for Active Directory Single Sign-On or smart card login
The prerequisites to Active Directory based SSO or Smart Card logins
Synchronize iDRAC time with the Active Directory domain controller
time. If not, kerberos authentication on iDRAC fails. You can use
the Time zone and NTP feature to synchronize the time. To do this,
time zone and ntp
Register iDRAC as a computer in the Active Directory root domain.
Generate a keytab file using the ktpass tool.
To enable Single Sign-On for Extended schema, make sure that the
Trust this user for delegation to any service (Kerberos only) option is selected on the
for the keytab user. This tab is available only after creating the
keytab file using ktpass utility.
Configure the browser to enable SSO login.
Create the Active Directory objects and provide the required privileges.
For SSO, configure the reverse lookup zone on the DNS servers
for the subnet where iDRAC resides.
NOTE: If the host name does
not match the reverse DNS lookup, Kerberos authentication fails.