP 232 233 SM-CLP Targets Definitions 234 Capabilities on the system 235 Dhcp 236 237 238 Network Requirements Deploying Your Operating System Using VmcliRemote System Requirements 239 Preparing for Deployment Creating a Bootable Image FileConfiguring the Remote Systems Creating an Image File for Linux Systems Deploying the Operating System 241 Using the Vmcli Utility 242 Installing the Vmcli Utility Command Line Options243 IDRAC6 User Name Vmcli ParametersIDRAC6 IP Address 244 IDRAC6 User Password Floppy/Disk Device or Image File245 CD/DVD Device or Image File 246 Help Display Vmcli Operating System Shell OptionsVersion Display Encrypted Data Vmcli Return Codes 248 Support.dell.com\manuals Configuring Ipmi Using Web-Based InterfaceConfiguring Ipmi Using the Racadm CLI 249 250 251 252 253 Using the Ipmi Remote Access Serial Interface Configuring Serial Over LAN Using the Web-Based Interface254 Configuring and Using Virtual Media 255 Windows-Based Management Station 256 Linux-Based Management Station Configuring Virtual MediaVirtual Media Configuration Properties Attribute Value 257 Virtual Media Configuration Properties AttributeValue Configuration Page Buttons Description258 Running Virtual Media Supported Virtual Media ConfigurationsConnecting Virtual Media 259 Click Launch Virtual Console 260 Click Tools→ Launch Virtual Media Booting From Virtual MediaDisconnecting Virtual Media 261 Installing Operating Systems Using Virtual Media Boot Once Feature262 Linux-Based Systems Select the Enable Boot Once option under Virtual MediaWindows-Based Systems 263 Frequently Asked Questions about Virtual Media Using Virtual Media Frequently Asked Questions Answer264 Using the Dell Systems Management Tools 265 266 267 Answer Administrative Tools Services. Right-click 268On Windows Event Collector and click Stop Configuring vFlash SD Card and Managing vFlash Partitions 269 270 SD Card Properties Attribute DescriptionSize Available Space VFlash Enabled271 Write-protected Configuring vFlash or Standard SD Card Using Displaying the vFlash or Standard SD Card Properties272 Initializing the vFlash or Standard SD Card Resetting the vFlash or Standard SD CardEnabling or Disabling the vFlash or Standard SD Card Getting the Last Status on the vFlash or Standard SD Card Managing vFlash Partitions Using iDRAC6 Web Interface Creating an Empty Partition274 Index 275Create Empty Partition Page Options Field Description Label Creating a Partition Using an Image File 276Emulation Type Img nor .iso 277 Formatting a Partition 278Image Location Format Partition Page Options Field Description Viewing Available Partitions279 Format Type Read-Only 280Viewing Available Partitions Field Description Attached Modifying a Partition Attaching and Detaching Partition281 Deleting Existing Partitions Operating System Behavior for Attached Partitions282 Downloading Partition Contents Valid Options Managing vFlash Partitions Using RacadmBooting to a Partition 284 Options only valid with the create action Options only valid with the status action285 Getting the Status of a Partition Creating a PartitionDeleting a Partition Viewing Partition Information Attaching or Detaching a Partition 287 Frequently Asked Questions When is the vFlash or standard SD card locked?288 Power Monitoring Management 289 Configuring and Managing Power Power Inventory, Power Budgeting, and CappingPower Monitoring 290 Power Supplies Redundancy Status The possible values are Viewing the Health Status of the Power Supply UnitsUsing the Web-Based Interface Individual Power Supply Elements The possible values are Using Racadm 292 Power Budget Information page displays Viewing Power BudgetUsing the Web Interface 293 Power Budget Threshold 294 Viewing Power Monitoring Power Monitoring295 Power Tracking Statistics Amperage296 Show Graph Power ConsumptionHeadroom 297 Executing Power Control Operations on the Server 298 299 300 Using the iDRAC6 Configuration Utility 301 Starting the iDRAC6 Configuration Utility Using the iDRAC6 