Using Microsoft Active Directory SSO, 191 | Dell IDRAC6 instruction

Using Microsoft Active Directory SSO

The SSO feature enables you to log into the iDRAC6 directly after logging into your workstation without entering your domain user authentication credentials, such as user name and password. To log into the iDRAC6 using this feature, you should have already logged into your system using a valid Active Directory user account. Also, you should have configured the user account to log into the iDRAC6 using the Active Directory credentials. The iDRAC6 uses the cached Active Directory credentials to log you in.

You can enable iDRAC6 to use Kerberos—a network authentication protocol—to enable SSO. For more information, see "About Kerberos Authentication" on page 187. Ensure that you have performed the steps listed in the "Prerequisites for Active Directory SSO and Smart Card Authentication" on page 188 section before configuring iDRAC6 for SSO logon.

Configuring iDRAC6 to Use SSO

Perform the following steps to configure iDRAC6 for SSO using iDRAC Web interface:

1Log in to iDRAC Web interface.

2Go to Remote Access→ Network/Security tab→ Directory Service tab→ Microsoft Active Directory.

3Click Configure Active Directory. The Active Directory Configuration and Management Step 1 of 4 page is displayed.

4Upload the keytab obtained from the Active Directory root domain,

to the iDRAC6. To do this, under Upload Kerberos Keytab, type the path of the keytab file or click Browse to locate the file. Click Upload. The Kerberos keytab will be uploaded into iDRAC6. The keytab is the same file you created while performing the tasks listed in the "Prerequisites for Active Directory SSO and Smart Card Authentication" on page 188.

5Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed.

6Select Enable Single Sign-Onto enable SSO login.

Configuring iDRAC6 for Single Sign-On or Smart Card Login

191

Image 191

Dell IDRAC6 manual Using Microsoft Active Directory SSO, Configuring iDRAC6 to Use SSO, 191

