Filter
Top Products
8
Configuring iDRAC for Single Sign-On or
Smart Card Login
This section provides information to configure iDRAC for Smart Card login (for local users and Active
Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are
licensed features.
iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins.
For information on Kerberos, see the Microsoft website.
Related Links
Configuring iDRAC SSO Login for Active Directory Users
Configuring iDRAC Smart Card Login for Local Users
Configuring iDRAC Smart Card Login for Active Directory Users
Prerequisites for Active Directory Single Sign-On or Smart
Card Login
The pre-requisites to Active Directory based SSO or Smart Card logins are:
• Synchronize iDRAC time with the Active Directory domain controller time. If not, kerberos
authentication on iDRAC fails. You can use the Time zone and NTP feature to synchronize the time.
To do this, see Configuring Time zone and NTP.
• Register iDRAC as a computer in the Active Directory root domain.
• Generate a keytab file using the ktpass tool.
• To enable single sign-on for Extended schema, make sure that the Trust this user for delegation to
any service (Kerberos only) option is selected on the Delegation tab for the keytab user. This tab is
available only after creating the keytab file using ktpass utility.
• Configure the browser to enable SSO login.
• Create the Active Directory objects and provide the required privileges.
• For SSO, configure the reverse lookup zone on the DNS servers for the subnet where iDRAC resides.
NOTE: If the host name does not match the reverse DNS lookup, Kerberos authentication fails.
Related Links
Configuring Browser to Enable Active Directory SSO
Registering iDRAC as a Computer in Active Directory Root Domain
Generating Kerberos Keytab File
Creating Active Directory Objects and Providing Privileges
165