for Active Directory Single Sign-On or Smart Card Login
The pre-requisites to Active Directory based SSO or Smart Card
Synchronize iDRAC7 time with the Active Directory domain controller
time. If not, kerberos authentication on iDRAC7 fails. You can use
the Time zone and NTP feature to synchronize the time. To do this,
Time zone and NTP
Register iDRAC7 as a computer in the Active Directory root domain.
Generate a keytab file using the ktpass tool.
To enable single sign-on for Extended schema, make sure that the
Trust this user for delegation to any service (Kerberos only) option is selected on the
for the keytab user. This tab is available only after creating the
keytab file using ktpass utility.
Configure the browser to enable SSO login.
Create the Active Directory objects and provide the required privileges.
For SSO, configure the reverse lookup zone on the DNS servers
for the subnet where iDRAC7 resides.
NOTE: If the host name does
not match the reverse DNS lookup, Kerberos authentication fails.