Contents

User Guide July Contents Updating the iDRAC6 Firmware Installing the Software onAccessing the Web Interface Using Multiple Browser Tabs and Windows Cable for the Serial Console Connecting the DB-9 or Null ModemConfiguring the Management Station Viewing Internal Dual SD Module 109 Frequently Asked Questions about 125Using the Web Interface to Configure 106 Prerequisites for Enabling Microsoft Using the Racadm Utility to Configure 139Supported Active Directory Authentication 148 143 177 Generic Ldap Directory Service 178Frequently Asked Questions about 168 198 Troubleshooting the Smart Card191 193 231 213Launching Virtual Console and Virtual 219 221 239 Creating a Bootable Image File 240Using the Ipmi Remote Access 254 Configuring Serial Over LAN Using 254 264 255257 259 284 Frequently Asked Questions 288Power Inventory, Power Budgeting 274 298 293294 295 326 Configuring Platform Events 316Frequently Asked Question about 322 325 333 Using the System Event Log SEL 330Using the Diagnostics Console 337 332 Removable Flash Media Probes 342 Using the Secure Shell SSH 353341 342 IDRAC6 Overview IDRAC6 Express Management Features IDRAC6 Overview Interface and Standards Support IDRAC6 Feature ListIDRAC6 Enterprise and vFlash Media IDRAC6 Express Enterprise With vFlash Remote Management and Remediation Security and AuthenticationConnectivity Logging Monitoring SM-CLP RAC Log Lifecycle Controller Unified Server Configurator IDRAC6 Overview IDRAC6 Server Listening Ports Port Number Function Supported Remote Access ConnectionsSupported Remote Access Connections Features IDRAC6 Ports IDRAC6 Client Ports Port Number Function Other Documents You May Need IDRAC6 Overview IDRAC6 Overview IDRAC6 Overview Getting Started With the iDRAC6 Getting Started With the iDRAC6 Before You Begin Basic Installation of the iDRAC6Installing the iDRAC6 Express/Enterprise Hardware Configuring Your System to Use an iDRAC6 Select Save Changes and Exit Configuring iDRAC6 Software Installation and Configuration OverviewInstalling iDRAC6 Software Installing the Software on the Management Station Installing the Software on the Managed System Uninstalling Racadm Installing Racadm Downloading the iDRAC6 Firmware Updating the iDRAC6 FirmwareBefore You Begin Updating the iDRAC6 Firmware Using Racadm Updating the iDRAC6 Firmware Using the Web-Based Interface Click Tools, and click Internet Options Configuring a Supported Web BrowserList of Trusted Domains Linux Viewing Localized Versions of the Web-Based InterfaceWindows Updated entry Basic Installation of the iDRAC6 Configuring the iDRAC6 Using the Web Interface Accessing the Web Interface Logging Logging Out Using Multiple Browser Tabs and Windows Click Remote Access→ Network/Security→ Network Configuring the iDRAC6 NICConfiguring the Network and Ipmi LAN Settings Click the appropriate button to continue. See Table Network Settings Setting Description Common Settings Description Network Settings Description Preferred DNS Server and Alternate DNS Server fields Common Settings SettingDescriptionIPv4 Settings Description IPv6 Settings Description Vlan Settings SettingDescription IPv6 Settings SettingDescriptionIpmi Settings Description Apply Configuring IP Filtering and IP BlockingNetwork Configuration Page Buttons Description Network Security Page Settings Description 11. Platform Event Filters Index Configuring Platform Events10. Network Security Page Buttons Description Processor AbsentCritical Assert Click System→ Alerts→ Traps Settings Configuring Platform Event Filters PEFConfiguring Platform Event Traps PET Configuring E-Mail Alerts Click System→ Alerts→ Email Alert Settings Configuring Ipmi Using Web Interface Set the Channel Privilege Level Limit and Flow Control Network/Security tab, click Serial Configuring iDRAC6 Users Secure Sockets Layer SSL 12. SSL Page Options Field Description Accessing SSL Through the Web-Based InterfaceClick Remote Access→ Network/Security Certificate Signing Request CSR View Server Certificate Generating a Certificate Signing RequestUpload Server Certificate Locality Common NameOrganization Name Organization Unit 15. Certificate Upload Page Buttons Description Uploading a Server CertificateRefresh Reloads the Generate Certificate Signing Request Menu Button Description Viewing a