2The domain controller addresses configured in iDRAC6 do not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, please read the following question and answer. If you are using FQDN, please make sure you are using the FQDN of the domain controller, not the domain, for example, servername.example.com instead of example.com.

I'm using an IP address for a domain controller address and I failed certificate validation. What's the problem?

Check the Subject or Subject Alternative Name field of your domain controller certificate. Usually Active Directory uses the hostname, not the IP address, of the domain controller in the Subject or Subject Alternative Name field of the domain controller certificate. You can fix the problem in several ways:

1Configure the hostname (FQDN) of the domain controller as the domain controller address(es) on iDRAC6 to match the Subject or Subject Alternative Name of the server certificate.

2Re-issue the server certificate to use an IP address in the Subject or Subject Alternative Name field so it matches the IP address configured in iDRAC6.

3Disable certificate validation if you choose to trust this domain controller without certificate validation during the SSL handshake.

I am using extended schema in a multiple domain environment. How should I configure the domain controller address(es)?

This should be the host name (FQDN) or the IP address of the domain controller(s) that serves the domain in which the iDRAC6 object resides.

When do I need to configure Global Catalog Address(es)?

If you are using extended schema, the Global Catalog Address is not used.

If you are using standard schema and users and role groups are from different domains, Global Catalog Address(es) are required. In this case, only Universal Group can be used.

If you are using standard schema and all the users and all the role groups are in the same domain, Global Catalog Address(es) are not required.

How does standard schema query work?

iDRAC6 connects to the configured domain controller address(es) first, if the user and role groups are in that domain, the privileges will be saved.

184

Using the iDRAC6 Directory Service

Page 184
Image 184
Dell IDRAC6 manual When do I need to configure Global Catalog Addresses?, How does standard schema query work?, 184