Home > Dell > System > Dell Drac 5 User Guide

Dell Drac 5 User Guide

    Download as PDF Print this page Share this page

    Have a look at the manual Dell Drac 5 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 327 Dell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    Page
    of 418
    							Adding and Configuring DRAC 5 Users101
    To verify if a user exists, type the following command at the command prompt:
    racadm getconfig -u 
    OR
    type the following command once for each index of 1–16:
    racadm getconfig -g cfgUserAdmin -i 
     NOTE: You can also type racadm getconfig -f  and view 
    or edit the myfile.cfg file, which includes all DRAC 5 configuration parameters.
    Several parameters and object IDs are displayed with their current values. 
    Two objects of interest are:
    # cfgUserAdminIndex=XX
    cfgUserAdminUserName=
    If the cfgUserAdminUserName object has no value, that index number, 
    which is indicated by the cfgUserAdminIndex object, is available for use. 
    If a name appears after the =, that index is taken by that user name.
     NOTE: When you manually enable or disable a user with the racadm config 
    subcommand, you must specify the index with the -i option. Observe that the 
    cfgUserAdminIndex object displayed in the previous example contains a # 
    character. Also, if you use the racadm config -f racadm.cfg command to specify any 
    number of groups/objects to write, the index cannot be specified. A new user is 
    added to the first 
    available index. This behavior allows more flexibility in configuring 
    multiple DRAC 5s with the same settings. 
    Adding a DRAC 5 User
    To add a new user to the RAC configuration, a few basic commands can be 
    used. In general, perform the following procedures:
    1
    Set the user name.
    2Set the password.
    3Set the user privileges.
    4Enable the user. 
    						
    							102Adding and Configuring DRAC 5 Users
    Example
    The following example describes how to add a new user named John with a 
    123456 password and LOGIN privileges to the RAC.
    racadm config -g cfgUserAdmin -o cfgUserAdminUserName 
    -i 2 john
    racadm config -g cfgUserAdmin -o cfgUserAdminPassword 
    -i 2 123456
    racadm config -g cfgUserAdmin -i 2 -o cfgUserPrivilege 
    0x00000001
    racadm config -g cfgUserAdmin -i 2 -o 
    cfgUserAdminEnable 1
    To verify, use one of the following commands:
    racadm getconfig -u john
    racadm getconfig –g cfgUserAdmin –i 2
    Removing a DRAC 5 User
    When using RACADM, users must be disabled manually and on an 
    individual basis. Users cannot be deleted by using a configuration file.
    The following example illustrates the command syntax that can be used to 
    delete a RAC user:
    racadm config -g cfgUserAdmin -o cfgUserAdminUserName 
    -i  
    A null string of double quote characters () instructs the DRAC 5 to remove 
    the user configuration at the specified index and reset the user configuration 
    to the original factory defaults. 
    						
    							Adding and Configuring DRAC 5 Users103
    Testing e-mail Alerting
    The RAC e-mail alerting feature allows users to receive e-mail alerts when 
    a critical event occurs on the managed system. The following example shows 
    how to test the e-mail alerting feature to ensure that the RAC can properly 
    send out e-mail alerts across the network.
    racadm testemail -i 2
     NOTE: Ensure that the SMTP and Email Alert settings are configured before testing 
    the e-mail alerting feature. See Configuring E-Mail Alerts on page 263 for more 
    information.
    Testing the RAC SNMP Trap Alert Feature
    The RAC SNMP trap alerting feature allows SNMP trap listener configurations 
    to receive traps for system events that occur on the managed system. 
    The following example shows how a user can test the SNMP trap alert feature 
    of the RAC.
    racadm testtrap -i 2
    Before you test the RAC SNMP trap alerting feature, ensure that the SNMP 
    and trap settings are configured correctly. See testtrap on page 337 and 
    testemail on page 336 subcommand descriptions to configure these 
    settings. 
    Enabling a DRAC 5 User With Permissions
    To enable a user with specific administrative permissions (role-based 
    authority), first locate an available user index by performing the steps in 
    Before You Begin on page 100. Next, type the following command lines with 
    the new user name and password.
     NOTE: See Table B-2 for a list of valid bit mask values for specific user privileges. 
    The default privilege value is 0, which indicates the user has no privileges enabled.
    racadm config -g cfgUserAdmin -o 
    cfgUserAdminPrivilege -i   
    						