Configuration Utility302 IDRAC6 LAN Ipmi Over LAN303 LAN Parameters 304LAN Parameters Description When Static is selected, the Ethernet IP Address, Subnet IPv4 SettingsEthernet IP Address, Subnet Mask, and Default Gateway 305 When Static is selected, the IPv6 Address 1, Prefix Length IPv6 SettingsSelected, the IPv6 Address 1, Prefix Length, and Default 306 Virtual Media Configuration Virtual Media307 VFlash Properties VFlashInitialize vFlash 308 Smart Card Logon System Services ConfigurationSystem Services Cancel System Services 309 Collect System Inventory on Restart LCD ConfigurationLCD User Configuration 310 Between the options Disabled, View And Modify, and View LAN User ConfigurationReset to Default 311 LAN User Configuration Description 312 313 Exiting the iDRAC6 Configuration Utility System Event Log Menu314 Monitoring and Alert Management 315 Click Advanced System Settings under Tasks on the left Disabling the Windows Automatic Reboot OptionDisabling the Automatic Reboot Option in Windows Server Under Startup and Recovery, click Settings 317 Configuring PEF Using the Web-Based Interface Configuring PEF Using the Racadm CLI318 Configuring PET Using the Racadm CLI Configuring PETConfiguring PET Using the Web User Interface 319 Configuring E-mail Alerts Using the Web User Interface Configuring E-Mail Alerts Using the Racadm CLI320 Testing E-mail Alerting 321 Why is the following message displayed Frequently Asked Question about Snmp AuthenticationTesting the RAC Snmp Trap Alert Feature 322 323 324 First Steps to Troubleshoot a Remote System 325 Viewing System Information Managing Power on a Remote SystemSelecting Power Control Actions from the iDRAC6 CLI 326 327 Auto Recovery FieldDescriptionMain System Chassis System Information Field Description Embedded NIC MAC Addresses Field Description Remote Access Controller328 RAC Information Field Description 329 IPv4 Information Field DescriptionIPv6 Information Fields Description Using the System Event Log SEL Status Indicator Icons Icon/Category Description330 SEL Page Buttons Using the Command Line to View System Log331 Button Action Using the Post Boot Logs 332 333 Viewing the Last System Crash ScreenTo view the Last Crash Screen Last Crash Screen Page Buttons Action 334 Using the RAC Log 335 IDRAC Log Page Information Field Description Using the iDRAC Log Page Buttons336 IDRAC Log Buttons Action Using the Command Line Using the Diagnostics Console337 Diagnostic Commands Description Using Identify ServerClick System→ Remote Access→ Troubleshooting→ Identify 338 Using the Trace Log Using the racdump339 Using the coredump 340 Fan Probes Battery ProbesSensors Chassis Intrusion Probes Temperature Probe Power Supplies ProbesPower Monitoring Probes Removable Flash Media Probes Voltage Probes 343 344 Configuring Security Features 345 Disabling Local Configuration During System Reboot Security Options for the iDRAC6 AdministratorDisabling the iDRAC6 Local Configuration Disabling Local Configuration From Local Racadm 347 Disabling iDRAC6 Virtual Console 348 349 Accessing the SSL Main Menu 350SSL Main Menu Field Description 351 SSL Main Menu Buttons Description 352 Generate Certificate Signing Request CSR Page ButtonsCertificate Information Field Description Using the Secure Shell SSH Configuring Services353 354 Local Configuration Settings DescriptionWeb Server Settings Http Port Number 10. Remote Racadm Settings SSH Settings DescriptionTelnet Settings 355 13. Services Page Buttons 11. Snmp Agent Settings Description12. Automated System Recovery Agent Setting Description 356 Enabling Additional iDRAC6 Security Options IP Filtering IpRange357 Enabling IP Filtering 358 IP Filtering Guidelines IP Blocking359 15. Login Retry Restriction Properties Property Definition 360 Network Configuration page, click Advanced Settings Enabling IP Blocking361 362 16. Network Security Page Settings DescriptionGo Back to Network Returns to the Network Configuration Penalty Time Index ASR Index Index Ipmi Racadm SEL Index Index