Server Certificate16. Certificate Information Field Description 17. View Server Certificate Page Buttons Active Directory Configuring and Managing Active DirectoryEnabled Single Sign-On Schema Selection User Domain Name Timeout Certificate Extended SchemaSettings Print Configuring and Managing Generic LdapConfiguring iDRAC6 Services 21. Web Server Settings 20. Local Configuration Setting Description Port Number 21. Web Server Settings SettingDescription22. SSH Settings Description 23. Telnet Settings 26. Automated System Recovery Agent Setting 23. Telnet Settings Description24. Remote Racadm Settings 25. Snmp Settings 27. Services Page Buttons Description Updating the iDRAC6 Firmware/System Services Recovery Image File upload in progress IDRAC6 Firmware Rollback Remote Syslog 28. Remote Syslog Settings AttributeDescription Boot Once First Boot Device29. First Boot Device Attribute Description First Boot Device Remote File Share 30. Remote File Server Settings Attribute Description 30 lists the remote file share settings Internal Dual SD Module Viewing Internal Dual SD Module Status Using GUI 32. SD Card States Description Advanced iDRAC6 Configuration Click Apply Changes Configuring the iDRAC6 Settings to Enable SSH/TelnetStarting a Text Console Through Telnet or SSH Running Telnet Using Microsoft Windows XP or Windows Using a Telnet Console Enable Telnet in Windows Component Services Using the Secure Shell SSH Cryptography Schemes Scheme Type Configuring Linux for Serial Console During Boot Sample File /etc/grub.conf Enabling Login to the Virtual Console After Boot Serial --unit=1 --speed=57600 terminal --timeout=10 serial Sample File /etc/innitab Shows a sample file with the new line Sample File /etc/innitab Sample File /etc/securetty Configuring iDRAC6 for Serial Connection Racadm config -g cfgSerial -o cfgSerialConsoleEnable For Direct Connect Terminal mode 100 101 102 Signal Name 103 Configuring Linux Minicom for Serial Console Emulation 104 Select Save setup as configname and press EnterRequired Minicom Settings for Serial Console Emulation 105 Configuring HyperTerminal for Serial Console Ipmi Serial Settings Description Configuring Serial and Terminal ModesConfiguring Ipmi and iDRAC6 Serial Management Station COM Port Settings Setting Description 107 IDRAC6 Serial Settings10. Serial Page Settings 12. Terminal Mode Settings Page Buttons Description Configuring Terminal ModeSerial page, click Terminal Mode Settings 11. Terminal Mode Settings Description 109 Configuring the iDRAC6 Network SettingsAccessing the iDRAC6 Through a Network 12. Terminal Mode Settings Page Buttons ButtonDescription 13. iDRAC6 Interfaces InterfaceDescription Powercycle, and hardreset commands110 13. iDRAC6 Interfaces Description Using Racadm Remotely111 112 113 14. racadm Command Options DescriptionRacadm Synopsis Racadm Options 114 Racadm SubcommandsEnabling and Disabling the Racadm Remote Capability 115 15. Racadm Subcommands Command Description 116 117 Frequently Asked Questions About Racadm Error MessagesWhat does this message mean? 118 Configuring Multiple iDRAC6 Controllers 119 Creating an iDRAC6 Configuration File 120 121 Parsing RulesExample 122 Modifying the iDRAC6 IP Address 123 Configuring iDRAC6 Network Properties 124 125 Frequently Asked Questions about Network Security16. iDRAC6 NIC Configurations Mode Description IDRAC6 Modes 126 Why doesn’t my DNS server register my iDRAC6? 127 128 129 Adding and Configuring IDRAC6 UsersAdding and Configuring iDRAC6 Users Click Remote Access→ Network/Security→ Users 130 User States and Permissions Setting Description Upload Trusted CA Smart Card Configuration Options OptionDescriptionEnable User 131 IDRAC User Privileges Property Description General User Settings132 Ipmi User Privileges PropertyDescription IDRAC Group Permissions User Group Permissions Granted 133Reasons, assign this privilege carefully 134 Public Key Authentication over SSHUser Configuration Page Buttons Action Before You Begin 135 Generating Public Keys for WindowsGenerating Public Keys for Linux 136 Logging in Using Public Key AuthenticationSending racadm commands Logging 10. View/Remove SSH Keys Option Description SSH Key Configurations Option Description137 Upload SSH Keys Option Description Delete Uploading, Viewing, and Deleting