Home > Dell > System > Dell Drac 5 User Guide

Dell Drac 5 User Guide

Download as PDF Print this page Share this page

Have a look at the manual Dell Drac 5 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 327 Dell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

$Page 118 118Using the DRAC 5 With Microsoft Active Directory You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: •DVD drive:\support\OMActiveDirectory Tools\RAC4-5\LDIF_Files •DVD...$

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

View all the pages

Add page 121 to Favourites

image text

Enable zoom

							Using the DRAC 5 With Microsoft Active Directory121
Table 6-8. List of Attributes Added to the Active Directory Schema
Attribute Name/Description Assigned OID/Syntax Object Identifier Single 
Valued
dellPrivilegeMember
List of dellPrivilege Objects 
that belong to this Attribute.1.2.840.113556.1.8000.1280.1.1.2.1
Distinguished Name (LDAPTYPE_DN 
1.3.6.1.4.1.1466.115.121.1.12)FA L S E
dellProductMembers
List of dellRacDevices Objects 
that belong to this role. This 
attribute is the forward link to 
the dellAssociationMembers 
backward link.
Link ID: 120701.2.840.113556.1.8000.1280.1.1.2.2
Distinguished Name (LDAPTYPE_DN 
1.3.6.1.4.1.1466.115.121.1.12)FA L S E
dellIsLoginUser
TRUE if the user has Login 
rights on the device.1.2.840.113556.1.8000.1280.1.1.2.3
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE
dellIsCardConfigAdmin
TRUE if the user has Card 
Configuration rights on the 
device.1.2.840.113556.1.8000.1280.1.1.2.4
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE
dellIsUserConfigAdmin
TRUE if the user has User 
Configuration rights on the 
device.1.2.840.113556.1.8000.1280.1.1.2.5
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE
delIsLogClearAdmin
TRUE if the user has Log 
Clearing rights on the device.1.2.840.113556.1.8000.1280.1.1.2.6
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE
dellIsServerResetUser
TRUE if the user has Server 
Reset rights on the device.1.2.840.113556.1.8000.1280.1.1.2.7
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE
dellIsConsoleRedirectUser
TRUE if the user has Console 
Redirection rights on the 
device.1.2.840.113556.1.8000.1280.1.1.2.8
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE

Add page 122 to Favourites

image text

Enable zoom

							122Using the DRAC 5 With Microsoft Active Directory
dellIsVirtualMediaUser
TRUE if the user has Virtual 
Media rights on the device.1.2.840.113556.1.8000.1280.1.1.2.9
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE
dellIsTestAlertUser
TRUE if the user has Test 
Alert User rights on the 
device.1.2.840.113556.1.8000.1280.1.1.2.10
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE
dellIsDebugCommandAdmin
TRUE if the user has Debug 
Command Admin rights on 
the device.1.2.840.113556.1.8000.1280.1.1.2.11
Boolean (LDAPTYPE_BOOLEAN 
1.3.6.1.4.1.1466.115.121.1.7)TRUE
dellSchemaVersion
The Current Schema Version 
is used to update the schema.1.2.840.113556.1.8000.1280.1.1.2.12
Case Ignore String
(LDAPTYPE_CASEIGNORESTRING
1.2.840.113556.1.4.905)TRUE
dellRacType
This attribute is the Current 
Rac Type for the 
dellRacDevice object and the 
backward link to the 
dellAssociationObjectMembe
rs forward link.1.2.840.113556.1.8000.1280.1.1.2.13
Case Ignore String
(LDAPTYPE_CASEIGNORESTRING
1.2.840.113556.1.4.905)TRUE
dellAssociationMembers
List of 
dellAssociationObjectMembe
rs that belong to this Product. 
This attribute is the backward 
link to the 
dellProductMembers Linked 
attribute.
Link ID: 120711.2.840.113556.1.8000.1280.1.1.2.14
Distinguished Name (LDAPTYPE_DN 
1.3.6.1.4.1.1466.115.121.1.12)FA L S E Table 6-8. List of Attributes Added to the Active Directory Schema 
(continued)
Attribute Name/Description Assigned OID/Syntax Object Identifier Single 
Valued

Add page 123 to Favourites

image text

Enable zoom

							Using the DRAC 5 With Microsoft Active Directory123
Installing the Dell Extension to the Active Directory Users and 
Computers Snap-In
When you extend the schema in Active Directory, you must also extend the 
Active Directory Users and Computers snap-in so the administrator can 
manage RAC (DRAC 5) devices, Users and User Groups, RAC Associations, 
and RAC Privileges.
When you install your systems management software using the Dell Systems 
Management Tools and Documentation DVD, you can extend the snap-in by 
selecting the Dell Extension to the Active Directory User’s and Computers 
Snap-In option during the installation procedure. See the Dell OpenManage 
Software Quick Installation Guide for additional instructions about installing 
systems management software.
For more information about the Active Directory User’s and Computers 
snap-in, see your Microsoft documentation. 
Installing the Administrator Pack
You must install the Administrator Pack on each system that is managing the 
Active Directory DRAC 5 Objects. If you do not install the Administrator 
Pack, you cannot view the Dell RAC Object in the container.
See Opening the Active Directory Users and Computers Snap-In on 
page 123 for more information. 
Opening the Active Directory Users and Computers Snap-In
To open the Active Directory Users and Computers snap-in:
1
If you are logged into the domain controller, click Start Admin Tools 
Active Directory Users and Computers
. 
If you are not logged into the domain controller, you must have the 
appropriate Microsoft Administrator Pack installed on your local system. 
To install this Administrator Pack, click 
Start Run, type MMC, and 
press
Enter.
The Microsoft Management Console (MMC) appears. 
2In the Console 1 window, click File (or Console on systems running 
Windows 2000).
3Click Add/Remove Snap-in.

