Manuals / Black Box / Computer Equipment / Server

Black Box LES1416A, LES1332A, LES1408A, LES144BA, LES1348A, LES1432A, LES1316A Administration Group DN

Models: LES1116A LES110BA LES1308A LES1348A LES144BA Value-Line and Advanced Console Servers LES114BA LES1432A LES1332A LES1316A LES1416A LES1208A-R2 LES1132A LES1216A-R2 LES1232A LES1248A-R2 LES1408A

1 286

Download 286 pages 6.23 Kb

Page 173

For example, in an existing Active Directory setup, a group of users may be part of the “UPS Admin” and “Router Admin” groups. On the console server, these users will be required to have access to a group “Router_Admin”, with access to port 1 (connected to the router), and another group “UPS_Admin”, with access to port 2 (connected to the UPS). Once LDAP is setup, users that are members of each group will have the appropriate permissions to access the router and UPS.

Currently, the only LDAP directory service that supports group provisioning is Microsoft Active Directory. Support is planned for OpenLDAP at a later time.

To enable group information to be used with an LDAP server:

Complete the fields for standard LDAP authentication including LDAP Server Address, Server Password, LDAP Base DN, LDAP Bind DN and LDAP User Name Attribute

Enter memberOf for LDAP Group Membership Attribute as group membership is currently only supported on Active Directory servers

If required, enter the group information for LDAP Console Server Group DN and/or LDAP

Administration Group DN

A user must be a member of the LDAP Console Server Group DN group in order to gain access to the console and user interface. For example, the user must be a member of ‘MyGroup’ on the Active Server to gain access to the console server.

Additionally, a user must be a member of the LDAP Administration Group DN in order to gain administrator access to the console server. For example, the user must be a member of ‘AdminGroup’ on the Active Server to receive administration privileges on the console server.

Click Apply.

Ensure the LDAP service is operational and group names are correct within the Active Directory

_____________________________________________________________________

724-746-5500 blackbox.com

Page 173

Image 173

Black Box LES1416A, LES1332A, LES1408A, LES144BA, LES1348A, LES1432A, LES1316A, LES1308A, LES1232A Administration Group DN

