Troubleshooting
Microsoft® Active Directory® Theory and Operation with the Dell™ Chassis Management Controller
6
The keytab file is created on the domain controller to map a basic user account to the device. This
allows the Dell Chassis Management Controller to connect to DS to lookup other objects in the tree and
to find the permissions allowed by the Dell Chassis Management Controller. Because all permissions are
only managed in DS, in extended schema mode, the Dell Chassis Management Controller must have
access to DS using LDAP.
The Operation of Dell Chassis Management Controller
There are two ways to integrate Active Directory with Dell Chassis Management Controller:
Standard schema
Extended schema
Standard schema
With the standard schema, permissions are managed on the Dell Chassis Management Controller and
user groups are managed on the Active Directory domain. The extended schema lets you manage all
the users, devices and permissions in Active Directory. The Dell Chassis Management Controller
operating system is running a version of Linux. For this operating system to access the Active Directory
domain, it must search LDAP in DS for permissions. This allows the Dell Chassis Management Controller
a level of access to the domain and to grant user access to the Dell Chassis Management Controller
based on these permissions. This is the purpose of the keytab file. The keytab file maps the user
account in Active Directory to the device. This way the device can access Active Directory to lookup
information, permissions, devices and users, all which have access to the Dell Chassis Management
Controller.
Standard schema access setup uses a group on the Active Directory domain. This is also the easiest
schema to setup for Active Directory users. All the users are added to the group in Active Directory,
while the permissions are managed at the Dell Chassis Management Controller. Within the Active
Directory group, you add Active Directory users that can access the Dell Chassis Management
Controller. You can create five different groups in Active Directory. These groups map to five different
groups on the Dell Chassis Management Controller, with a different set of permissions for each group.
You do not need to add or update any schema objects to your Active Directory environment for this
authentication scheme. This lets the Active Directory users in the group access the Dell Chassis
Management Controller, based on the permissions of the group created on the Dell Chassis Management
Controller. We have created four permission groups:
Administrators
Power users
Guest users
Custom groups
Do not add the same user to multiple Active Directory groups. The domain name you created is linked
to the standard schema setup page on the Dell Chassis Management Controller. This is how the Dell
Chassis Management Controller knows which domain to access. On the Dell Chassis Management
Controller you add the domain and the group of user from Active Directory. When you enter the domain
name, DNS translates the name to an IP address and uses this on the network to connect to the
domain.