To manage your system with the DRAC 5 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs.
To add and configure DRAC 5 users:
NOTE: You must have Configure DRAC 5 permission to perform the following steps.
Expand the System tree and click Remote Access.
Click the Configuration tab and then click Users.
The Users page appears, which includes each user's State, User Name, RAC Privilege, IPMI LAN Privilege, IPMI Serial Privilege and Serial Over LAN.
In the User ID column, click a user ID number.
On the User Main Menu page, you can configure users, upload a user
certificate, view an existing user certificate, upload a trusted certification
authority (CA) certificate, or view a trusted CA certificate.
If you select Configure User and click Next, the User Configuration page is displayed. See step 5 for more information.
See Table 5-1 if you select the options under the Smart Card Configuration section.
In the User Configuration page, configure the user's properties and privileges.
Table 5-2 describes the General settings for configuring a new or existing DRAC user name and password.
Table 5-3 describes the IPMI User Privileges for configuring the user's LAN privileges.
Table 5-4 describes the User Group Permissions for the IPMI User Privileges and the DRAC User Privileges settings.
Table 5-5 describes the DRAC Group permissions. If you add a DRAC User Privilege to the Administrator, Power User, or Guest User, the DRAC Group will change to the Custom group.
When completed, click Apply Changes.
Click the appropriate User Configuration page button to continue. See
Table 5-6.
Table 5-1. Options in the Smart Card Configuration section
Option
Description
Upload User Certificate
Enables you to upload the user certificate to DRAC and import it to the user profile.
View User Certificate
Displays the user certificate page that has been uploaded to the DRAC.
Upload Trusted CA Certificate
Enables you to upload the trusted CA certificate to DRAC and import it to the user profile.
View Trusted CA Certificate
Displays the trusted CA certificate that has been uploaded to the DRAC. The trusted CA certificate is issued by the CA who is authorized to issue certificates to users.
Table 5-2. General Properties
Property
Description
User ID
Specifies one of 16 preset User ID numbers.
If you are editing information for user root, this field is static. You cannot edit the username for root.
Enable User
Enables the user to access the DRAC 5. When unchecked, the User Name cannot be changed.
User Name
Specifies a DRAC 5 user name with up to 16 characters. Each user must have a unique user name.
NOTE: User names on the local DRAC 5 cannot include
the / (forward slash)or . (period) characters.
NOTE: If the user name is changed, the new name will not
appear in the user interface until the next user login.
Change Password
Enables the New Password and Confirm New Password fields. When unchecked, the user's Password cannot be changed.
New Password
Specifies or edits the DRAC 5 user's password.
Confirm New Password
Requires you to retype the DRAC 5 user's password to confirm.
Table 5-3. IPMI User Privileges
Property
Description
Maximum LAN User Privilege Granted
Specifies the user's maximum privilege on the IPMI LAN channel to one of the following user groups: Administrator, Operator, User, or None.
Maximum Serial Port User Privilege Granted
Specifies the user's maximum privilege on the IPMI Serial channel to one of the following: Administrator, Operator, User, or None.
Enable Serial Over LAN
Allows user to use IPMI Serial Over LAN. When checked, this privilege is enabled.
Table 5-4. DRAC User Privileges
Property
Description
DRAC Group
Specifies the user's maximum DRAC user privilege to one of the following: Administrator, Power User, Guest User, None, or Custom.
Enables the user to allow specific users to access the system.
Clear Logs
Enables the user to clear the DRAC logs.
Execute Server Control Commands
Enables the user to execute racadm commands.
Access Console Redirection
Enables the user to run Console Redirection.
Access Virtual Media
Enables the user to run and use Virtual Media.
Test Alerts
Enables the user to send test alerts (e-mail and PET) to a specific user.
Execute Diagnostic Commands
Enables the user to run diagnostic commands.
