Manualshelf

Users Guide

ManualsBrandsDell ManualsAlienwareOEMR R240
161162163164165166167168169170
Creating Active Directory objects and providing privileges
Logging in to Active Directory Standard schema based SSO
Perform the following steps for Active Directory Standard schema based SSO login:
1. Create a User Group.
2. Create a User for Standard schema.
NOTE: Use the existing AD User Group & AD User.
Logging in to Active Directory Extended schema based SSO
Perform the following steps for Active Directory Extended schema based SSO login:
1. Create the device object, privilege object, and association object in the Active Directory server.
2. Set access privileges to the created privilege object.
NOTE: It is recommended not to provide administrator privileges as this could bypass some security checks.
3. Associate the device object and privilege object using the association object.
4. Add the preceding SSO user (login user) to the device object.
5. Provide access privilege to Authenticated Users for accessing the created association object.
Logging in to Active Directory SSO
Perform the following steps for Active Directory SSO login:
1. Create a Kerberos key-tab user which is used for the creation of the key-tab file.
NOTE: Create new KERBROS key for every iDRAC IP.
Configuring iDRAC SSO login for Active Directory
users
Before configuring iDRAC for Active Directory SSO login, make sure that you have completed all the prerequisites.
You can configure iDRAC for Active Directory SSO when you setup an user account based on Active Directory.
Creating a User in Active Directory for SSO
To create a user in Active Directory for SSO:
1. Create a new user in the organization unit.
2. Go to Kerberos User>Properties>Account>Use Kerberos AES Encryption types for this account
3. Use the following command to generate a Kerberos keytab in the Active Directory server:
C:\> ktpass.exe -princ HTTP/idrac7name.domainname.com@DOMAINNAME.COM -mapuser
DOMAINNAME\username -mapop set -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL -pass
[password] -out c:\krbkeytab
Note for Extended Schema
Change the Delegation setting of the Kerberos user.
Go to Kerberos User>Properties>Delegation>Trust this user for delegation to any service (Kerberos only)
NOTE: Log-off and Log-in from the Management Station Active Directory user after changing the above setting.
166 Configuring iDRAC for Single Sign-On or smart card login