This post is more than 5 years old
89 Posts
0
110570
iDRAC 7 Microsoft Active Directory authentication
Hi,
I have setup Microsoft Active Directory on iDRAC 7 with very basic options (no certificates, no Single Sign-On, no Kerberos Keytab, Standard Schema). All works well.
The problem is that we have 2 forests with full trust configured between them and iDRAC is not able to authenticate users from both of them.
Basically we have single domain security group on Forest1 and couple users from both forests (Forest1 and Forest2). If I add domain controllers' (DC) IPs for both domains-forests, authentication fails on the first DC if user is from different domain (check does not reach second DC's IP to check for the user). Error I get:
ERROR: bind failed: Invalid credentials, 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0: user=test@comp.local host=192.168.0.1.
test@comp.local - Forest1 user
192.168.0.1 - Forest2 DC IP
Does iDARC support AD authentication for users from couple separate forests?
Thanks
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
1
January 4th, 2016 08:00
iDRAC only support Active Directory Authentication for domains in single forest.
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
0
January 5th, 2016 00:00
Yes. iDRAC support multiple tree's in same forest
natip
89 Posts
0
January 4th, 2016 23:00
but iDRAC supports single forest with couple domain trees?
Thanks
natip
89 Posts
0
January 5th, 2016 02:00
thanks
dcampbel
2 Posts
0
October 2nd, 2020 15:00
Can you please provide the details about getting it to work without certificates, no Single Sign-On, no Kerberos Keytab, Standard Schema etc?
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
0
October 2nd, 2020 18:00
IDRAC active directory login will work only if SSL is enabled on domain controller i.e. domain controller certificate need to be installed on all domain controllers. Uploading root CA certificate to iDRAC is optional and only require if user need iDRAC to verify the certificate from domain controller during authentication.
You need to configure either standard schema or extended schema for iDRAC active directory authentication. Single sign on and keytabs are not required for basic authentication with active directory.
DELL-Young E
Moderator
Moderator
•
3.6K Posts
0
October 4th, 2020 22:00
Hi we hope this helps!
https://downloads.dell.com/manuals/common/integrated-dell-remote-access-cntrllr-7-v1.10.10_white%20papers1_en-us.pdf
DELL-Young E
Moderator
Moderator
•
3.6K Posts
0
October 4th, 2020 22:00
Hi we hope this helps!
https://dell.to/3cXrP7c