Home > Dell > System > Dell Drac 5 User Guide

Dell Drac 5 User Guide

    Download as PDF Print this page Share this page

    Have a look at the manual Dell Drac 5 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 327 Dell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    Page
    of 418
    							Advanced Configuration of the DRAC 591
    racadm config -g cfgLanNetworking -o cfgDNSRacName 
    RAC-EK00002
    racadm config -g cfgLanNetworking -o 
    cfgDNSDomainNameFromDHCP 0
    racadm config -g cfgLanNetworking -o cfgDNSDomainName 
    MYDOMAIN
     NOTE: If cfgNicEnable is set to 0, the DRAC 5 LAN is disabled even if DHCP is 
    enabled.
    DRAC Modes
    The DRAC 5 can be configured in one of three modes:
    •Dedicated
    •Shared
    • Shared with failover
    Table 4-21 provides a description of each mode.
    Table 4-21. DRAC 5 NIC Configurations
    Mode Description
    Dedicated The DRAC uses its own NIC (RJ-45 connector) and the BMC 
    MAC address for network traffic.
    Shared The DRAC uses Broadcom LOM1 on the planar.
    Shared with 
    failoverThe DRAC uses Broadcom LOM1 and LOM2 as a team for 
    failover. The team uses the BMC MAC address. 
    						
    							92Advanced Configuration of the DRAC 5
    Frequently Asked Questions
    When accessing the DRAC 5 Web-based interface, I get a security warning 
    stating the hostname of the SSL certificate does not match the hostname of 
    the DRAC 5.
    The DRAC 5 includes a default DRAC 5 server certificate to ensure network 
    security for the Web-based interface and remote racadm features. When this 
    certificate is used, the Web browser displays a security warning because the 
    default certificate is issued to DRAC 5 default certificate which does not 
    match the host name of the DRAC 5 (for example, the IP address). 
    To address this security concern, upload a DRAC 5 server certificate issued to 
    the IP address of the DRAC 5. When generating the certificate signing 
    request (CSR) to be used for issuing the certificate, ensure that the common 
    name (CN) of the CSR matches the IP address of the DRAC 5 (for example, 
    192.168.0.120) or the registered DNS DRAC name.
    To ensure that the CSR matches the registered DNS DRAC name:
    1
    In the System tree, click Remote Access.
    2Click the Configuration tab and then click Network.
    3In the Network Settings page:
    aSelect the Register DRAC on DNS check box.
    bIn the DNS DRAC Name field, enter the DRAC name.
    4Click Apply Changes.
    See Securing DRAC 5 Communications Using SSL and Digital Certificates 
    on page 215 for more information about generating CSRs and issuing 
    certificates.
    Why are the remote racadm and Web-based services unavailable after a 
    property change?
    It may take a while for the remote RACADM services and the Web-based 
    interface to become available after the DRAC 5 Web server resets.
    The DRAC 5 Web server is reset after the following occurrences:
    • When the network configuration or network security properties are 
    changed using the DRAC 5 Web user interface
    •When the 
    cfgRacTuneHttpsPort property is changed (including when a 
    config 
    -f  changes it) 
    						
    							Advanced Configuration of the DRAC 593
    •When racresetcfg is used
    • When the DRAC 5 is reset
    • When a new SSL server certificate is uploaded
    Why doesn’t my DNS server register my DRAC 5?
    Some DNS servers only register names of 31 characters or fewer.
    When accessing the DRAC 5 Web-based interface, I get a security warning 
    stating the SSL certificate was issued by a certificate authority (CA) that is 
    not trusted.
    DRAC 5 includes a default DRAC 5 server certificate to ensure network 
    security for the Web-based interface and remote racadm features. This 
    certificate was not issued by a trusted CA. To address this security concern, 
    upload a DRAC 5 server certificate issued by a trusted CA (for example, 
    Thawte or Verisign). See Securing DRAC 5 Communications Using SSL and 
    Digital Certificates on page 215 for more information about issuing 
    certificates. 
    						
