Dell Drac 5 User Manual
Have a look at the manual Dell Drac 5 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 327 Dell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Adding and Configuring DRAC 5 Users91 Adding and Configuring DRAC 5 Users To manage your system with the DRAC 5 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. To add and configure DRAC 5 users: NOTE: You must have Configure DRAC 5 permission to perform the following steps. 1Expand the System tree and click Remote Access. 2Click the Configuration tab and then click Users. The Users page appears, which includes each user’s State, User Name, RAC Privilege , IPMI LAN Privilege, IPMI Serial Privilege and Serial Over LAN. 3In the User ID column, click a user ID number. 4On the User Main Menu page, you can configure users, upload a user certificate, view an existing user certificate, upload a trusted certification authority (CA) certificate, or view a trusted CA certificate. If you select Configure User and click Next, the User Configuration page is displayed. See step 5 for more information. See Table 5-1 if you select the options under the Smart Card Configuration section. 5In the User Configuration page, configure the user’s properties and privileges. Table 5-2 describes the General settings for configuring a new or existing DRAC user name and password. Ta b l e 5 - 3 describes the IPMI User Privileges for configuring the user’s LAN privileges. Ta b l e 5 - 4 describes the User Group Permissions for the IPMI User Privileges and the DRAC User Privileges settings.
92Adding and Configuring DRAC 5 Users Ta b l e 5 - 5 describes the DRAC Group permissions. If you add a DRAC User Privilege to the Administrator, Power User, or Guest User, the DRAC Group will change to the Custom group. 6When completed, click Apply Changes. 7Click the appropriate User Configuration page button to continue. See Ta b l e 5 - 6 . Table 5-1. Options in the Smart Card Configuration section Option Description Upload User Certificate Enables you to upload the user certificate to DRAC and import it to the user profile. View User Certificate Displays the user certificate page that has been uploaded to the DRAC. Upload Trusted CA CertificateEnables you to upload the trusted CA certificate to DRAC and import it to the user profile. View Trusted CA Certificate Displays the trusted CA certificate that has been uploaded to the DRAC. The trusted CA certificate is issued by the CA who is authorized to issue certificates to users. Table 5-2. General Properties Property Description User IDSpecifies one of 16 preset User ID numbers. If you are editing information for user root, this field is static. You cannot edit the username for root. Enable UserEnables the user to access the DRAC 5. When unchecked, the User Name cannot be changed. User Name Specifies a DRAC 5 user name with up to 16 characters. Each user must have a unique user name. NOTE: User names on the local DRAC 5 cannot include the / (forward slash) or . (period) characters. NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login.
Adding and Configuring DRAC 5 Users93 Change PasswordEnables the New Password and Confirm New Password fields. When unchecked, the user’s Pa s s w o r d cannot be changed. New PasswordSpecifies or edits the DRAC 5 users password. Confirm New Password Requires you to retype the DRAC 5 users password to confirm. Table 5-3. IPMI User Privileges Property Description Maximum LAN User Privilege GrantedSpecifies the user’s maximum privilege on the IPMI LAN channel to one of the following user groups: Administrator, Operator, User, or None. Maximum Serial Port User Privilege GrantedSpecifies the user’s maximum privilege on the IPMI Serial channel to one of the following: Administrator, Operator, User, or None. Enable Serial Over LANAllows user to use IPMI Serial Over LAN. When checked, this privilege is enabled. Table 5-4. DRAC User Privileges Property Description DRAC GroupSpecifies the user’s maximum DRAC user privilege to one of the following: Administrator, Po w e r U s e r, Guest User, None, or Custom. See Table 5-5 for DRAC Group permissions. Login to DRACEnables the user to log in to the DRAC. Configure DRACEnables the user to configure the DRAC. Configure UsersEnables the user to allow specific users to access the system. Clear LogsEnables the user to clear the DRAC logs. Table 5-2. General Properties (continued) Property Description
94Adding and Configuring DRAC 5 Users Execute Server Control CommandsEnables the user to execute racadm commands. Access Console RedirectionEnables the user to run Console Redirection. Access Virtual MediaEnables the user to run and use Virtual Media. Te s t A l e r t sEnables the user to send test alerts (e-mail and PET) to a specific user. Execute Diagnostic CommandsEnables the user to run diagnostic commands. Table 5-5. DRAC Group Permissions User Group Permissions Granted Administrator Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Te s t A l e r t s, Execute Diagnostic Commands Power User Login to DRAC, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts Guest User Login to DRAC CustomSelects any combination of the following permissions: Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Te s t A l e r t s, Execute Diagnostic Commands NoneNo assigned permissions Table 5-4. DRAC User Privileges (continued) Property Description
