Dell Drac 5 User Manual
Have a look at the manual Dell Drac 5 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 327 Dell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Using the DRAC 5 With Microsoft Active Directory121 8In the Extended Schema Settings section: aTy p e t h e DRAC Name. This name must be the same as the common name of the new RAC object you created in your Domain Controller (see step 3 of Creating a RAC Device Object). bTy p e t h e DRAC Domain Name (for example, drac5.com). Do not use the NetBIOS name. The DRAC Domain Name is the fully qualified domain name of the sub-domain where the RAC Device Object is located. 9Click Apply to save the Active Directory settings. 10Click Go Back To Active Directory Main Menu. 11Upload your domain forest Root CA certificate into the DRAC 5. aSelect the Upload Active Directory CA Certificate check-box and then click Next. bIn the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The domain controllers SSL certificates should have been signed by the root CA. Have the root CA certificate available on your management station accessing the DRAC 5 (see Exporting the Domain Controller Root CA Certificate to the DRAC 5). cClick Apply. The DRAC 5 Web server automatically restarts after you click Apply. 12Log out and then log in to the DRAC 5 to complete the DRAC 5 Active Directory feature configuration. 13In the System tree, click Remote Access. 14Click the Configuration tab and then click Network. The Network Configuration page appears.
122Using the DRAC 5 With Microsoft Active Directory 15If Use DHCP (for NIC IP Address) is selected under Network Settings, then select Use DHCP to obtain DNS server address. To manually input a DNS server IP address, deselect Use DHCP to obtain DNS server addresses and type your primary and alternate DNS server IP addresses. 16Click Apply Changes. The DRAC 5 Extended Schema Active Directory feature configuration is complete. Configuring the DRAC 5 With Extended Schema Active Directory and RACADM Using the following commands to configure the DRAC 5 Active Directory Feature with Extended Schema using the RACADM CLI tool instead of the Web-based interface. 1 Open a command prompt and type the following racadm commands: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 1 racadm config -g cfgActiveDirectory -o cfgADRacDomain < fully qualified rac domain name> racadm config -g cfgActiveDirectory -o cfgADRootDomain < fully qualified root domain name> racadm config -g cfgActiveDirectory -o cfgADRacName < RAC common name> racadm sslcertupload -t 0x2 -f < ADS root CA certificate > racadm sslcertdownload -t 0x1 -f < RAC SSL certificate >
Using the DRAC 5 With Microsoft Active Directory123 2If you want to specify an LDAP, Global Catalog server, or Association Object domain instead of using the servers returned by the DNS server to search for a user name, type the following command to enable the Specify Server option: racadm config -g cfgActive Directory -o cfgADSpecifyServer Enable 1 NOTE: If you use this option, the hostname in the CA certificate is not matched against the name of the specified server. This is particularly useful if you are a DRAC administrator because it enables you to enter a hostname as well as an IP address. After the Specify Server option is enabled, you can specify an LDAP server or a Global Catalog server, with an IP address or a fully qualified domain name of the server (FQDN). The FQDN consists of the hostname and the domain name of the server. NOTE: If you are using Active Directory authentication based on Kerberos, specify only the FQDN of the server; specifying the IP address is not supported. For more information, see Enabling Kerberos Authentication. To specify an LDAP server using the command line interface (CLI), type: racadm config -g cfgActive Directory -o cfgADDomainController < fully qualified domain name or IP address > To specify a Global Catalog server using the command line interface (CLI), type: racadm config -g cfgActive Directory -o cfgGlobalCatalog < fully qualified domain name or IP address > To specify an Association Object domain using the command line interface (CLI), type: racadm config -g cfgActive Directory -o cfgAODomain :< fully qualified domain name or IP address > where is the domain where the Association Object resides and IP/FQDN is the IP address or the FQDN of the specific host (Domain Controller of domain) to which the DRAC 5 connects.
124Using the DRAC 5 With Microsoft Active Directory To specify the Association Object, ensure that you provide the IP or FQDN of the Global Catalog also. NOTE: If you specify the IP address as 0.0.0.0, DRAC 5 will not search for any server. You can specify a list of LDAP, Global Catalog servers, or Association Objects separated by commas. DRAC 5 allows you to specify up to four IP addresses or hostnames. If LDAPS is not correctly configured for all domains and applications, enabling it may produce unexpected results during the functioning of the existing applications/domains. If you configure the Domain Controller under the Specify Server option on the DRAC and if the Association Object contains the user and RAC object on the same domain, the Active Directory login using Extended Schema will be successful. However, if either the user or the RAC object on the association is from a different domain, and if you provide only the domain controller information, the Active Directory login using Extended Schema will fail. In this case, you should configure the global catalog option to be able to log in. 3If DHCP is enabled on the DRAC 5 and you want to use the DNS provided by the DHCP server, type the following racadm command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 4 If DHCP is disabled on the DRAC 5 or you want manually to input your DNS IP address, type following racadm commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 5Press Enter to complete the DRAC 5 Active Directory feature configuration.