    							94Advanced Configuration of the DRAC 5 
    						
    							Adding and Configuring DRAC 5 Users95
    5
    Adding and Configuring DRAC 5 
    Users
    To manage your system with the DRAC 5 and maintain system security, create 
    unique users with specific administrative permissions (or role-based authority). 
    For additional security, you can also configure alerts that are e-mailed to 
    specific users when a specific system event occurs.
    To add and configure DRAC 5 users:
     NOTE: You must have Configure DRAC 5 permission to perform the following steps.
    1Expand the System tree and click Remote Access.
    2Click the Configuration tab and then click Users.
    The 
    Users page appears, which includes each user’s State, User Name, RAC 
    Privilege
    , IPMI LAN Privilege, IPMI Serial Privilege and Serial Over LAN.
    3In the User ID column, click a user ID number.
    4On the User Main Menu page, you can configure users, upload a user 
    certificate, view an existing user certificate, upload a trusted certification 
    authority (CA) certificate, or view a trusted CA certificate.
    If you select 
    Configure User and click Next, the User Configuration page 
    is displayed. See step 5 for more information.
    See Table 5-1 if you select the options under the 
    Smart Card 
    Configuration
     section.
    5In the User Configuration page, configure the user’s properties and privileges.
    Table 5-2 describes the General settings for configuring a new or existing 
    DRAC user name and password.
    Ta b l e 5 - 3 describes the IPMI User Privileges for configuring the user’s 
    LAN privileges. 
    						
    							96Adding and Configuring DRAC 5 Users
    Ta b l e 5 - 4 describes the User Group Permissions for the IPMI User 
    Privileges 
    and the DRAC User Privileges settings.
    Ta b l e 5 - 5 describes the DRAC Group permissions. If you add a DRAC 
    User Privilege to the Administrator, Power User, or Guest User, the 
    DRAC 
    Group 
    will change to the Custom group. 
    6When completed, click Apply Changes.
    7Click the appropriate User Configuration page button to continue. See 
    Table 5-6.
    Table 5-1. Options in the Smart Card Configuration section
    Option Description
    Upload User Certificate Enables you to upload the user certificate to DRAC and 
    import it to the user profile.
    View User Certificate Displays the user certificate page that has been 
    uploaded to the DRAC.
    Upload Trusted CA 
    CertificateEnables you to upload the trusted CA certificate to 
    DRAC and import it to the user profile.
    View Trusted CA 
    Certificate Displays the trusted CA certificate that has been 
    uploaded to the DRAC. The trusted CA certificate is 
    issued by the CA who is authorized to issue certificates 
    to users. 
    Table 5-2. General Properties 
    Property Description
    User IDSpecifies one of 16 preset User ID numbers. 
    If you are editing information for user root, this field is 
    static. You cannot edit the username for root.
    Enable UserEnables the user to access the DRAC 5. When 
    unchecked, the User Name cannot be changed.  
    						
    							Adding and Configuring DRAC 5 Users97
    User Name Specifies a DRAC 5 user name with up to 16 characters. 
    Each user must have a unique user name.
    NOTE: User names on the local DRAC 5 cannot include 
    the @ (at the rate) ,  (back slash) ,  (double quotes), / 
    (forward slash), or . (period) characters.
    NOTE: If the user name is changed, the new name will 
    not appear in the user interface until the next user login. 
    Change PasswordEnables the New Password and Confirm New Password 
    fields. When unchecked, the user’s Password cannot be 
    changed. 
    New PasswordSpecifies or edits the DRAC 5 users password.
    Confirm New Password Requires you to retype the DRAC 5 users password to 
    confirm.
    Table 5-3. IPMI User Privileges
    Property Description
    Maximum LAN User 
    Privilege GrantedSpecifies the user’s maximum privilege on the IPMI 
    LAN channel to one of the following user groups: 
    Administrator, Operator, User, or None.
    Maximum Serial Port 
    User Privilege GrantedSpecifies the user’s maximum privilege on the IPMI 
    Serial channel to one of the following: Administrator, 
    Operator, User, or None.
    Enable Serial Over LANAllows user to use IPMI Serial Over LAN. When 
    checked, this privilege is enabled. Table 5-2. General Properties  
    (continued)
    Property Description 
    						