SSH Keys Using RacadmUpload View 139 Using the Racadm Utility to Configure iDRAC6 Users 140 Adding an iDRAC6 UserExample 141 Removing an iDRAC6 UserEnabling an iDRAC6 User With Permissions 142 IDRAC6 User Privileges Description Using iDRAC6 With Microsoft Active Directory143 Privilege Description 144 145 Click Start→ Administrative Tools→ Domain Security PolicyEnabling SSL on a Domain Controller 146 147 Importing the iDRAC6 Firmware SSL Certificate 148 Supported Active Directory Authentication MechanismsExtended Schema Active Directory Overview Active Directory Schema Extensions 149 Overview of the iDRAC Schema ExtensionsActive Directory Object Overview 150 Typical Setup for Active Directory Objects 151 Accumulating Privileges Using Extended Schema 152 153 Extending the Active Directory Schema 154 Using the Dell Schema Extender 155 840.113556.1.8000.1280.1.1.1.5 156DellPrivileges Class DellProduct Class Valued 157Single 158 159 Installing the Administrator Pack Select Privilege Object Creating an iDRAC Device ObjectSelect iDRAC Device Object Creating a Privilege Object Adding Privileges Configuring an Association ObjectCreating an Association Object Adding Users or User Groups 162 Adding iDRAC Devices 163 164 Racadm 165 166 167 168 Standard Schema Active Directory Overview Permissions Granted Bit Mask Groups Level Default Role Group PrivilegesSingle Domain Versus Multiple Domain Scenarios 169 170 Directory Users and Computers Snap-in 171 172 173 174 175 176 177 Testing Your Configurations 178 Generic Ldap Directory ServiceLogin Syntax Directory User versus Local User 179 180 181 Additional settings to test BindDN option Configuring Generic Ldap Directory Service Using RacadmView the settings using the below commands Use Racadm to confirm whether login is possible 183 Frequently Asked Questions about Active Directory 184 When do I need to configure Global Catalog Addresses?How does standard schema query work? 185 Why does iDRAC6 enable certificate validation by default?Does iDRAC6 support the NetBIOS name? Does iDRAC6 always use Ldap over SSL? 186 About Kerberos Authentication Configuring iDRAC6 for Single Sign- On or Smart Card Login 188 Click Remote Access→ Network/Security tab→ Network subtab 189 190 Browser Settings to Enable Active Directory SSOSelect Tools→ Internet Options→ Security→ Local Intranet Click Advanced 191 Using Microsoft Active Directory SSOConfiguring iDRAC6 to Use SSO 192 Logging Into iDRAC6 Using SSOUsing Racadm 193 Configuring Smart Card AuthenticationConfiguring Local iDRAC6 Users for Smart Card Logon Exporting the Smart Card Certificate 194 Configuring Active Directory Users for Smart Card LogonConfiguring Smart Card Using iDRAC6 Network/Security→ tab Smart Card Enable with Remote Racadm setting only to access Smart Card Settings DescriptionEnabled with Remote Racadm Enables Smart Card If you select Enabled or Enabled with Remote Racadm, you Network Logging Into the iDRAC6 Using the Smart CardIDRAC6 under Remote Access→ Network/Security→ 196 197 Unable to Log into Local iDRAC6 Troubleshooting the Smart Card Logon in iDRAC6ActiveX plug-in unable to detect the Smart Card reader Incorrect Smart Card PIN 199 Unable to Log into iDRAC6 as an Active Directory User 200 Frequently Asked Questions About SSO 201 202 203 Using GUI Virtual ConsoleUsing Virtual Console Overview 204 Configuring Your Management Station 205 206 Clear Your Browser’s CacheJava Cache viewer is displayed 207 Common Settings for Microsoft Windows Operating Systems 208 Supported Screen Resolutions and Refresh RatesConfiguring Virtual Console in the iDRAC6 Web Interface Local Server Video 209Remote Presence Port Plug-in Type Configuration Page Buttons DefinitionOpening a Virtual Console Session 210 211 Virtual Console EnabledVideo Encryption Enabled Enabled Remote Presence Port Refresh Reloads the Virtual Console and Virtual Media Virtual Console Preview212 Virtual Console and Virtual Media Page Buttons Definition Virtual Console Preview Options Descritpion Using iDRAC6 Virtual Console Video ViewerSettings on the Console/Media Configuration 213 Virtual Launch Virtual 214Viewer Menu Bar Selections Menu Item Description Pin icon 215 Viewer Menu Bar Selections Menu Item Item Description 216 217 218 Click System→ Console/Media→ ConfigurationDisabling