Friday, November 12, 2010

Dell Remote Access Controller 6 (iDRAC6) authentication with Microsoft Active Directory

Today while trying to setup some new Dell R810 DRAC's to use Active Directory for Authentication. However I kept getting the following errors.
Environment 
  • iDrac version 6
  • Schema Selection: Standard Schema 
  • Certificate Validation Enabled: No
The useful part of the error when testing the Directory Service Settings. 
user=(Username), host=(DCFN)
16:07:25 Connecting to ldaps://[(DCFN)]:636...
16:07:25 ERROR: Can't contact LDAP server, (null):
Please check the following things:
- the correct Certificate Authority (CA) certificate has been uploaded to iDRAC
- the iDRAC date is within the valid period of the directory server and CA certificates
- the LDAP server address configured in iDRAC matches the subject of the directory server certificate

16:07:25 Connecting to ldaps://[(DCFN)]:3269...
16:07:25 ERROR: Can't contact LDAP server, (null):
Please check the following things:
- the correct Certificate Authority (CA) certificate has been uploaded to iDRAC
- the iDRAC date is within the valid period of the directory server and CA certificates
- the LDAP server address configured in iDRAC matches the subject of the directory server certificate
user=(Username), host=(DCFN)
Solution
The issue stood out when reading the following Frequently Asked Questions.
Question: Does iDRAC6 always use LDAP over SSL?
Answer: Yes. All the transportation is over secure port 636 and/or 3269.
Our Domain Controllers didn't allow LDAP over SSL (LDAPS). The errors didn't come up in Google search so may this help someone else.
See my other post on how to enable LDAP over SSL: Enable LDAP over SSL (LDAPS) on Windows 2008 Active Directory Domain
Links
http://support.dell.com/support/edocs/software/smdrac3/idrac/idrac10mono/en/ug/html/racugc7.htm#wp53492

No comments:

Post a Comment

Please leave a comment; someone, anyone!