    							98Adding and Configuring DRAC 5 Users
    Table 5-4. DRAC User Privileges
    Property Description
    DRAC GroupSpecifies the user’s maximum DRAC user privilege to 
    one of the following: Administrator, Po w e r  U s e r, Guest 
    User, None, or Custom.
    See Table 5-5 for DRAC Group permissions.
    Login to DRACEnables the user to log in to the DRAC.
    Configure DRACEnables the user to configure the DRAC.
    Configure UsersEnables the user to allow specific users to access the 
    system.
    Clear LogsEnables the user to clear the DRAC logs.
    Execute Server Control 
    CommandsEnables the user to execute racadm commands. 
    Access Console 
    RedirectionEnables the user to run Console Redirection.
    Access Virtual MediaEnables the user to run and use Virtual Media.
    Te s t  A l e r t sEnables the user to send test alerts (e-mail and PET) to 
    a specific user. 
    Execute Diagnostic 
    CommandsEnables the user to run diagnostic commands.
    Table 5-5. DRAC Group Permissions
    User Group Permissions Granted
    Administrator Login to DRAC, Configure DRAC, Configure Users, Clear 
    Logs, Execute Server Control Commands, Access Console 
    Redirection, Access Virtual Media, Te s t  A l e r t s, Execute 
    Diagnostic Commands.
    Power User Login to DRAC, Clear Logs, Execute Server Control 
    Commands, Access Console Redirection, Access Virtual 
    Media, Te s t  A l e r t s .
    Guest User Login to DRAC. 
    						
    							Adding and Configuring DRAC 5 Users99
    CustomSelects any combination of the following permissions: Login 
    to DRAC, Configure DRAC, Configure Users, Clear Logs, 
    Execute Server Action Commands, Access Console 
    Redirection, Access Virtual Media, Te s t  A l e r t s, Execute 
    Diagnostic Commands.
    NoneNo assigned permissions.
    Table 5-6. User Configuration Page Buttons
    Button Action
    PrintPrints the User Configuration page
    RefreshReloads the User Configuration page
    Go Back To Users 
    Pa g eReturns to the Users Page.
    Apply ChangesSaves the changes made to the network configuration.  Table 5-5. DRAC Group Permissions
    User Group Permissions Granted 
    						
    							100Adding and Configuring DRAC 5 Users
    Using the RACADM Utility to Configure 
    DRAC 5 Users
     NOTE: You must be logged in as user root to execute RACADM commands on a 
    remote Linux system. 
    The DRAC 5 Web-based interface is the quickest way to configure a DRAC 5. 
    If you prefer command-line or script configuration or need to configure 
    multiple DRAC 5s, use RACADM, which is installed with the DRAC 5 
    agents on the managed system.
    To configure multiple DRAC 5s with identical configuration settings, 
    perform one of the following procedures:
    • Use the RACADM examples in this section as a guide to create a batch file 
    of 
    racadm commands and then execute the batch file on each 
    managed system.
    • Create the DRAC 5 configuration file as described in RACADM 
    Subcommand Overview on page 295 and execute the 
    racadm config 
    subcommand on each managed system using the same configuration file.
    Before You Begin
    You can configure up to 16 users in the DRAC 5 property database. Before 
    you manually enable a DRAC 5 user, verify if any current users exist. If you 
    are configuring a new DRAC 5 or you ran the racadm racresetcfg command, 
    the only current user is root with the password calvin. The racresetcfg 
    subcommand resets the DRAC 5 to the original default values.
     CAUTION: Use caution when using the racresetcfg command, as all 
    configuration parameters are reset to their default values. Any previous changes 
    are lost.
     
    NOTE: Users can be enabled and disabled over time. As a result, a user may have a 
    different index number on each DRAC 5. 
    						
    All Dell manuals Comments (0)