or Enabling Local Server Video 219 Launching Virtual Console and Virtual Media RemotelyURL Format 220 General Error ScenariosError Scenarios Reason Behavior 221 Frequently Asked Questions on Virtual Console CfgRacTuneLocalServerVideo Using Virtual Console Frequently Asked Questions Answer222 223 Bios 224 Standard Dmtf Using the WS-MAN InterfaceSupported CIM Profiles 225 Standard Dmtf 227 Standard Dmtf Dell Extensions 229 WS-MAN release notes or readme file IDRAC6 SM-CLP Support Using the iDRAC6 SM-CLP Command Line Interface 232 SM-CLP FeaturesUsing SM-CLP SM-CLP Targets SM-CLP Targets Definitions 233 Capabilities on the system 234 Dhcp 235 236 237 238 239 Deploying Your Operating System Using VmcliRemote System Requirements Network Requirements Creating an Image File for Linux Systems Creating a Bootable Image FileConfiguring the Remote Systems Preparing for Deployment 241 Deploying the Operating System 242 Using the Vmcli Utility 243 Installing the Vmcli UtilityCommand Line Options 244 Vmcli ParametersIDRAC6 IP Address IDRAC6 User Name 245 IDRAC6 User PasswordFloppy/Disk Device or Image File 246 CD/DVD Device or Image File Encrypted Data Vmcli Operating System Shell OptionsVersion Display Help Display 248 Vmcli Return Codes 249 Configuring Ipmi Using Web-Based InterfaceConfiguring Ipmi Using the Racadm CLI Support.dell.com\manuals 250 251 252 253 254 Using the Ipmi Remote Access Serial InterfaceConfiguring Serial Over LAN Using the Web-Based Interface 255 Configuring and Using Virtual Media 256 Windows-Based Management Station 257 Configuring Virtual MediaVirtual Media Configuration Properties Attribute Value Linux-Based Management Station 258 Virtual Media Configuration Properties AttributeValueConfiguration Page Buttons Description 259 Supported Virtual Media ConfigurationsConnecting Virtual Media Running Virtual Media 260 Click Launch Virtual Console 261 Booting From Virtual MediaDisconnecting Virtual Media Click Tools→ Launch Virtual Media 262 Installing Operating Systems Using Virtual MediaBoot Once Feature 263 Select the Enable Boot Once option under Virtual MediaWindows-Based Systems Linux-Based Systems 264 Frequently Asked Questions about Virtual MediaUsing Virtual Media Frequently Asked Questions Answer 265 Using the Dell Systems Management Tools 266 Answer 267 On Windows Event Collector and click Stop Administrative Tools Services. Right-click268 269 Configuring vFlash SD Card and Managing vFlash Partitions Size 270SD Card Properties Attribute Description Write-protected VFlash Enabled271 Available Space 272 Configuring vFlash or Standard SD Card UsingDisplaying the vFlash or Standard SD Card Properties Getting the Last Status on the vFlash or Standard SD Card Resetting the vFlash or Standard SD CardEnabling or Disabling the vFlash or Standard SD Card Initializing the vFlash or Standard SD Card 274 Managing vFlash Partitions Using iDRAC6 Web InterfaceCreating an Empty Partition Label 275Create Empty Partition Page Options Field Description Index Emulation Type Creating a Partition Using an Image File276 277 Img nor .iso Image Location Formatting a Partition278 Format Type Viewing Available Partitions279 Format Partition Page Options Field Description Attached 280Viewing Available Partitions Field Description Read-Only 281 Modifying a PartitionAttaching and Detaching Partition 282 Deleting Existing PartitionsOperating System Behavior for Attached Partitions Downloading Partition Contents 284 Managing vFlash Partitions Using RacadmBooting to a Partition Valid Options 285 Options only valid with the create actionOptions only valid with the status action Viewing Partition Information Creating a PartitionDeleting a Partition Getting the Status of a Partition 287 Attaching or Detaching a Partition 288 Frequently Asked QuestionsWhen is the vFlash or standard SD card locked? 