Using the DRAC 5 With Microsoft Active Directory125 Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user. Figure 6-5 provides an example of accumulating privileges using Extended Schema. Figure 6-5. Privilege Accumulation for a User The figure shows two Association Objects—A01 and A02. These Association Objects may be part of the same or different domains. User1 is associated to RAC1 and RAC2 through both association objects. Therefore, User1 has accumulated privileges that results when combining the Privileges set for objects Priv1 and Priv2. A01A02 Group1 Priv1Priv2 User1User2 User1RAC1 RAC2
126Using the DRAC 5 With Microsoft Active Directory For example, Priv1 had the privileges: Login, Virtual Media, and Clear Logs and Privr2 had the privileges: Login, Configure DRAC, and Test Alerts. User1 will now have the privilege set: Login, Virtual Media, Clear Logs, Configure DRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2 Extended Schema Authentication, thus, accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. Configuring and Managing Active Directory Certificates To access the Active Directory Main Menu: 1 Expand the System tree and click Remote Access. 2Click the Configuration tab and click Active Directory. Table 6-9 lists the Active Directory Main Menu page options. Table 6-9. Active Directory Main Menu Page Options Field Description Configure Active DirectoryConfigures the Active Directorys DRAC Name, ROOT Domain Name, DRAC Domain Name, Active Directory Authentication Timeout, Active Directory Schema Selection, and Role Group settings. Upload Active Directory CA CertificateUploads an Active Directory certificate to the DRAC. Download DRAC Server CertificateThe Windows Download Manager enables you to download a DRAC server certificate to your system. View Active Directory CA CertificateDisplays the Active Directory Certificate that has been uploaded to the DRAC.
Using the DRAC 5 With Microsoft Active Directory127 Configuring Active Directory (Standard Schema and Extended Schema) 1In the Active Directory Main Menu page, select Configure Active Directory and click Next. 2In the Active Directory Configuration and Management page, enter the Active Directory settings. Table 6-10 describes the Active Directory Configuration and Management page settings. 3Click Apply to save the settings. 4Click the appropriate Active Directory Configuration page button to continue. See Table 6-11. 5To configure the Role Groups for Active Directory Standard Schema, click on the individual Role Group (1-5). See Table 6-12 and Table 6-13. NOTE: To save the settings on the Active Directory Configuration and Management page, you have to click Apply before proceeding to the Custom Role Group page. Table 6-10. Active Directory Configuration and Management Page Settings Setting Description Enable Active DirectoryEnables Active Directory. Checked=Enabled; Unchecked=Disabled. ROOT Domain NameThe Active Directory ROOT domain name. This value is NULL by default. The name must be a valid domain name consisting of x.y, where x is a 1-254 character ASCII string with no blank spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, org. TimeoutThe time in seconds to wait for Active Directory queries to complete. Minimum value is equal to or greater than 15 seconds. The default value is 120 seconds. Use Standard SchemaUses Standard Schema with Active Directory Use Extended SchemaUses Extended Schema with Active Directory
128Using the DRAC 5 With Microsoft Active Directory DRAC NameThe name that uniquely identifies the DRAC 5 card in Active Directory. This value is NULL by default. The name must be a 1-254 character ASCII string with no blank spaces between characters. DRAC Domain NameThe DNS name (string) of the domain, where the Active Directory DRAC 5 object resides. This value is NULL by default. The name must be a valid domain name consisting of x.y, where x is a 1-254 character ASCII string with no blank spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, org. Role GroupsThe list of role groups associated with the DRAC 5 card. To change the settings for a role group, click their role group number, in the role groups list. The Configure Role Group window displays. NOTE: If you click on the role group link prior to applying the settings for the Active Directory Configuration and Management page, you will lose these settings. Group NameThe name that identifies the role group in the Active Directory associated with the DRAC 5 card. Group DomainThe domain that the group is in. Group PrivilegeThe privilege level for the group. Table 6-11. Active Directory Configuration and Management Page Buttons Button Description PrintPrints the Active Directory Configuration and Management page. ApplySaves the changes made to the Active Directory Configuration and Management page. Go Back to Active Directory Main MenuReturns to the Active Directory Main Menu page. Table 6-10. Active Directory Configuration and Management Page Settings (continued) Setting Description
Using the DRAC 5 With Microsoft Active Directory129 Table 6-12. Role Group Privileges Setting Description Role Group Privilege LevelSpecifies the user’s maximum DRAC user privilege to one of the following: Administrator, Power User, Guest user, None, or Custom. See Table 6-13 for Role Group permissions Login to DRACEnables the user to log in to the DRAC. Configure DRACEnables the user to configure the DRAC. Configure UsersEnables the user to allow specific users to access the system. Clear LogsEnables the user to clear the DRAC logs. Execute Server Control CommandsEnables the user to execute racadm commands. Access Console RedirectionEnables the user to run Console Redirection. Access Virtual MediaEnables the user to run and use Virtual Media. Test AlertsEnables the user to send test alerts (e-mail and PET) to a specific user. Execute Diagnostic CommandsEnables the user to run diagnostic commands. Table 6-13. Role Group Permissions Property Description Administrator Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Te s t A l e r t s, Execute Diagnostic Commands Power User Login to DRAC, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts Guest User Login to DRAC
130Using the DRAC 5 With Microsoft Active Directory Uploading an Active Directory CA Certificate 1In the Active Directory Main Menu page, select Upload Active Directory CA Certificate and click Next. 2In the Certificate Upload page, in the File Path field, type the file path of the certificate or click Browse to navigate to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. 3Click Apply. 4Click the appropriate Certificate Upload page button to continue. See Table 6-11. Downloading a DRAC Server Certificate 1In the Active Directory Main Menu page, select Download DRAC Server Certificate and click Next. 2In the File Download window, click Save and save the file to a directory on your system. 3In the Download Complete window, click Close. CustomSelects any combination of the following permissions: Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands NoneNo assigned permissions Table 6-13. Role Group Permissions (continued) Property Description