Table 5-5. DRAC Group Permissions
User Group
Permissions Granted
Administrator
Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands
Power User
Login to DRAC, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts
Guest User
Login to DRAC
Custom
Selects any combination of the following permissions: Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands
None
No assigned permissions
Table 5-6. User Configuration Page Buttons
Button
Action
Print
Prints the User Configuration page
Refresh
Reloads the User Configuration page
Go Back To Users Page
Returns to the Users Page.
Apply Changes
Saves the changes made to the network configuration.
Using the RACADM Utility to Configure DRAC 5 Users
NOTE: You must be logged in as user root to execute RACADM commands on a
remote Linux system.
The DRAC 5 Web-based interface is the quickest way to configure a DRAC 5. If you prefer command-line or script configuration or need to configure multiple DRAC 5s, use RACADM, which is installed with the DRAC 5 agents on the managed system.
To configure multiple DRAC 5s with identical configuration settings, perform one of the following procedures:
Use the RACADM examples in this section as a guide to create a batch file of racadm commands and then execute the batch file on each managed system.
Create the DRAC 5 configuration file as described in "RACADM Subcommand Overview" and execute the racadm config subcommand on each managed system using the same configuration file.
Before You Begin
You can configure up to 16 users in the DRAC 5 property database. Before you manually enable a DRAC 5 user, verify if any current users exist. If you are configuring a new DRAC 5 or you ran the racadm racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the DRAC 5 to the original default values.
NOTICE: Use caution when using the racresetcfg command, as all configuration
parameters are reset to their default values. Any previous changes are lost.
NOTE: Users can be enabled and disabled over time. As a result, a user may have a
different index number on each DRAC 5.
To verify if a user exists, type the following command at the command prompt:
racadm getconfig -u <username>
OR
type the following command once for each index of 1–16:
racadm getconfig -g cfgUserAdmin -i <index>
NOTE: You can also type racadm getconfig -f <myfile.cfg> and view
or edit the myfile.cfg file, which includes all DRAC 5 configuration parameters.
Several parameters and object IDs are displayed with their current values. Two objects of interest are:
# cfgUserAdminIndex=XX
cfgUserAdminUserName=
If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use. If a name appears after the "=", that index is taken by that user name.
NOTE: When you manually enable or disable a user with the racadm config
subcommand, you must specify the index with the -i option. Observe that the
cfgUserAdminIndex object displayed in the previous example contains a '#'
character. Also, if you use the racadm config -f racadm.cfg command to specify any
number of groups/objects to write, the index cannot be specified. A new user is
added to the first available index. This behavior allows more flexibility in configuring
multiple DRAC 5s with the same settings.
Adding a DRAC 5 User
To add a new user to the RAC configuration, a few basic commands can be used. In general, perform the following procedures:
Set the user name.
Set the password.
Set the user privileges.
Enable the user.
Example
The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.
racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i 2 john
A null string of double quote characters ("") instructs the DRAC 5 to remove the user configuration at the specified index and reset the user configuration to the original factory defaults.
Testing e-mail Alerting
The RAC e-mail alerting feature allows users to receive e-mail alerts when a
critical event occurs on the managed system. The following example shows
how to test the e-mail alerting feature to ensure that the RAC can properly
send out e-mail alerts across the network.
racadm testemail -i 2
NOTE: Ensure that the SMTP and Email Alert settings are configured before testing
the e-mail alerting feature. See "Configuring E-Mail Alerts" for more information.
Testing the RAC SNMP Trap Alert Feature
The RAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed system.
The following example shows how a user can test the SNMP trap alert feature of the RAC.
racadm testtrap -i 2
Before you test the RAC SNMP trap alerting feature, ensure that the SNMP and trap settings are configured correctly. See "testtrap" and "testemail" subcommand descriptions to configure these settings.
Enabling a DRAC 5 User With Permissions
To enable a user with specific administrative permissions (role-based authority), first locate an available user index by performing the steps in "Before You Begin." Next, type the following command lines with the new user name and password.
NOTE: See Table B-2 for a list of valid bit mask values for specific user privileges.
The default privilege value is 0, which indicates the user has no privileges enabled.
