Dell POWEREDGE M1000E User Manual

Page 150

Advertising
background image

Configuring CMC SSO Or Smart Card Login For Active Directory

Users

You can use CMC Web interface or RACADM to configure CMC SSO or smart card login.
Related Links

Prerequisites For Single Sign-On Or Smart Card Login
Uploading the Keytab File

Configuring CMC SSO Or Smart Card Login For Active Directory Users Using Web

Interface

To configure Active Directory SSO or smart card login for CMC:

NOTE: For information about the options, see the

CMC Online Help

.

1.

While configuring Active Directory to setup a user account, perform the following additional steps:

– Upload the keytab file
– To enable SSO, select Enable Single Sign-On option.
– To enable smart card login, select Enable Smart-Card Login option.

NOTE: All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote

RACADM remain unchanged if this option is selected.

2.

Click Apply.
The settings are saved.
You can test the Active Directory using Kerberos authentication using the RACADM command:
testfeature -f adkrb -u <user>@<domain>

where <user> is a valid Active Directory user account.
A command success indicates that CMC is able to acquire Kerberos credentials and access the user's Active
Directory account. If the command is not successful, resolve the error and run the command again. For more
information, see RACADM

Command Line Reference Guide for iDRAC7 and CMC

on dell.com/support/manuals.

Uploading the Keytab File

The Kerberos keytab file serves as the CMC's user name and password credentials to the Kerberos Data Center (KDC),
which in turns allows access to the Active Directory. Each CMC in the Kerberos realm must be registered with the
Active Directory and must have a unique keytab file.
You can upload a Kerberos Keytab generated on the associated Active Directory Server. You can generate the Kerberos
Keytab from the Active Directory Server by executing the ktpass.exe utility. This keytab establishes a trust relationship
between the Active Directory Server and CMC.
To upload the keytab file:

1.

In the system tree, go to Chassis Overview, and then click User Authentication → Directory Services.

2.

Select Microsoft Active Directory (Standard Schema).

3.

In the Kerberos Keytab section, click Browse, select keytab file, and click Upload.
When the upload is complete, a message is displayed indicating whether the keytab file is successfully uploaded or
not.

150

Advertising
Popular Brands
Popular manuals