    							104Adding and Configuring DRAC 5 Users 
    						
    							Using the DRAC 5 With Microsoft Active Directory105
    6
    Using the DRAC 5 With Microsoft 
    Active Directory
    A directory service maintains a common database of all information needed 
    for controlling users, computers, printers, etc. on a network. If your company 
    already uses the Microsoft Active Directory service software, you can 
    configure the software to provide access to the DRAC 5, allowing you to add 
    and control DRAC 5 user privileges to your existing users in your Active 
    Directory software.
     NOTE: Using Active Directory to recognize DRAC 5 users is supported on the 
    Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008 
    operating systems.
    Prerequisites for Enabling Active Directory 
    Authentication for the DRAC 5
    To use the Active Directory authentication feature of the DRAC 5, you must 
    have already deployed an Active Directory infrastructure. The DRAC 5 Active 
    Directory authentication supports authentication across multiple trees in a 
    single forest. See Supported Active Directory Configuration on page 141 for 
    information on supported Active Directory configuration with respect to the 
    Domain Function level, Groups, Objects, and so on.
    See the Microsoft website for information on how to set up an Active 
    Directory infrastructure, if you dont already have one.
    DRAC 5 uses the standard Public Key Infrastructure (PKI) mechanism to 
    authenticate securely into the Active Directory hence, you would also require 
    an integrated PKI into the Active Directory infrastructure. 
    See the Microsoft website for more information on the PKI setup.
    To correctly authenticate to all the domain controllers you will also need to 
    enable the Secure Socket Layer (SSL) on all domain controllers. 
    See Enabling SSL on a Domain Controller on page 138 for more specific 
    information. 
    						
    							106Using the DRAC 5 With Microsoft Active Directory
    Supported Active Directory Authentication 
    Mechanisms
    You can use Active Directory to define user access on the DRAC 5 through 
    two methods: you can use a standard schema solution, which uses Active 
    Directory group objects only or you can use the extended schema solution, 
    which Dell has customized to add Dell-defined Active Directory objects. 
    For more information about these solutions, see the sections below.
    When using Active Directory to configure access to the DRAC 5, you must 
    choose either the extended schema or the standard schema solution.
    The advantages of using the standard schema solution are:
    • No schema extension is required because standard schema uses Active 
    Directory objects only. 
    • Configuration on Active Directory side is simple.
    The advantages of using the extended schema solution are:
    • All of the access control objects are maintained in Active Directory. 
    • Maximum flexibility in configuring user access on different DRAC 5 cards 
    with different privilege levels.
    Standard Schema Active Directory Overview
    As shown in Figure 6-1, using standard schema for Active Directory 
    integration requires configuration on both Active Directory and the DRAC 5. 
    On the Active Directory side, a standard group object is used as a role group. 
    A user who has DRAC 5 access will be a member of the role group. In order to 
    give this user access to a specific DRAC 5 card, the role group name and its 
    domain name need to be configured on the specific DRAC 5 card. Unlike the 
    extended schema solution, the role and the privilege level is defined on each 
    DRAC 5 card, not in the Active Directory. Up to five role groups can be 
    configured and defined in each DRAC 5. Table 6-12 shows the privileges level 
    of the role groups and Table 6-1shows the default role group settings. 
    						
    							Using the DRAC 5 With Microsoft Active Directory107
    Figure 6-1. Configuration of DRAC 5 with Microsoft Active Directory and 
    Standard Schema
    Table 6-1. Default Role Group Privileges
    Role 
    GroupsDefault 
    Privilege LevelPermissions Granted Bit Mask
    Role 
    Group 1Administrator Login to DRAC, Configure 
    DRAC, Configure Users, 
    Clear Logs, Execute Server 
    Control Commands, Access 
    Console Redirection, Access 
    Vi r t u a l  M e d i a, Te s t  A l e r t s, 
    Execute Diagnostic 
    Commands0x000001ff
    Role 
    Group 2Po w e r  U s e r L o g i n  t o  D RAC, Clear Logs, 
    Execute Server Control 
    Commands, Access Console 
    Redirection, Access Virtual 
    Media, Te s t  A l e r t s0x000000f9
    Role
    GroupRole
    Group Name 
    and Domain 
    NameRole
    Definition
    User Configuration on Active 
    Directory SideConfiguration on 
    DRAC 5 Side 
    						