Add page 124 to Favourites

image text

Enable zoom

							124Using the DRAC 5 With Microsoft Active Directory
4Select the Active Directory Users and Computers snap-in and click Add.
5Click Close and click OK.
Adding DRAC 5 Users and Privileges to Active Directory
Using the Dell-extended Active Directory Users and Computers snap-in, you 
can add DRAC 5 users and privileges by creating RAC, Association, and 
Privilege objects. To add each object type, perform the following procedures:
•Create a RAC device Object
• Create a Privilege Object
• Create an Association Object
• Add objects to an Association Object
Creating a RAC Device Object
1In the MMC Console Root window, right-click a container.
2Select New Dell RAC Object.
The 
New Object window appears.
3Type a name for the new object. The name must be identical to the 
DRAC 5 Name that you will type in step a of Configuring the DRAC 5 
With Extended Schema Active Directory and Web-Based Interface on 
page 126.
4Select RAC Device Object.
5Click OK.
Creating a Privilege Object
 NOTE: A Privilege Object must be created in the same domain as the related 
Association Object.
1In the Console Root (MMC) window, right-click a container.
2Select New Dell RAC Object.
The 
New Object window appears.
3Type a name for the new object.
4Select Privilege Object.
5Click OK.

Add page 125 to Favourites

image text

Enable zoom

							Using the DRAC 5 With Microsoft Active Directory125
6Right-click the privilege object that you created, and select Properties.
7Click the RAC Privileges tab and select the privileges that you want the 
user to have (for more information, see Table 5-4).
Creating an Association Object
The Association Object is derived from a Group and must contain a Group 
Type. The Association Scope specifies the Security Group Type for the 
Association Object. When you create an Association Object, choose the 
Association Scope that applies to the type of objects you intend to add. 
For example, if you select Universal, the association objects are only available 
when the Active Directory Domain is functioning in Native Mode or above. 
1
In the Console Root (MMC) window, right-click a container.
2Select New Dell RAC Object.
This opens the 
New Object window.
3Type a name for the new object.
4Select Association Object.
5Select the scope for the Association Object.
6Click OK.
Adding Objects to an Association Object
Using the Association Object Properties window, you can associate users or 
user groups, privilege objects, and RAC devices or RAC device groups. If your 
system is running Windows 2000 mode or higher, use Universal Groups to 
span domains with your user or RAC objects. 
You can add groups of Users and RAC devices. The procedure for creating 
Dell-related groups and non-Dell-related groups is identical.
Adding Users or User Groups
1Right-click the Association Object and select Properties.
2Select the Users tab and click Add.
3Type the user or User Group name and click OK.

Add page 126 to Favourites

image text

Enable zoom

							126Using the DRAC 5 With Microsoft Active Directory
Click the Privilege Object tab to add the privilege object to the association 
that defines the user’s or user group’s privileges when authenticating to a 
RAC device. Only one privilege object can be added to an Association Object. 
Adding Privileges
1Select the Privileges Object tab and click Add.
2Type the Privilege Object name and click OK.
Click the Products tab to add one or more RAC devices to the association. 
The associated devices specify the RAC devices connected to the network 
that are available for the defined users or user groups. Multiple RAC devices 
can be added to an Association Object.
Adding RAC Devices or RAC Device Groups
To add RAC devices or RAC device groups:
1
Select the Products tab and click Add.
2Type the RAC device or RAC device group name and click OK.
3In the Properties window, click Apply and click OK.
Configuring the DRAC 5 With Extended Schema Active Directory and
Web-Based Interface
1Open a supported Web browser window.
2Log in to the DRAC 5 Web-based interface.
3Expand the System tree and click Remote Access.
4Click the Configuration tab and select Active Directory. 
5On the Active Directory Main Menu page, select Configure Active 
Directory
 and click Next.
6In the Common Settings section: 
aSelect the Enable Active Directory check box.
bTy p e  t h e  Root Domain Name. The Root Domain Name is the 
fully qualified root domain name for the forest.
cTy p e  t h e  Timeout time in seconds.
7Click Use Extended Schema in the Active Directory Schema Selection 
section.

