Dell Drac 5 User Guide
Have a look at the manual Dell Drac 5 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 327 Dell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Advanced Configuration of the DRAC 591 racadm config -g cfgLanNetworking -o cfgDNSRacName RAC-EK00002 racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN NOTE: If cfgNicEnable is set to 0, the DRAC 5 LAN is disabled even if DHCP is enabled. DRAC Modes The DRAC 5 can be configured in one of three modes: •Dedicated •Shared • Shared with failover Table 4-21 provides a description of each mode. Table 4-21. DRAC 5 NIC Configurations Mode Description Dedicated The DRAC uses its own NIC (RJ-45 connector) and the BMC MAC address for network traffic. Shared The DRAC uses Broadcom LOM1 on the planar. Shared with failoverThe DRAC uses Broadcom LOM1 and LOM2 as a team for failover. The team uses the BMC MAC address.
92Advanced Configuration of the DRAC 5 Frequently Asked Questions When accessing the DRAC 5 Web-based interface, I get a security warning stating the hostname of the SSL certificate does not match the hostname of the DRAC 5. The DRAC 5 includes a default DRAC 5 server certificate to ensure network security for the Web-based interface and remote racadm features. When this certificate is used, the Web browser displays a security warning because the default certificate is issued to DRAC 5 default certificate which does not match the host name of the DRAC 5 (for example, the IP address). To address this security concern, upload a DRAC 5 server certificate issued to the IP address of the DRAC 5. When generating the certificate signing request (CSR) to be used for issuing the certificate, ensure that the common name (CN) of the CSR matches the IP address of the DRAC 5 (for example, 192.168.0.120) or the registered DNS DRAC name. To ensure that the CSR matches the registered DNS DRAC name: 1 In the System tree, click Remote Access. 2Click the Configuration tab and then click Network. 3In the Network Settings page: aSelect the Register DRAC on DNS check box. bIn the DNS DRAC Name field, enter the DRAC name. 4Click Apply Changes. See Securing DRAC 5 Communications Using SSL and Digital Certificates on page 215 for more information about generating CSRs and issuing certificates. Why are the remote racadm and Web-based services unavailable after a property change? It may take a while for the remote RACADM services and the Web-based interface to become available after the DRAC 5 Web server resets. The DRAC 5 Web server is reset after the following occurrences: • When the network configuration or network security properties are changed using the DRAC 5 Web user interface •When the cfgRacTuneHttpsPort property is changed (including when a config -f changes it)
Advanced Configuration of the DRAC 593 •When racresetcfg is used • When the DRAC 5 is reset • When a new SSL server certificate is uploaded Why doesn’t my DNS server register my DRAC 5? Some DNS servers only register names of 31 characters or fewer. When accessing the DRAC 5 Web-based interface, I get a security warning stating the SSL certificate was issued by a certificate authority (CA) that is not trusted. DRAC 5 includes a default DRAC 5 server certificate to ensure network security for the Web-based interface and remote racadm features. This certificate was not issued by a trusted CA. To address this security concern, upload a DRAC 5 server certificate issued by a trusted CA (for example, Thawte or Verisign). See Securing DRAC 5 Communications Using SSL and Digital Certificates on page 215 for more information about issuing certificates.
Adding and Configuring DRAC 5 Users95 5 Adding and Configuring DRAC 5 Users To manage your system with the DRAC 5 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. To add and configure DRAC 5 users: NOTE: You must have Configure DRAC 5 permission to perform the following steps. 1Expand the System tree and click Remote Access. 2Click the Configuration tab and then click Users. The Users page appears, which includes each user’s State, User Name, RAC Privilege , IPMI LAN Privilege, IPMI Serial Privilege and Serial Over LAN. 3In the User ID column, click a user ID number. 4On the User Main Menu page, you can configure users, upload a user certificate, view an existing user certificate, upload a trusted certification authority (CA) certificate, or view a trusted CA certificate. If you select Configure User and click Next, the User Configuration page is displayed. See step 5 for more information. See Table 5-1 if you select the options under the Smart Card Configuration section. 5In the User Configuration page, configure the user’s properties and privileges. Table 5-2 describes the General settings for configuring a new or existing DRAC user name and password. Ta b l e 5 - 3 describes the IPMI User Privileges for configuring the user’s LAN privileges.
