Dell 2 Biscuit Joiner User Manual


 
Configuring CMC SSO Or Smart Card Login For Active
Directory Users
You can use CMC web interface or RACADM to configure CMC SSO or smart card login.
Configuring CMC SSO Or Smart Card Login For Active Directory Users Using
Web Interface
To configure Active Directory SSO or smart card login for CMC:
NOTE: For information about the options, see the Online Help.
1. While configuring Active Directory to set up user account, perform the following additional steps:
Upload the keytab file.
To enable SSO, select the Enable Single Sign-On option.
To enable smart card login, select the Enable Smart-Card Login option.
NOTE: If these two options are selected, all command line out-of-band interfaces, including
secure shell (SSH), Telnet, Serial, and remote RACADM remain unchanged .
2. Click Apply.
The settings are saved.
You can test the Active Directory using Kerberos authentication using the RACADM command:
testfeature -f adkrb -u <user>@<domain>
where <user> is a valid Active Directory user account.
A command success indicates that CMC is able to acquire Kerberos credentials and access the user's
Active Directory account. If the command is not successful, resolve the error and run the command
again. For more information, see the Chassis Management Controller for PowerEdge VRTX RACADM
Command Line Reference Guide on dell.com/support/manuals.
Uploading Keytab File
The Kerberos keytab file serves as the CMC's user name and password credentials to the Kerberos Data
Center (KDC), which in turns allows access to the Active Directory. Each CMC in the Kerberos realm must
be registered with the Active Directory and must have a unique keytab file.
You can upload a Kerberos Keytab generated on the associated Active Directory Server. You can generate
the Kerberos Keytab from the Active Directory Server by executing the ktpass.exe utility. This keytab
establishes a trust relationship between the Active Directory Server and CMC.
To upload the keytab file:
1.
In the left pane, click Chassis OverviewUser AuthenticationDirectory Services.
2. Select Microsoft Active Directory (Standard Schema).
3. In the Kerberos Keytab section, click Browse, select a keytab file, and click Upload.
When the upload is complete, a message is displayed indicating whether or not the keytab file is
successfully uploaded.
147