Add page 127 to Favourites

image text

Enable zoom

							Using the DRAC 5 With Microsoft Active Directory127
8In the Extended Schema Settings section:
aTy p e  t h e  DRAC Name. This name must be the same as the common 
name of the new RAC object you created in your Domain Controller 
(see step 3 of Creating a RAC Device Object on page 124).
bTy p e  t h e  DRAC Domain Name (for example, drac5.com). Do not 
use the NetBIOS name. The 
DRAC Domain Name is the fully 
qualified domain name of the sub-domain where the RAC Device 
Object is located.
9Click Apply to save the Active Directory settings.
10Click Go Back To Active Directory Main Menu.
11Upload your domain forest Root CA certificate into the DRAC 5.
aSelect the Upload Active Directory CA Certificate check-box and 
then click 
Next.
bIn the Certificate Upload page, type the file path of the certificate or 
browse to the certificate file.
 NOTE: The File Path value displays the relative file path of the certificate you 
are uploading. You must type the absolute file path, which includes the full 
path and the complete file name and file extension.
The domain controllers SSL certificates should have been signed by 
the root CA. Have the root CA certificate available on your 
management station accessing the DRAC 5 (see Exporting the 
Domain Controller Root CA Certificate to the DRAC 5 on 
page 138).
cClick Apply.
The DRAC 5 Web server automatically restarts after you click 
Apply. 
12Log out and then log in to the DRAC 5 to complete the DRAC 5 Active 
Directory feature configuration.
13In the System tree, click Remote Access.
14Click the Configuration tab and then click Network.
The 
Network Configuration page appears.

Add page 128 to Favourites

image text

Enable zoom

							128Using the DRAC 5 With Microsoft Active Directory
15If Use DHCP (for NIC IP Address) is selected under Network Settings, 
then select 
Use DHCP to obtain DNS server address. 
To manually input a DNS server IP address, deselect 
Use DHCP to obtain 
DNS server addresses
 and type your primary and alternate DNS server IP 
addresses.
16Click Apply Changes. 
The DRAC 5 Extended Schema Active Directory feature configuration is 
complete.
Configuring the DRAC 5 With Extended Schema Active Directory and
RACADM
Using the following commands to configure the DRAC 5 Active Directory 
Feature with Extended Schema using the RACADM CLI tool instead of the 
Web-based interface.
1
Open a command prompt and type the following racadm commands:
racadm config -g cfgActiveDirectory -o cfgADEnable 
1
racadm config -g cfgActiveDirectory -o cfgADType 1
racadm config -g cfgActiveDirectory -o 
cfgADRacDomain 
racadm config -g cfgActiveDirectory -o 
cfgADRootDomain 
racadm config -g cfgActiveDirectory -o 
cfgADRacName 
racadm sslcertupload -t 0x2 -f 
racadm sslcertdownload -t 0x1 -f 
2
If DHCP is enabled on the DRAC 5 and you want to use the DNS 
provided by the DHCP server, type the following racadm command:
racadm config -g cfgLanNetworking -o 
cfgDNSServersFromDHCP 1

Add page 129 to Favourites

image text

Enable zoom

							Using the DRAC 5 With Microsoft Active Directory129
3If DHCP is disabled on the DRAC 5 or you want to input your DNS IP 
address, type following racadm commands:
racadm config -g cfgLanNetworking -o 
cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1 

racadm config -g cfgLanNetworking -o cfgDNSServer2 

Press Enter to complete the DRAC 5 Active Directory feature configuration.
Instead of DRAC 5 searching for Active Directory servers, you can specify the 
servers DRAC 5 needs to connect to, to authenticate the user. See Specify 
Server for Active Directory Configuration on page 131 for information on 
RACADM commands to specify servers.
Accumulating Privileges Using Extended Schema
The Extended Schema Authentication mechanism supports Privilege 
Accumulation from different privilege objects associated with the same user 
through different Association Objects. In other words, Extended Schema 
Authentication accumulates privileges to allow the user the super set of all 
assigned privileges corresponding to the different privilege objects associated 
with the same user.
Figure 6-5 provides an example of accumulating privileges using Extended 
Schema.

Add page 130 to Favourites

image text

Enable zoom

							130Using the DRAC 5 With Microsoft Active Directory
Figure 6-5. Privilege Accumulation for a User
The figure shows two Association Objects—A01 and A02. These Association 
Objects may be part of the same or different domains. User1 is associated to 
RAC1 and RAC2 through both association objects. Therefore, User1 has 
accumulated privileges that results when combining the Privileges set for 
objects Priv1 and Priv2.
For example, Priv1 had the privileges: Login, Virtual Media, and Clear Logs 
and Privr2 had the privileges: Login, Configure DRAC, and Test Alerts. 
User1 will now have the privilege set: Login, Virtual Media, Clear Logs, 
Configure DRAC, and Test Alerts, which is the combined privilege set of 
Priv1 and Priv2
Extended Schema Authentication, thus, accumulates privileges to allow the 
user the maximum set of privileges possible considering the assigned 
privileges of the different privilege objects associated to the same user.
A01A02
Group1
Priv1Priv2
User1User2
User1RAC1
RAC2

All Dell manuals Comments (0)