Users Guide
6. If you have enabled certificate validation, you must upload the domain forest root certificate authority-signed certificate to CMC. In
the Manage Certificates section, type the file path of the certificate or browse to the certificate file. Click Upload to upload the file
to CMC.
NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the
absolute file path, which includes the full path and the complete file name and file extension.
The SSL certificates for the domain controllers must be signed by the root certificate authority-signed certificate. The root certificate
authority-signed certificate must be available on the management station accessing CMC.
CAUTION: SSL certificate validation is required by default. Disabling this certificate is not recommended.
7. If you have enabled Single Sign-On (SSO), in the Kerberos Keytab section, click Browse, specify the keytab file and click Upload.
When the upload is complete, a message is displayed indicating a successful or failed upload.
8. Click Apply.
The CMC web server automatically restarts after you click Apply.
9. Log in to the CMC Web interface.
10. Select Chassis in the system tree, click the Network tab, and then click the Network subtab. The Network Configuration page is
displayed.
11. If Use DHCP for CMC Network Interface IP Address is enabled, do one of the following:
• Select Use DHCP to Obtain DNS Server Addresses to enable the DHCP server to obtain the DNS server addresses
automatically.
• Manually configure a DNS server IP address by leaving the Use DHCP to Obtain DNS Server Addresses check box unchecked
and then typing your primary and alternate DNS server IP addresses in the fields provided.
12. Click Apply Changes.
The Active Directory settings for extended schema is configured.
Configuring Active Directory With Extended Schema Using RACADM
To configure a CMC Active Directory with Extended Schema by using the RACADM commands, oen a command prompt and enter the
following commands at the command prompt:
racadm config -g cfgActiveDirectory -o cfgADEnable 1
racadm config -g cfgActiveDirectory -o cfgADType 1
racadm config -g cfgActiveDirectory -o cfgADRacName <RAC common name>
racadm config -g cfgActiveDirectory -o cfgADRacDomain < fully qualified rac domain name >
racadm config -g cfgActiveDirectory -o cfgADDomainController1 < fully qualified domain name
or IP Address of the domain controller >
racadm config -g cfgActiveDirectory -o cfgADDomainController2 < fully qualified domain name
or IP Address of the domain controller >
racadm config -g cfgActiveDirectory -o cfgADDomainController3 < fully qualified domain name
or IP Address of the domain controller >
NOTE:
You must configure at least one of the three addresses. CMC attempts to connect to each of the configured
addresses one-by-one until it makes a successful connection. With Extended Schema, these are the FQDN or IP
addresses of the domain controllers where this CMC device is located.
To disable the certificate validation during an handshake (optional):
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0
NOTE: In this case, you do not have to upload a CA certificate.
To enforce the certificate validation during SSL handshake (optional):
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1
In this case, you must upload a CA certificate:
racadm sslcertupload -t 0x2 -f < ADS root CA certificate >
NOTE:
If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that
DNS is configured correctly under.
126 Configuring User Accounts and Privileges