Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

natip

89 Posts

110570

January 4th, 2016 05:00

iDRAC 7 Microsoft Active Directory authentication

Hi,

I have setup Microsoft Active Directory on iDRAC 7 with very basic options (no certificates, no Single Sign-On, no Kerberos Keytab, Standard Schema). All works well.

The problem is that we have 2 forests with full trust configured between them and iDRAC is not able to authenticate users from both of them.

Basically we have single domain security group on Forest1 and couple users from both forests (Forest1 and Forest2). If I add domain controllers' (DC) IPs for both domains-forests, authentication fails on the first DC if user is from different domain (check does not reach second DC's IP to check for the user). Error I get: 

ERROR: bind failed: Invalid credentials, 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0: user=test@comp.local host=192.168.0.1.

test@comp.local - Forest1 user
192.168.0.1 -         Forest2 DC IP

Does iDARC support AD authentication for users from couple separate forests?

Thanks

DELL-Shine K

4 Operator

 • 

3K Posts

January 4th, 2016 08:00

iDRAC only support Active Directory Authentication for domains in single forest.

DELL-Shine K

4 Operator

 • 

3K Posts

January 5th, 2016 00:00

Yes. iDRAC support multiple tree's in same forest

natip

89 Posts

January 4th, 2016 23:00

but iDRAC supports single forest with couple domain trees?

Thanks

natip

89 Posts

January 5th, 2016 02:00

thanks

dcampbel

2 Posts

October 2nd, 2020 15:00

 

Can you please provide the details about getting it to work without certificates, no Single Sign-On, no Kerberos Keytab, Standard Schema etc?

DELL-Shine K

4 Operator

 • 

3K Posts

October 2nd, 2020 18:00

IDRAC active directory login will work only if SSL is enabled on domain controller i.e. domain controller certificate need to be installed on all domain controllers. Uploading root CA certificate to iDRAC is optional and only require if user need iDRAC to verify the certificate from domain controller during authentication.

You need to configure either standard schema or extended schema for iDRAC active directory authentication. Single sign on and keytabs are not required for basic authentication with active directory.

DELL-Young E

Moderator

 • 

3.6K Posts

October 4th, 2020 22:00

DELL-Young E

Moderator

 • 

3.6K Posts

October 4th, 2020 22:00

Hi we hope this helps!

 

https://dell.to/3cXrP7c

View More

View All

No Events found!

Top