Adding and Configuring DRAC 5 Users95 Using the RACADM Utility to Configure DRAC 5 Users NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. The DRAC 5 Web-based interface is the quickest way to configure a DRAC 5. If you prefer command-line or script configuration or need to configure multiple DRAC 5s, use RACADM, which is installed with the DRAC 5 agents on the managed system. To configure multiple DRAC 5s with identical configuration settings, perform one of the following procedures: Use the RACADM examples in this section as a guide to create a batch file of racadm commands and then execute the batch file on each managed system. Create the DRAC 5 configuration file as described in RACADM Subcommand Overview and execute the racadm config subcommand on each managed system using the same configuration file. Before You Begin You can configure up to 16 users in the DRAC 5 property database. Before you manually enable a DRAC 5 user, verify if any current users exist. If you are configuring a new DRAC 5 or you ran the racadm racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the DRAC 5 to the original default values. NOTICE: Use caution when using the racresetcfg command, as all configuration parameters are reset to their default values. Any previous changes are lost. Table 5-6. User Configuration Page Buttons Button Action PrintPrints the User Configuration page RefreshReloads the User Configuration page Go Back To Users Pa g eReturns to the Users Page. Apply ChangesSaves the changes made to the network configuration.
96Adding and Configuring DRAC 5 Users NOTE: Users can be enabled and disabled over time. As a result, a user may have a different index number on each DRAC 5. To verify if a user exists, type the following command at the command prompt: racadm getconfig -u < username> OR type the following command once for each index of 1–16: racadm getconfig -g cfgUserAdmin -i < index> NOTE: You can also type racadm getconfig -f and view or edit the myfile.cfg file, which includes all DRAC 5 configuration parameters. Several parameters and object IDs are displayed with their current values. Two objects of interest are: # cfgUserAdminIndex=XX cfgUserAdminUserName= If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use. If a name appears after the =, that index is taken by that user name. NOTE: When you manually enable or disable a user with the racadm config subcommand, you must specify the index with the -i option. Observe that the cfgUserAdminIndex object displayed in the previous example contains a # character. Also, if you use the racadm config -f racadm.cfg command to specify any number of groups/objects to write, the index cannot be specified. A new user is added to the first available index. This behavior allows more flexibility in configuring multiple DRAC 5s with the same settings. Adding a DRAC 5 User To add a new user to the RAC configuration, a few basic commands can be used. In general, perform the following procedures: 1 Set the user name. 2Set the password. 3Set the user privileges. 4Enable the user.
Adding and Configuring DRAC 5 Users97 Example The following example describes how to add a new user named John with a 123456 password and LOGIN privileges to the RAC. racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i 2 john racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 123456 racadm config -g cfgUserAdmin -i 2 -o cfgUserPrivilege 0x00000001 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminEnable 1 To verify, use one of the following commands: racadm getconfig -u john racadm getconfig –g cfgUserAdmin –i 2 Removing a DRAC 5 User When using RACADM, users must be disabled manually and on an individual basis. Users cannot be deleted by using a configuration file. The following example illustrates the command syntax that can be used to delete a RAC user: racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i A null string of double quote characters () instructs the DRAC 5 to remove the user configuration at the specified index and reset the user configuration to the original factory defaults. Testing e-mail Alerting The RAC e-mail alerting feature allows users to receive e-mail alerts when a critical event occurs on the managed system. The following example shows how to test the e-mail alerting feature to ensure that the RAC can properly send out e-mail alerts across the network. racadm testemail -i 2 NOTE: Ensure that the SMTP and Email Alert settings are configured before testing the e-mail alerting feature. See Configuring E-Mail Alerts for more information.
