- Notes, cautions, and warnings
- Overview
- Built in iDRAC and PowerEdge Security
- Securely Configuring iDRAC Web Server
- Securely Using TLS/SSL Certificate
- Federal Information Processing Standards (FIPS)
- Secure Shell (SSH)
- Network Security Configuration
- Interfaces and Protocols to Access iDRAC
- iDRAC Port Configuration
- IPMI and SNMP Security Best Practices
- Secure Enterprise Key Manager (SEKM) Security
- iDRAC9 Group Manager
- Virtual Console and Virtual Media Security
- VNC Security
- User Configuration and Access Control
- Configuring Local Users
- Disabling Access to Modify iDRAC Configuration Settings on Host System
- iDRAC User Roles and Privileges
- Superroot User
- Recommended Characters in Usernames and Passwords
- Password Strength Policy
- Secure Default Password
- Changing the Default Login Password using Web Interface
- Force Change of Password (FCP)
- Simple 2-Factor Authentication (Simple 2FA)
- RSA SecurID Two Factor Authentication (2FA) iDRAC9 Datacenter
- Active Directory
- LDAP
- Customizable Security Banner
- System Lockdown Mode
- Securely Configuring BIOS System Security
- Secure Boot Configuration
- Securely Erasing Data
- LCD Panel
- Server Inventory, Lifecycle Log, Server Profiles, and Licenses Import and Export
- Security Events Lifecycle Log
- Default Configuration Values
- Network Vulnerability Scanning
- Security Licensing
- Field Service Debug (FSD)
- Best Practices
- Appendix - White papers
iDRAC9 Security Configuration Guide
Active Directory
If your company uses the Microsoft Active Directory software, you can configure the software to provide access to iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your directory service. This is a licensed feature.
You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authorizations, which enables an administrator to configure specific privileges for each user. For full instructions on configuring Active Directory, see iDRAC user guide.
The Certificate Settings page in iDRAC GUI is used to configure the digital certificate that is used during initiation of TLS/SSL connections when communicating with the Active Directory (AD) server; these communications use LDAP over TLS/SSL (LDAPS). When certificate validation is enabled, it is necessary to upload the certificate of the Certificate Authority (CA) that issued the certificate that is used by the AD server during initiation of TLS/SSL connections. The CA's certificate is used to validate the authenticity of the certificate provided by the AD server during TLS/SSL initiation. For more information, see https://downloads.dell.com/solutions
| Certificate Validation | Select Enabled to validate the SSL certificate of your Active Directory server. |
| iDRAC always uses LDAP over Secure Socket Layer (SSL) while connecting to Active Directory. By default, iDRAC uses the CA certificate available in iDRAC to validate the SSL server certificate of the domain controllers during SSL handshake and provides security. You can disable the certificate validation for testing purposes, or when you choose to trust the domain controllers in the security boundary without validating their SSL certificates. |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\