Dell Drac 5 User Guide
Have a look at the manual Dell Drac 5 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 327 Dell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Adding and Configuring DRAC 5 Users101 To verify if a user exists, type the following command at the command prompt: racadm getconfig -u OR type the following command once for each index of 1–16: racadm getconfig -g cfgUserAdmin -i NOTE: You can also type racadm getconfig -f and view or edit the myfile.cfg file, which includes all DRAC 5 configuration parameters. Several parameters and object IDs are displayed with their current values. Two objects of interest are: # cfgUserAdminIndex=XX cfgUserAdminUserName= If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use. If a name appears after the =, that index is taken by that user name. NOTE: When you manually enable or disable a user with the racadm config subcommand, you must specify the index with the -i option. Observe that the cfgUserAdminIndex object displayed in the previous example contains a # character. Also, if you use the racadm config -f racadm.cfg command to specify any number of groups/objects to write, the index cannot be specified. A new user is added to the first available index. This behavior allows more flexibility in configuring multiple DRAC 5s with the same settings. Adding a DRAC 5 User To add a new user to the RAC configuration, a few basic commands can be used. In general, perform the following procedures: 1 Set the user name. 2Set the password. 3Set the user privileges. 4Enable the user.
102Adding and Configuring DRAC 5 Users Example The following example describes how to add a new user named John with a 123456 password and LOGIN privileges to the RAC. racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i 2 john racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 123456 racadm config -g cfgUserAdmin -i 2 -o cfgUserPrivilege 0x00000001 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminEnable 1 To verify, use one of the following commands: racadm getconfig -u john racadm getconfig –g cfgUserAdmin –i 2 Removing a DRAC 5 User When using RACADM, users must be disabled manually and on an individual basis. Users cannot be deleted by using a configuration file. The following example illustrates the command syntax that can be used to delete a RAC user: racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i A null string of double quote characters () instructs the DRAC 5 to remove the user configuration at the specified index and reset the user configuration to the original factory defaults.
Adding and Configuring DRAC 5 Users103 Testing e-mail Alerting The RAC e-mail alerting feature allows users to receive e-mail alerts when a critical event occurs on the managed system. The following example shows how to test the e-mail alerting feature to ensure that the RAC can properly send out e-mail alerts across the network. racadm testemail -i 2 NOTE: Ensure that the SMTP and Email Alert settings are configured before testing the e-mail alerting feature. See Configuring E-Mail Alerts on page 263 for more information. Testing the RAC SNMP Trap Alert Feature The RAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed system. The following example shows how a user can test the SNMP trap alert feature of the RAC. racadm testtrap -i 2 Before you test the RAC SNMP trap alerting feature, ensure that the SNMP and trap settings are configured correctly. See testtrap on page 337 and testemail on page 336 subcommand descriptions to configure these settings. Enabling a DRAC 5 User With Permissions To enable a user with specific administrative permissions (role-based authority), first locate an available user index by performing the steps in Before You Begin on page 100. Next, type the following command lines with the new user name and password. NOTE: See Table B-2 for a list of valid bit mask values for specific user privileges. The default privilege value is 0, which indicates the user has no privileges enabled. racadm config -g cfgUserAdmin -o cfgUserAdminPrivilege -i
Using the DRAC 5 With Microsoft Active Directory105 6 Using the DRAC 5 With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, etc. on a network. If your company already uses the Microsoft Active Directory service software, you can configure the software to provide access to the DRAC 5, allowing you to add and control DRAC 5 user privileges to your existing users in your Active Directory software. NOTE: Using Active Directory to recognize DRAC 5 users is supported on the Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008 operating systems. Prerequisites for Enabling Active Directory Authentication for the DRAC 5 To use the Active Directory authentication feature of the DRAC 5, you must have already deployed an Active Directory infrastructure. The DRAC 5 Active Directory authentication supports authentication across multiple trees in a single forest. See Supported Active Directory Configuration on page 141 for information on supported Active Directory configuration with respect to the Domain Function level, Groups, Objects, and so on. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you dont already have one. DRAC 5 uses the standard Public Key Infrastructure (PKI) mechanism to authenticate securely into the Active Directory hence, you would also require an integrated PKI into the Active Directory infrastructure. See the Microsoft website for more information on the PKI setup. To correctly authenticate to all the domain controllers you will also need to enable the Secure Socket Layer (SSL) on all domain controllers. See Enabling SSL on a Domain Controller on page 138 for more specific information.
106Using the DRAC 5 With Microsoft Active Directory Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on the DRAC 5 through two methods: you can use a standard schema solution, which uses Active Directory group objects only or you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. For more information about these solutions, see the sections below. When using Active Directory to configure access to the DRAC 5, you must choose either the extended schema or the standard schema solution. The advantages of using the standard schema solution are: • No schema extension is required because standard schema uses Active Directory objects only. • Configuration on Active Directory side is simple. The advantages of using the extended schema solution are: • All of the access control objects are maintained in Active Directory. • Maximum flexibility in configuring user access on different DRAC 5 cards with different privilege levels. Standard Schema Active Directory Overview As shown in Figure 6-1, using standard schema for Active Directory integration requires configuration on both Active Directory and the DRAC 5. On the Active Directory side, a standard group object is used as a role group. A user who has DRAC 5 access will be a member of the role group. In order to give this user access to a specific DRAC 5 card, the role group name and its domain name need to be configured on the specific DRAC 5 card. Unlike the extended schema solution, the role and the privilege level is defined on each DRAC 5 card, not in the Active Directory. Up to five role groups can be configured and defined in each DRAC 5. Table 6-12 shows the privileges level of the role groups and Table 6-1shows the default role group settings.
