Highlighted
aclowd
1 Copper

Active directory not working with CMC and idrac

I have spend the majority of the day configuring Directory Services in CMC and idrac to work with my Active Directory. I have a group on the DC set up, I have verified all of the IP address, FQDN's and everything are correct. During the test I get the same error:

[check]: (system) Verify needed system resources: PASSED

[check]: (setup) Validate AD configuration: PASSED

INFO - (setup) Using standard schema

INFO - (setup) SSL certificate check disabled -- skipping check

[check]: (dns) Acquire LDAP and GC SRV records: PASSED

[check]: (authen) Acquire user privileges: FAILED

ERROR - (authen) AD INVALID CREDENTIAL 0x00006007

RESULT - Unable to acquire user privileges

TEST FAILED

From what I've gathered, this seems to be acting like an incorrect username and password. I've checked, and rechecked, as well as had others try their passwords and usernames all to no avail, same results each time. I'm completely at a loss as to why I can't get this working.

 

0 Kudos
2 Replies
Moderator
Moderator

Re: Active directory not working with CMC and idrac

Hello

There is a white paper on this page that goes into more detail than the manual on how to set up Active Directory integration.

https://www.dell.com/support/article/sln311065/

http://www.dell.com/idracmanuals/

Thanks

Daniel Mysinger
Dell EMC, Enterprise Engineer

Get support on Twitter @DellCaresPRO

0 Kudos
aclowd
1 Copper

Re: Active directory not working with CMC and idrac

Daniel,

Thank you for that link. The process listed is exactly what I've followed previously. After looking at some logs, I'm noticing that idrac and CMC are attempting to contact the LDAP server on port 636 which uses SSL, even though I have certificate validation unchecked so it should use port 389(?) unsecured. With this knowledge, I am assuming that this functionality is not working as intended.

So I asked my domain admin for the CA certificate from our domain controller. It's listed as intended use for server authentication only, but it's the only certificate from our DC at all. He sent me the .cer file, but every time I try and upload at iDRAC settings>user authentication>directory services page, it says "Upload failed: Unable to get local issuer certificate." I feel as though there is a missing step somewhere in the process. Our network is a closed, restricted network, no access to the internet. I'm not sure if that will affect anything or not. Policy dictates that I have as few local accounts as possible, so I really need to get active directory functioning on cmc and idrac. 

I have searched through forums and found multiple people with this same or very similar issues that have not figured it out or gotten the help required to fix this issue. Idrac firmware version is 2.60.60.60. Yes the date/time is correct. I've tried configuring it multiple ways, DNS or direct IP, FQDN, and it's always the same result. I was able to upload a root certificate from verisign, but that doesn't help authenticate to my domain controller.

0 Kudos