Setup Guide
Table Of Contents
- 1 Introduction
- 2 iDRAC9 Configuration for RSA SecurID
- 3 RSA SecurID 2FA with Local Users
- 4 RSA SecurID 2FA with Active Directory Users
- 5 RSA SecurID 2FA with Generic LDAP Directory Users
- 6 Troubleshooting RSA SecurID Issues
- 6.1 Misconfiguration or iDRAC Configuration Gets Reset
- 6.2 Datacenter License Expires or Gets Downgraded or Deleted
- 6.3 Authentication Failures without being Prompted for RSA Passcode
- 6.4 Authentication failures with Correct RSA Passcode
- 6.5 Authentication Failures with Correct RSA Passcode due to Timeout
- 6.6 RSA Configuration gets lost after importing Server Configuration Profile
- Appendix A: Configure iDRAC Using RACADM
- Appendix B: References
Troubleshooting RSA SecurID Issues
ID 450
Appendix A: Configure iDRAC Using RACADM
A.1 Upload RSA AM Certificate Chain
Run the following RACADM command to upload RSA AM certificate chain.
Assuming rsa_am.cert contains the certificate of RSA AM server along with its signing certificates in a single
file.
C:> racadm -r <idrac-ip-or-hostname> -u <username> -p <password> sslcertupload -t 9 -f rsa_am.cert
Use RACADM to upload RSA cert chain.
A.2 Configure RSA SecurID Global Settings
Run the following RACADM command to configure RSA SecurID global settings.
racadm>> set iDRAC.RSASecurID2FA.RSASecurIDAuthenticationServer https://<rsa-am-server-
hostname>:<port>/mfa/v1_1
racadm>> set iDRAC.RSASecurID2FA.RSASecurIDClientID "idrac-rsa-dev.cec.delllabs.net"
racadm>> set iDRAC.RSASecurID2FA.RSASecurIDAccessKey
"n8xh7fud5712v661728ibx2adph5b2zbi25zfp7d609616b607bhd7450cvkbg1x"
Use RACADM to configure RSA SecurID 2FA settings.
A.3 Enable RSA SecurID on a Local User
Run the following RACADM command to enable RSA SecurID on a local user.