Using the DRAC 5 With Microsoft Active Directory107 Figure 6-1. Configuration of DRAC 5 with Microsoft Active Directory and Standard Schema Table 6-1. Default Role Group Privileges Role GroupsDefault Privilege LevelPermissions Granted Bit Mask Role Group 1Administrator Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Vi r t u a l M e d i a, Te s t A l e r t s, Execute Diagnostic Commands0x000001ff Role Group 2Po w e r U s e r L o g i n t o D RAC, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Te s t A l e r t s0x000000f9 Role GroupRole Group Name and Domain NameRole Definition User Configuration on Active Directory SideConfiguration on DRAC 5 Side
108Using the DRAC 5 With Microsoft Active Directory NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM. There are two ways to enable Standard Schema Active Directory: • With the DRAC 5 web-based user interface. See Configuring the DRAC 5 With Standard Schema Active Directory and Web-Based Interface on page 109. • With the RACADM CLI tool. See Configuring the DRAC 5 With Standard Schema Active Directory and RACADM on page 111. Configuring Standard Schema Active Directory to Access Your DRAC 5 You need to perform the following steps to configure the Active Directory before an Active Directory user can access the DRAC 5: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2Create a group or select an existing group. The name of the group and the name of this domain will need to be configured on the DRAC 5 either with the web-based interface or RACADM (see Configuring the DRAC 5 With Standard Schema Active Directory and Web-Based Interface on page 109 or Configuring the DRAC 5 With Standard Schema Active Directory and RACADM on page 111). 3Add the Active Directory user as a member of the Active Directory group to access the DRAC 5. Role Group 3Guest User Login to DRAC0x00000001 Role Group 4NoneNo assigned permissions 0x00000000 Role Group 5NoneNo assigned permissions 0x00000000 Table 6-1. Default Role Group Privileges (continued) Role GroupsDefault Privilege LevelPermissions Granted Bit Mask
Using the DRAC 5 With Microsoft Active Directory109 Configuring the DRAC 5 With Standard Schema Active Directory and Web-Based Interface 1Open a supported Web browser window. 2Log in to the DRAC 5 Web-based interface. 3Expand the System tree and click Remote Access. 4Click the Configuration tab and select Active Directory. 5On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6In the Common Settings section: aSelect the Enable Active Directory check box. bTy p e t h e Root Domain Name. The Root Domain Name is the fully qualified root domain name for the forest. cTy p e t h e Timeout time in seconds. 7Click Use Standard Schema in the Active Directory Schema Selection section. 8Click Apply to save the Active Directory settings. 9In the Role Groups column of the Standard Schema settings section, click a Role Group. The Configure Role Group page appears, which includes a role group’s Group Name, Group Domain, and Role Group Privileges. 10Ty p e t h e Group Name. The group name identifies the role group in the Active Directory associated with the DRAC 5 card. 11Ty p e t h e Group Domain. The Group Domain is the fully qualified root domain name for the forest. 12In the Role Group Privileges page, set the group privileges. Table 6-12 describes the Role Group Privileges. Table 6-13 describes the Role Group Permissions. If you modify any of the permissions, the existing Role Group Privilege (Administrator, Power User, or Guest User) will change to either the Custom group or the appropriate Role Group Privilege based on the permissions modified. 13Click Apply to save the Role Group settings.
110Using the DRAC 5 With Microsoft Active Directory 14Click Go Back To Active Directory Configuration and Management. 15Click Go Back To Active Directory Main Menu. 16Upload your domain forest Root CA certificate into the DRAC 5. aSelect the Upload Active Directory CA Certificate check-box and then click Next. bIn the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The domain controllers SSL certificates should have been signed by the root CA. Ensure that the root CA certificate is available on your management station that is accessing the DRAC 5 (see Exporting the Domain Controller Root CA Certificate to the DRAC 5 on page 138). cClick Apply. The DRAC 5 Web server automatically restarts after you click Apply. 17Log out and then log in to the DRAC 5 to complete the DRAC 5 Active Directory feature configuration. 18In the System tree, click Remote Access. 19Click the Configuration tab and then click Network. The Network Configuration page appears. 20If Use DHCP (for NIC IP Address) is selected under Network Settings, select Use DHCP to obtain DNS server address. To manually input a DNS server IP address, deselect Use DHCP to obtain DNS server addresses and type your primary and alternate DNS server IP addresses. 21Click Apply Changes. The DRAC 5 Standard Schema Active Directory feature configuration is complete.