    							108Using the DRAC 5 With Microsoft Active Directory
     NOTE: The Bit Mask values are used only when setting Standard Schema with the 
    RACADM.
    There are two ways to enable Standard Schema Active Directory:
    • With the DRAC 5 web-based user interface. See Configuring the DRAC 
    5 With Standard Schema Active Directory and Web-Based Interface on 
    page 109.
    • With the RACADM CLI tool. See Configuring the DRAC 5 With 
    Standard Schema Active Directory and RACADM on page 111.
    Configuring Standard Schema Active Directory to Access Your DRAC 5
    You need to perform the following steps to configure the Active Directory 
    before an Active Directory user can access the DRAC 5:
    1
    On an Active Directory server (domain controller), open the Active 
    Directory Users and Computers Snap-in. 
    2Create a group or select an existing group. The name of the group and the 
    name of this domain will need to be configured on the DRAC 5 either with 
    the web-based interface or RACADM (see Configuring the DRAC 5 
    With Standard Schema Active Directory and Web-Based Interface on 
    page 109 or Configuring the DRAC 5 With Standard Schema Active 
    Directory and RACADM on page 111).
    3Add the Active Directory user as a member of the Active Directory group 
    to access the DRAC 5.
    Role 
    Group 3Guest User Login to DRAC0x00000001
    Role 
    Group 4NoneNo assigned permissions 0x00000000
    Role 
    Group 5NoneNo assigned permissions 0x00000000 Table 6-1. Default Role Group Privileges 
    (continued)
    Role 
    GroupsDefault 
    Privilege LevelPermissions Granted Bit Mask 
    						
    							Using the DRAC 5 With Microsoft Active Directory109
    Configuring the DRAC 5 With Standard Schema Active Directory and
    Web-Based Interface
    1Open a supported Web browser window.
    2Log in to the DRAC 5 Web-based interface.
    3Expand the System tree and click Remote Access.
    4Click the Configuration tab and select Active Directory. 
    5On the Active Directory Main Menu page, select Configure Active 
    Directory
     and click Next.
    6In the Common Settings section: 
    aSelect the Enable Active Directory check box.
    bTy p e  t h e  Root Domain Name. The Root Domain Name is the fully 
    qualified root domain name for the forest.
    cTy p e  t h e  Timeout time in seconds.
    7Click Use Standard Schema in the Active Directory Schema Selection 
    section.
    8Click Apply to save the Active Directory settings.
    9In the Role Groups column of the Standard Schema settings section, 
    click a 
    Role Group.
    The 
    Configure Role Group page appears, which includes a role group’s 
    Group Name, Group Domain, and Role Group Privileges.
    10Ty p e  t h e  Group Name. The group name identifies the role group in the 
    Active Directory associated with the DRAC 5 card.
    11Ty p e  t h e  Group Domain. The Group Domain is the fully qualified root 
    domain name for the forest.
    12In the Role Group Privileges page, set the group privileges.
    Table 6-12 describes the 
    Role Group Privileges.
    Table 6-13 describes the 
    Role Group Permissions. If you modify any of the 
    permissions, the existing 
    Role Group Privilege (Administrator, Power 
    User, or Guest User) will change to either the Custom group or the 
    appropriate Role Group Privilege based on the permissions modified.
    13Click Apply to save the Role Group settings. 
    						
    							110Using the DRAC 5 With Microsoft Active Directory
    14Click Go Back To Active Directory Configuration and Management.
    15Click Go Back To Active Directory Main Menu.
    16Upload your domain forest Root CA certificate into the DRAC 5.
    aSelect the Upload Active Directory CA Certificate check-box and 
    then click 
    Next.
    bIn the Certificate Upload page, type the file path of the certificate or 
    browse to the certificate file.
     NOTE: The File Path value displays the relative file path of the certificate you 
    are uploading. You must type the absolute file path, which includes the full 
    path and the complete file name and file extension.
    The domain controllers SSL certificates should have been signed by 
    the root CA. Ensure that the root CA certificate is available on your 
    management station that is accessing the DRAC 5 (see Exporting the 
    Domain Controller Root CA Certificate to the DRAC 5 on 
    page 138).
    cClick Apply.
    The DRAC 5 Web server automatically restarts after you click 
    Apply. 
    17Log out and then log in to the DRAC 5 to complete the DRAC 5 Active 
    Directory feature configuration.
    18In the System tree, click Remote Access.
    19Click the Configuration tab and then click Network.
    The 
    Network Configuration page appears.
    20If Use DHCP (for NIC IP Address) is selected under Network Settings, 
    select 
    Use DHCP to obtain DNS server address. 
    To manually input a DNS server IP address, deselect 
    Use DHCP to obtain 
    DNS server addresses
     and type your primary and alternate DNS server IP 
    addresses.
    21Click Apply Changes.
    The DRAC 5 Standard Schema Active Directory feature configuration is 
    complete. 
    						
    All Dell manuals Comments (0)