Dell Drac 5 User Manual
Have a look at the manual Dell Drac 5 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 327 Dell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Using the DRAC 5 With Microsoft Active Directory111 4Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges. 5Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1. 7Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RAC2 as RAC Devices in AO2. Configuring Extended Schema Active Directory to Access Your DRAC 5 Before using Active Directory to access your DRAC 5, configure the Active Directory software and the DRAC 5 by performing the following steps in order: 1 Extend the Active Directory schema (see Extending the Active Directory Schema). 2Extend the Active Directory Users and Computers Snap-in (see Installing the Dell Extension to the Active Directory Users and Computers Snap-In). 3Add DRAC 5 users and their privileges to Active Directory (see Adding DRAC 5 Users and Privileges to Active Directory). 4Enable SSL on each of your domain controllers (see Enabling SSL on a Domain Controller). 5Configure the DRAC 5 Active Directory properties using either the DRAC 5 Web-based interface or the RACADM (see Configuring the DRAC 5 With Extended Schema Active Directory and Web-Based Interface or Configuring the DRAC 5 With Extended Schema Active Directory and RACADM). Extending the Active Directory Schema Extending your Active Directory schema adds a Dell organizational unit, schema classes and attributes, and example privileges and association objects to the Active Directory schema. Before you extend the schema, ensure that you have Schema Admin privileges on the Schema Master Flexible Single Master Operation (FSMO) Role Owner of the domain forest.
112Using the DRAC 5 With Microsoft Active Directory You can extend your schema using one of the following methods: Dell Schema Extender utility LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: DVD drive:\support\OMActiveDirectory Tools\RAC4-5\LDIF_Files DVD drive:\support\OMActiveDirectory Tools\RAC4- 5\Schema_Extender To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory. To use the Dell Schema Extender to extend the Active Directory Schema, see Using the Dell Schema Extender. You can copy and run the Schema Extender or LDIF files from any location. Using the Dell Schema Extender NOTICE: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure that the Dell Schema Extender utility functions properly, do not modify the name of this file. 1In the We l c o m e screen, click Next. 2Read and understand the warning and click Next. 3Select Use Current Log In Credentials or enter a user name and password with schema administrator rights. 4Click Next to run the Dell Schema Extender. 5Click Finish. The schema is extended. To verify the schema extension, use the Microsoft Management Console (MMC) and the Active Directory Schema snap-in to verify that the following exist: Classes (see Table 6-2 through Table 6-7) Attributes (Table 6-8) See your Microsoft documentation for more information on how to enable and use the Active Directory Schema snap-in the MMC.
Using the DRAC 5 With Microsoft Active Directory113 Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.1 Description Represents the Dell RAC device. The RAC device must be configured as dellRacDevice in Active Directory. This configuration enables the DRAC 5 to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory. Class Type Structural Class SuperClasses dellProduct AttributesdellSchemaVersion dellRacType Table 6-4. dellAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.1.1.2 Description Represents the Dell Association Object. The Association Object provides the connection between the users and the devices. Class Type Structural Class SuperClasses Group AttributesdellProductMembers dellPrivilegeMember
114Using the DRAC 5 With Microsoft Active Directory Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the DRAC 5 device. Class Type Auxiliary Class SuperClasses None AttributesdellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User AttributesdellRAC4Privileges Table 6-7. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer AttributesdellAssociationMembers
Using the DRAC 5 With Microsoft Active Directory115 Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember List of dellPrivilege Objects that belong to this Attribute.1.2.840.113556.1.8000.1280.1.1.2.1 Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)FALSE dellProductMembers List of dellRacDevices Objects that belong to this role. This attribute is the forward link to the dellAssociationMembers backward link. Link ID: 120701.2.840.113556.1.8000.1280.1.1.2.2 Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)FALSE dellIsLoginUser TRUE if the user has Login rights on the device.1.2.840.113556.1.8000.1280.1.1.2.3 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE dellIsCardConfigAdmin TRUE if the user has Card Configuration rights on the device.1.2.840.113556.1.8000.1280.1.1.2.4 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE dellIsUserConfigAdmin TRUE if the user has User Configuration rights on the device.1.2.840.113556.1.8000.1280.1.1.2.5 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE delIsLogClearAdmin TRUE if the user has Log Clearing rights on the device.1.2.840.113556.1.8000.1280.1.1.2.6 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE dellIsServerResetUser TRUE if the user has Server Reset rights on the device.1.2.840.113556.1.8000.1280.1.1.2.7 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE dellIsConsoleRedirectUser TRUE if the user has Console Redirection rights on the device.1.2.840.113556.1.8000.1280.1.1.2.8 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE
