Installation Manual

ManualsBrandsTechBenchSystems ManualsComputers & AccessoriesDell PowerEdge R610 Virtualization Server 2.53GHz 8-Core E5540 32GB 2x146GB PERC6

181

182

183

184

185

186

187

188

189

190

Configuring iDRAC6 for Single Sign-On or Smart Card Login 187

Since the iDRAC6 is a device with a non-Windows operating system, run

the

ktpass

utility—part of Microsoft Windows—on the domain controller

(Active Directory server) where you want to map the iDRAC6 to a user

account in Active Directory.

For example, use the following

ktpass

command to create the Kerberos

keytab file:

C:\>ktpass -princ

HOST/dracname.domainname.com@DOMAINNAME.COM -

mapuser dracname -crypto DES-CBC-MD5 -ptype

KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab

The encryption type that iDRAC6 uses for Kerberos authentication is

DES-CBC-MD5. The principal type is KRB5_NT_PRINCIPAL. The

properties of the user account that the Service Principal Name is mapped

to should have

Use DES encryption types for this account

property

enabled.

NOTE: It is recommended that you use the latest ktpass utility to create the

keytab file.

This procedure will produce a keytab file that you should upload to the

iDRAC6.

NOTE: The keytab contains an encryption key and should be kept secure.

For more information on the

ktpass

utility, see the Microsoft website at:

http://technet2.microsoft.com/windowsserver/en/library/64042138-9a5a-

4981-84e9-d576a8db0d051033.mspx?mfr=true

• The iDRAC6 time should be synchronized with the Active Directory

domain controller. You can also use the following RACADM time zone

offset command to synchronize the time:

racadm config -g cfgRacTuning -o

cfgRacTuneTimeZoneOffset <offset value>

• To enable single sign-on for Extended schema, ensure that the

Trust this

user for delegation to any service (Kerberos only)

option is selected on the

Delegation

tab for the keytab user. This tab is available only after creating

the keytab file using

ktpass

utility.