289 Power Monitoring Management 290 Power Inventory, Power Budgeting, and CappingPower Monitoring Configuring and Managing Power Individual Power Supply Elements The possible values are Viewing the Health Status of the Power Supply UnitsUsing the Web-Based Interface Power Supplies Redundancy Status The possible values are 292 Using Racadm 293 Viewing Power BudgetUsing the Web Interface Power Budget Information page displays 294 Power Budget Threshold 295 Viewing Power MonitoringPower Monitoring 296 Power Tracking StatisticsAmperage 297 Power ConsumptionHeadroom Show Graph 298 Executing Power Control Operations on the Server 299 300 301 Using the iDRAC6 Configuration Utility 302 Starting the iDRAC6 Configuration UtilityUsing the iDRAC6 Configuration Utility 303 IDRAC6 LANIpmi Over LAN LAN Parameters Description LAN Parameters304 305 IPv4 SettingsEthernet IP Address, Subnet Mask, and Default Gateway When Static is selected, the Ethernet IP Address, Subnet 306 IPv6 SettingsSelected, the IPv6 Address 1, Prefix Length, and Default When Static is selected, the IPv6 Address 1, Prefix Length 307 Virtual Media ConfigurationVirtual Media 308 VFlashInitialize vFlash VFlash Properties 309 System Services ConfigurationSystem Services Cancel System Services Smart Card Logon 310 LCD ConfigurationLCD User Configuration Collect System Inventory on Restart 311 LAN User ConfigurationReset to Default Between the options Disabled, View And Modify, and View 312 LAN User Configuration Description 313 314 Exiting the iDRAC6 Configuration UtilitySystem Event Log Menu 315 Monitoring and Alert Management Under Startup and Recovery, click Settings Disabling the Windows Automatic Reboot OptionDisabling the Automatic Reboot Option in Windows Server Click Advanced System Settings under Tasks on the left 317 318 Configuring PEF Using the Web-Based InterfaceConfiguring PEF Using the Racadm CLI 319 Configuring PETConfiguring PET Using the Web User Interface Configuring PET Using the Racadm CLI 320 Configuring E-mail Alerts Using the Web User InterfaceConfiguring E-Mail Alerts Using the Racadm CLI 321 Testing E-mail Alerting 322 Frequently Asked Question about Snmp AuthenticationTesting the RAC Snmp Trap Alert Feature Why is the following message displayed 323 324 325 First Steps to Troubleshoot a Remote System 326 Managing Power on a Remote SystemSelecting Power Control Actions from the iDRAC6 CLI Viewing System Information System Information Field Description Auto Recovery FieldDescriptionMain System Chassis 327 RAC Information Field Description Remote Access Controller328 Embedded NIC MAC Addresses Field Description IPv6 Information Fields Description 329IPv4 Information Field Description 330 Using the System Event Log SELStatus Indicator Icons Icon/Category Description Button Action Using the Command Line to View System Log331 SEL Page Buttons 332 Using the Post Boot Logs Last Crash Screen Page Buttons Action Viewing the Last System Crash ScreenTo view the Last Crash Screen 333 334 335 Using the RAC Log IDRAC Log Buttons Action Using the iDRAC Log Page Buttons336 IDRAC Log Page Information Field Description 337 Using the Command LineUsing the Diagnostics Console 338 Using Identify ServerClick System→ Remote Access→ Troubleshooting→ Identify Diagnostic Commands Description 339 Using the Trace LogUsing the racdump 340 Using the coredump Chassis Intrusion Probes Battery ProbesSensors Fan Probes Removable Flash Media Probes Power Supplies ProbesPower Monitoring Probes Temperature Probe 343 Voltage Probes 344 345 Configuring Security Features Disabling Local Configuration From Local Racadm Security Options for the iDRAC6 AdministratorDisabling the iDRAC6 Local Configuration Disabling Local Configuration During System Reboot 347 348 Disabling iDRAC6 Virtual Console 349 SSL Main Menu Field Description Accessing the SSL Main Menu350 SSL Main Menu Buttons Description 351 Certificate Information Field Description 352Generate Certificate Signing Request CSR Page Buttons 353 Using the Secure Shell SSHConfiguring Services Http Port Number Local Configuration Settings DescriptionWeb Server Settings 354 355 SSH Settings DescriptionTelnet Settings 10. Remote Racadm Settings 356 11. Snmp Agent Settings Description12. Automated System Recovery Agent Setting Description 13. Services Page Buttons 357 Enabling Additional iDRAC6 Security OptionsIP Filtering IpRange 358 Enabling IP Filtering 359 IP Filtering GuidelinesIP Blocking 360 15. Login Retry Restriction Properties Property Definition 361 Network Configuration page, click Advanced SettingsEnabling IP Blocking Penalty Time 16. Network Security Page Settings DescriptionGo Back to Network Returns to the Network Configuration 362 ASR Index Index Index Ipmi Racadm SEL Index Index