116Using the DRAC 5 With Microsoft Active Directory dellIsVirtualMediaUser TRUE if the user has Virtual Media rights on the device.1.2.840.113556.1.8000.1280.1.1.2.9 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE dellIsTestAlertUser TRUE if the user has Test Alert User rights on the device.1.2.840.113556.1.8000.1280.1.1.2.10 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE dellIsDebugCommandAdmin TRUE if the user has Debug Command Admin rights on the device.1.2.840.113556.1.8000.1280.1.1.2.11 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)TRUE dellSchemaVersion The Current Schema Version is used to update the schema.1.2.840.113556.1.8000.1280.1.1.2.12 Case Ignore String (LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905)TRUE dellRacType This attribute is the Current Rac Type for the dellRacDevice object and the backward link to the dellAssociationObjectMembe rs forward link.1.2.840.113556.1.8000.1280.1.1.2.13 Case Ignore String (LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905)TRUE dellAssociationMembers List of dellAssociationObjectMembe rs that belong to this Product. This attribute is the backward link to the dellProductMembers Linked attribute. Link ID: 120711.2.840.113556.1.8000.1280.1.1.2.14 Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)FA L S E Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued
Using the DRAC 5 With Microsoft Active Directory117 Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers snap-in so the administrator can manage RAC (DRAC 5) devices, Users and User Groups, RAC Associations, and RAC Privileges. When you install your systems management software using the Dell Systems Management Tools and Documentation DVD, you can extend the snap-in by selecting the Dell Extension to the Active Directory User’s and Computers Snap-In option during the installation procedure. See the Dell OpenManage Software Quick Installation Guide for additional instructions about installing systems management software. For more information about the Active Directory User’s and Computers snap-in, see your Microsoft documentation. Installing the Administrator Pack You must install the Administrator Pack on each system that is managing the Active Directory DRAC 5 Objects. If you do not install the Administrator Pack, you cannot view the Dell RAC Object in the container. See Opening the Active Directory Users and Computers Snap-In for more information. Opening the Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers snap-in: 1 If you are logged into the domain controller, click Start Admin Tools→ Active Directory Users and Computers . If you are not logged into the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system. To install this Administrator Pack, click Start→ Run, type MMC, and press Enter. The Microsoft Management Console (MMC) appears. 2In the Console 1 window, click File (or Console on systems running Windows 2000). 3Click Add/Remove Snap-in.
118Using the DRAC 5 With Microsoft Active Directory 4Select the Active Directory Users and Computers snap-in and click Add. 5Click Close and click OK. Adding DRAC 5 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers snap-in, you can add DRAC 5 users and privileges by creating RAC, Association, and Privilege objects. To add each object type, perform the following procedures: Create a RAC device Object Create a Privilege Object Create an Association Object Add objects to an Association Object Creating a RAC Device Object 1In the MMC Console Root window, right-click a container. 2Select New→ Dell RAC Object. The New Object window appears. 3Type a name for the new object. The name must be identical to the DRAC 5 Name that you will type in step a of Configuring the DRAC 5 With Extended Schema Active Directory and Web-Based Interface. 4Select RAC Device Object. 5Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object. 1In the Console Root (MMC) window, right-click a container. 2Select New→ Dell RAC Object. The New Object window appears. 3Type a name for the new object. 4Select Privilege Object. 5Click OK.
Using the DRAC 5 With Microsoft Active Directory119 6Right-click the privilege object that you created, and select Properties. 7Click the RAC Privileges tab and select the privileges that you want the user to have (for more information, see Table 5-4). Creating an Association Object The Association Object is derived from a Group and must contain a Group Type. The Association Scope specifies the Security Group Type for the Association Object. When you create an Association Object, choose the Association Scope that applies to the type of objects you intend to add. For example, if you select Universal, the association objects are only available when the Active Directory Domain is functioning in Native Mode or above. 1 In the Console Root (MMC) window, right-click a container. 2Select New→ Dell RAC Object. This opens the New Object window. 3Type a name for the new object. 4Select Association Object. 5Select the scope for the Association Object. 6Click OK. Adding Objects to an Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and RAC devices or RAC device groups. If your system is running Windows 2000 mode or higher, use Universal Groups to span domains with your user or RAC objects. You can add groups of Users and RAC devices. The procedure for creating Dell-related groups and non-Dell-related groups is identical. Adding Users or User Groups 1Right-click the Association Object and select Properties. 2Select the Users tab and click Add. 3Type the user or User Group name and click OK.
120Using the DRAC 5 With Microsoft Active Directory Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to a RAC device. Only one privilege object can be added to an Association Object. Adding Privileges 1Select the Privileges Object tab and click Add. 2Type the Privilege Object name and click OK. Click the Products tab to add one or more RAC devices to the association. The associated devices specify the RAC devices connected to the network that are available for the defined users or user groups. Multiple RAC devices can be added to an Association Object. Adding RAC Devices or RAC Device Groups To add RAC devices or RAC device groups: 1 Select the Products tab and click Add. 2Type the RAC device or RAC device group name and click OK. 3In the Properties window, click Apply and click OK. Configuring the DRAC 5 With Extended Schema Active Directory and Web-Based Interface 1Open a supported Web browser window. 2Log in to the DRAC 5 Web-based interface. 3Expand the System tree and click Remote Access. 4Click the Configuration tab and select Active Directory. 5On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6In the Common Settings section: aSelect the Enable Active Directory check box. bTy p e t h e Root Domain Name. The Root Domain Name is the fully qualified root domain name for the forest. cTy p e t h e Timeout time in seconds. 7Click Use Extended Schema in the Active Directory Schema Selection section.