96Adding and Configuring DRAC 5 Users Ta b l e 5 - 4 describes the User Group Permissions for the IPMI User Privileges and the DRAC User Privileges settings. Ta b l e 5 - 5 describes the DRAC Group permissions. If you add a DRAC User Privilege to the Administrator, Power User, or Guest User, the DRAC Group will change to the Custom group. 6When completed, click Apply Changes. 7Click the appropriate User Configuration page button to continue. See Table 5-6. Table 5-1. Options in the Smart Card Configuration section Option Description Upload User Certificate Enables you to upload the user certificate to DRAC and import it to the user profile. View User Certificate Displays the user certificate page that has been uploaded to the DRAC. Upload Trusted CA CertificateEnables you to upload the trusted CA certificate to DRAC and import it to the user profile. View Trusted CA Certificate Displays the trusted CA certificate that has been uploaded to the DRAC. The trusted CA certificate is issued by the CA who is authorized to issue certificates to users. Table 5-2. General Properties Property Description User IDSpecifies one of 16 preset User ID numbers. If you are editing information for user root, this field is static. You cannot edit the username for root. Enable UserEnables the user to access the DRAC 5. When unchecked, the User Name cannot be changed.
Adding and Configuring DRAC 5 Users97 User Name Specifies a DRAC 5 user name with up to 16 characters. Each user must have a unique user name. NOTE: User names on the local DRAC 5 cannot include the @ (at the rate) , (back slash) , (double quotes), / (forward slash), or . (period) characters. NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login. Change PasswordEnables the New Password and Confirm New Password fields. When unchecked, the user’s Password cannot be changed. New PasswordSpecifies or edits the DRAC 5 users password. Confirm New Password Requires you to retype the DRAC 5 users password to confirm. Table 5-3. IPMI User Privileges Property Description Maximum LAN User Privilege GrantedSpecifies the user’s maximum privilege on the IPMI LAN channel to one of the following user groups: Administrator, Operator, User, or None. Maximum Serial Port User Privilege GrantedSpecifies the user’s maximum privilege on the IPMI Serial channel to one of the following: Administrator, Operator, User, or None. Enable Serial Over LANAllows user to use IPMI Serial Over LAN. When checked, this privilege is enabled. Table 5-2. General Properties (continued) Property Description
98Adding and Configuring DRAC 5 Users Table 5-4. DRAC User Privileges Property Description DRAC GroupSpecifies the user’s maximum DRAC user privilege to one of the following: Administrator, Po w e r U s e r, Guest User, None, or Custom. See Table 5-5 for DRAC Group permissions. Login to DRACEnables the user to log in to the DRAC. Configure DRACEnables the user to configure the DRAC. Configure UsersEnables the user to allow specific users to access the system. Clear LogsEnables the user to clear the DRAC logs. Execute Server Control CommandsEnables the user to execute racadm commands. Access Console RedirectionEnables the user to run Console Redirection. Access Virtual MediaEnables the user to run and use Virtual Media. Te s t A l e r t sEnables the user to send test alerts (e-mail and PET) to a specific user. Execute Diagnostic CommandsEnables the user to run diagnostic commands. Table 5-5. DRAC Group Permissions User Group Permissions Granted Administrator Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Te s t A l e r t s, Execute Diagnostic Commands. Power User Login to DRAC, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Te s t A l e r t s . Guest User Login to DRAC.
Adding and Configuring DRAC 5 Users99 CustomSelects any combination of the following permissions: Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Te s t A l e r t s, Execute Diagnostic Commands. NoneNo assigned permissions. Table 5-6. User Configuration Page Buttons Button Action PrintPrints the User Configuration page RefreshReloads the User Configuration page Go Back To Users Pa g eReturns to the Users Page. Apply ChangesSaves the changes made to the network configuration. Table 5-5. DRAC Group Permissions User Group Permissions Granted
100Adding and Configuring DRAC 5 Users Using the RACADM Utility to Configure DRAC 5 Users NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. The DRAC 5 Web-based interface is the quickest way to configure a DRAC 5. If you prefer command-line or script configuration or need to configure multiple DRAC 5s, use RACADM, which is installed with the DRAC 5 agents on the managed system. To configure multiple DRAC 5s with identical configuration settings, perform one of the following procedures: • Use the RACADM examples in this section as a guide to create a batch file of racadm commands and then execute the batch file on each managed system. • Create the DRAC 5 configuration file as described in RACADM Subcommand Overview on page 295 and execute the racadm config subcommand on each managed system using the same configuration file. Before You Begin You can configure up to 16 users in the DRAC 5 property database. Before you manually enable a DRAC 5 user, verify if any current users exist. If you are configuring a new DRAC 5 or you ran the racadm racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the DRAC 5 to the original default values. CAUTION: Use caution when using the racresetcfg command, as all configuration parameters are reset to their default values. Any previous changes are lost. NOTE: Users can be enabled and disabled over time. As a result, a user may have a different index number on each DRAC 5.