Supported Active Directory Authentication Mechanisms - Dell iDRAC7 User Manual

3. Enter mmc and click OK.
4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.
5. In the Add/Remove Snap-In window, click Add.
6. In the Standalone Snap-In window, select Certificates and click Add.
7. Select Computer and click Next.
8. Select Local Computer, click Finish, and click OK.
9. In the Console 1 window, go to Certificates Personal Certificates folder.
10. Locate and right-click the root CA certificate, select All Tasks, and click Export....
11. In the Certificate Export Wizard, click Next, and select No do not export the private key.
12. Click Next and select Base-64 encoded X.509 (.cer) as the format.
13. Click Next and save the certificate to a directory on your system.
14. Upload the certificate you saved in step 13 to iDRAC7.
Importing iDRAC7 Firmware SSL Certificate
iDRAC7 SSL certificate is the identical certificate used for iDRAC7 Web server. All iDRAC7 controllers are shipped with a
default self-signed certificate.
If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to
upload iDRAC7 Server certificate to the Active Directory Domain controller. This additional step is not required if the
Active Directory does not perform a client authentication during an SSL session's initialization phase.
NOTE: If your system is running Windows 2000, the following steps may vary.
NOTE: If iDRAC7 firmware SSL certificate is CA-signed and the certificate of that CA is already in the domain
controller's Trusted Root Certificate Authority list, do not perform the steps in this section.
To import iDRAC7 firmware SSL certificate to all domain controller trusted certificate lists:
1. Download iDRAC7 SSL certificate using the following RACADM command:
racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>
2. On the domain controller, open an MMC Console window and select Certificates → Trusted Root Certification
Authorities.
3. Right-click Certificates, select All Tasks and click Import.
4. Click Next and browse to the SSL certificate file.
5. Install iDRAC7 SSL Certificate in each domain controller's Trusted Root Certification Authority.
If you have installed your own certificate, make sure that the CA signing your certificate is in the Trusted Root
Certification Authority list. If the Authority is not in the list, you must install it on all your domain controllers.
6. Click Next and select whether you want Windows to automatically select the certificate store based on the type of
certificate, or browse to a store of your choice.
7. Click Finish and click OK. The iDRAC7 firmware SSL certificate is imported to all domain controller trusted
certificate lists.

Supported Active Directory Authentication Mechanisms

You can use Active Directory to define iDRAC7 user access using two methods:
Standard schema solution, which uses Microsoft's default Active Directory group objects only.
•
Extended schema solution, which has customized Active Directory objects. All the access control objects are
•
maintained in Active Directory. It provides maximum flexibility to configure user access on different iDRAC7s with
varying privilege levels.
126