Installation Manual
Using the iDRAC6 Directory Service 143
Prerequisites for Enabling Microsoft Active
Directory Authentication for iDRAC6
To use the Active Directory authentication feature of the iDRAC6, you must
have already deployed an Active Directory infrastructure. See the Microsoft
website for information on how to set up an Active Directory infrastructure,
if you do not already have one.
iDRAC6 uses the standard Public Key Infrastructure (PKI) mechanism to
authenticate securely into the Active Directory; therefore, you would also
require an integrated PKI into the Active Directory infrastructure. See the
Microsoft website for more information on the PKI setup.
To correctly authenticate to all the domain controllers, you also need to
enable the Secure Socket Layer (SSL) on all domain controllers that
iDRAC6 connects to. See "Enabling SSL on a Domain Controller" on
page 143 for more specific information.
Enabling SSL on a Domain Controller
When the iDRAC authenticates users against an Active Directory domain
controller, it starts an SSL session with the domain controller. At this time,
the domain controller should publish a certificate signed by the Certificate
Authority (CA)—the root certificate of which is also uploaded into the
iDRAC. In other words, for iDRAC to be able to authenticate to any domain
controller—whether it is the root or the child domain controller—that
domain controller should have an SSL-enabled certificate signed by the
domain’s CA.
If you are using Microsoft Enterprise Root CA to automatically assign all your
domain controllers to an SSL certificate, perform the following steps to
enable SSL on each domain controller:
Enable SSL on each of your domain controllers by installing the SSL
certificate for each controller.
1
Click
Start
Administrative Tools
Domain Security Policy
.
2
Expand the
Public Key Policies
folder, right-click
Automatic Certificate
Request Settings
and click
Automatic Certificate Request
.