98Adding and Configuring DRAC 5 Users Testing the RAC SNMP Trap Alert Feature The RAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed system. The following example shows how a user can test the SNMP trap alert feature of the RAC. racadm testtrap -i 2 Before you test the RAC SNMP trap alerting feature, ensure that the SNMP and trap settings are configured correctly. See testtrap and testemail subcommand descriptions to configure these settings. Enabling a DRAC 5 User With Permissions To enable a user with specific administrative permissions (role-based authority), first locate an available user index by performing the steps in Before You Begin. Next, type the following command lines with the new user name and password. NOTE: See Table B-2 for a list of valid bit mask values for specific user privileges. The default privilege value is 0, which indicates the user has no privileges enabled. racadm config -g cfgUserAdmin -o cfgUserAdminPrivilege -i
Using the DRAC 5 With Microsoft Active Directory99 Using the DRAC 5 With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, etc. on a network. If your company already uses the Microsoft ® Active Directory® service software, you can configure the software to provide access to the DRAC 5, allowing you to add and control DRAC 5 user privileges to your existing users in your Active Directory software. NOTE: Using Active Directory to recognize DRAC 5 users is supported on the Microsoft Windows® 2000, Windows Server® 2003, and Windows Server 2008 operating systems. Prerequisites for Enabling Active Directory Authentication for the DRAC 5 To use the Active Directory authentication feature of the DRAC 5, you must have already deployed an Active Directory infrastructure. The DRAC 5 Active Directory authentication supports authentication across multiple trees in a single forest. See Supported Active Directory Configuration for information on supported Active Directory configuration with respect to the Domain Function level, Groups, Objects, and so on. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you dont already have one. DRAC 5 uses the standard Public Key Infrastructure (PKI) mechanism to authenticate securely into the Active Directory hence, you would also require an integrated PKI into the Active Directory infrastructure. See the Microsoft website for more information on the PKI setup. To correctly authenticate to all the domain controllers you will also need to enable the Secure Socket Layer (SSL) on all domain controllers. See Enabling SSL on a Domain Controller for more specific information.
100Using the DRAC 5 With Microsoft Active Directory Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on the DRAC 5 through two methods: you can use a standard schema solution, which uses Active Directory group objects only or you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. For more information about these solutions, see the sections below. When using Active Directory to configure access to the DRAC 5, you must choose either the extended schema or the standard schema solution. The advantages of using the standard schema solution are: No schema extension is required because standard schema uses Active Directory objects only. Configuration on Active Directory side is simple. The advantages of using the extended schema solution are: All of the access control objects are maintained in Active Directory. Maximum flexibility in configuring user access on different DRAC 5 cards with different privilege levels. Standard Schema Active Directory Overview As shown in Figure 6-1, using standard schema for Active Directory integration requires configuration on both Active Directory and the DRAC 5. On the Active Directory side, a standard group object is used as a role group. A user who has DRAC 5 access will be a member of the role group. In order to give this user access to a specific DRAC 5 card, the role group name and its domain name need to be configured on the specific DRAC 5 card. Unlike the extended schema solution, the role and the privilege level is defined on each DRAC 5 card, not in the Active Directory. Up to five role groups can be configured and defined in each DRAC 5. Table 6-12 shows the privileges level of the role groups and Table 6-1shows the default role group settings.