Installation Manual
198 Configuring iDRAC6 for Single Sign-On or Smart Card Login
of 18:00 which would require you to enter 360 in the above command for
the offset. You can also use
cfgRacTuneDaylightoffset
to allow for daylight
savings variation. This saves you from having to change the time on those
two occasions every year when the daylight savings adjustments are made,
or allow for it in the above offset using 300 in the above example.
Frequently Asked Questions About SSO
SSO login fails on Windows Server 2008 R2 x64. What should I do for SSO
to work with Windows Server 2008 R2 x64?
1
Execute
http://technet.microsoft.com/en
-
us/library/dd560670(WS.10).aspx
for the
domain controller and domain policy. Configure your computers to use the
DES-CBC-MD5 cipher suite. These settings might affect compatibility
with client computers or services and applications in your environment.
The
Configure encryption types allowed for Kerberos
policy setting is
located at
Computer Configuration\Security Settings\Local
Policies\Security Options
.
2
The domain clients must have the updated GPO. At the command line,
type
gpupdate /force
and delete the old key tab with
klist
purge
cmd.
3
Once the GPO has been updated, create the new keytab.
4
Upload the keytab to the iDRAC6.
You can now log in to iDRAC using SSO.
SSO login fails with AD users on Windows 7 and Windows Server 2008 R2.
What should I do to resolve this?
You must enable the encryption types for Windows 7 and Windows Server
2008 R2. To enable the encryption types:
1
Log in as administrator or as a user with adminstrative privilege.
2
Go to
Start
and run
gpedit.msc
. The
Local Group Policy Editor
window is
displayed.
3
Navigate to
Local Computer Settings
Windows Settings
Security
Settings
Local Policies
Security Options
.
4
Right-click
Network Security: Configure encryption types allowed for
kerberos
and select
Properties
.