Contents

Value-Line and Advanced Console Servers User’s Manual Value-Line and Advanced Console Servers Manual Blackbox.com Value-Line and Advanced Console Servers Manual Value-Line and Advanced Console Servers Manual Administrator Password Power connectionSystem Services Management network configuration Configuring for SSH Tunneling to Hosts FIREWALL, Failover and OoB DIAL-IN OoB Dial-In AccessSDT Connector Client Configuration Serial Port Redirection Managed Devices IPsec VPN SDT Connector Public Key Authentication SDT Connector to Management ConsoleSetting up SDT for Remote Desktop access SSH Tunneling using other SSH clients e.g. PuTTY Uninterruptible Power Supply Control UPS Remote Power Control RPCAuthentication Configuration PAM Pluggable Authentication Modules 203 13.4 Power Management 212209 213 Modifying Snmp Configuration Raw Access to Serial PortsSecure Shell SSH Public Key Authentication Power Strip Control Appendix This Manual Chapter IntroductionManual Organization Server Console server Types of usersManagement Console Publishing history Manual Conventions Date Revision Update details Copyright Models Chapter InstallationIntroduction Kit components LES1508A Console Server Blackbox.com Kit components LES1108A Console Server Power connection1 LES1508A power 2 LES1116A, LES1132A and LES1148A power Serial Port connection 4 LES1108A powerNetwork connection USB Port Connection PIN Signal Definition Direction Antenna and SIM Before powering on the console server IP address Chapter Initial System ConfigurationManagement console connection Browser connection Blackbox.com Administrator Password Name the console server Set up new administratorNetwork IP address Configuration Method Dynamic DNS Ddns configuration 1 IPv6 configuration Service Access System Services Blackbox.com  Select the Service Settings tab on the System Services Message Changes to configuration succeeded Service Settings Communications Software PuTTY SDT Connector SSHTerm Management network configuration Enable the Management LAN  Check Enable Dhcp Server Configure the Dhcp server Select Failover or broadband OOB Blackbox.com Aggregating the network ports Static routes To add to the static route to the route table of the system Configure Serial Ports Serial Port, Host, Device & User Configuration Common Settings Console Server Mode Blackbox.com Blackbox.com Blackbox.com Blackbox.com SDT Mode Terminal Server Mode Device RPC, UPS, EMD Mode Serial Bridging Mode Cisco USB console connection Add/ Edit Users Pptpd AdminDialin Ftp Blackbox.com Blackbox.com Network Hosts Authentication  Select Serial & Network Trusted Networks Trusted Networks Automatically generate and upload SSH keys Serial Port Cascading Manually generate and upload SSH keys  Check Generate SSH keys automatically and click Apply Select RSA Keys and/or DSA Keys # ssh remhost Configure the slaves and their serial ports Managing the Slaves Serial Port Redirection  Select Serial & Network Managed Devices Managed Devices Add Connection IPsec VPN  Select IPsec VPN on the Serial & Networks menu Enable the VPN gateway  Select OpenVPN on the Serial & Networks menu Enable the OpenVPN Configure as Server or Client Windows OpenVPN Client and Server set up Windows client/server configuration file options are AES Blackbox.com Pptp VPN None Set up a remote Pptp client  Click Apply Settings Add a Pptp user Blackbox.com OoB Dial-In Access Chapter Firewall, Failover and OoB Dial Access  Check Enable Dial-In Configure Dial-In PPP MSCHAPv2 Set up Windows XP/ 2003/Vista/7 client Using SDT Connector client Set up Linux clients for dial-in OoB broadband accessSet up earlier Windows clients Broadband Ethernet Failover Always-on dial-out Dial-Out Failover Blackbox.com Connect to the GSM HSUPA/UMTS carrier network Failover dial-out Blackbox.com Manual Activation Connect to the Cdma EV-DO carrier networkOtasp Activation Cellular modem watchdog Verify cellular connection Cellular failover setup OOB access set up Cellular routing Cellular CSD dial-in setup Check Enable Dial-In and configure the Dial-In Settings Firewall & Forwarding Configuring network forwarding and IP masquerading Dhcp Configuration Configuring client devicesManual Configuration  Click Add New Port Forward Port forwarding Firewall rules Interface Dialout/Cellular Port Range  Click New Firewall RuleDialout/Cellular, VPN, Network Interface, Dial-in etc Port Range InterfaceSource IP Destination IP Chapter Secure SSH Tunneling & SDT Connector SDT Connector Client Configuration Configuring for SSH Tunneling to Hosts  Run the set-up program SDT Connector installation Blackbox.com Blackbox.com Make an SDT connection through the gateway to a host Manually adding hosts to the SDT Connector gateway Manually adding new services to the new hosts Blackbox.com Adding a client program to be started for the new service Blackbox.com Dial in configuration SDT Connector to Management Console Blackbox.com  Click Add, then scroll to the bottom and click Apply Blackbox.com Pon networkconnection Importing and exporting preferences OpenSSH Windows http//sshwindows.sourceforge.net/download SDT Connector Public Key Authentication Setting up SDT for Remote Desktop access Configure the Remote Desktop Connection client Blackbox.com Option Description  Click Connect On a Macintosh client SDT SSH Tunnel for VNC Install, configure and connect the VNC Viewer Blackbox.com Blackbox.com Blackbox.com From  Select Allow calling computer to specify its own address Set up SDT Serial Ports on console server SSH Tunneling using other SSH clients e.g. PuTTY Blackbox.com Blackbox.com Chapter Alerts, Auto-response Logging Configure Auto-Response Blackbox.com  Click on UPS / Power Supply as the Check Condition UPS / Power Supply Check Save Auto-Response UPS Status  Click on UPS Status as the Check Condition  Check Save Auto-Response Cellular Data Serial Login/Logout Click on Icmp Ping as the Check Condition  Click on Custom Check as the Check Condition  Check Save Auto-Response SMS Command Click on SMS Command as the Check Condition Send Email Action Delay Time Send SMS  Select Alerts & Logging Smtp &SMS  Click Save New ActionSend Email alerts SMS via Email Gateway Send SMS alerts SMS via Cellular Modem  Select Cellular Modem In the SMS Settings field  Select Alerts & Logging Snmp Send Snmp trap alerts Nagios alerts LoggingNetwork Serial Ports refer to Chapter Log storage Serial port logging Auto-Response event logging Power device loggingNetwork TCP and UDP port logging RPC connection Chapter Power & Environmental ManagementRemote Power Control RPC Blackbox.com Blackbox.com Turn on RPC access privileges and alertsUser power management RPC status Uninterruptible Power Supply Control UPSTurn OFF Cycle Status Managed UPS connections Blackbox.com Blackbox.com Remote UPS management Controlling UPS powered computers UPS status Monitor managedups@192.168.0.1 1 username password slaveUPS alerts Overview of Network UPS Tools NUT Blackbox.com Environmental Monitoring Connecting the EMD Blackbox.com Environmental status Environmental alerts Authentication Configuration Chapter Authentication Tacacs authentication Radius authentication Ldap authentication  Enter the Server Password Blackbox.com Group support with remote authentication RADIUS/TACACS User Configuration Network Remote groups with Radius authenticationRemote groups with Ldap authentication Administration Group DN Idle timeout Remote groups with TACACS+ authentication Select Serial and Network Authentication Kerberos authentication Authentication testing PAM Pluggable Authentication Modules TACACS+ SSL Certificate Blackbox.com Blackbox.com Chapter Nagios Integration Nagios Overview Central management and setting up SDT for Nagios Distributed console servers Black Box console servers Set up central Nagios server Description, for example Windows 2003 IIS Server Set up distributed console servers  Select Serial Port from the Serial & Network menu  In Description enter Administrator connection Click Console server Mode, and select Logging Level  Check Nagios Nsca Enable Nagios on the console server Configuring Nagios distributed monitoringEnabled  Select Users & Groups from the Serial & Network menu Enable Nsca monitoring Enable Nrpe monitoring Select System Nagios and check Nrpe Enabled Configure Selected Serial Ports for Nagios Monitoring  Select System Nagios and check Nsca EnabledConfigure Selected Network Hosts for Nagios Monitoring Permitted Service Sample Nagios configuration Advanced Distributed Monitoring ConfigurationConfigure the upstream Nagios monitoring host Hostname Black Box CheckpingviaBlack Box Checkportlog Basic Nagios plug-ins Executionfailurecriteria SSH Port Define commandCheckconnviaBlack Box Number of supported devices Additional plug-ins Local office Distributed Monitoring Usage Scenarios Remote site with restrictive firewall II. Remote site Remote site with no network access Chapter System Management System Administration and Reset Configure Date and Time Upgrade Firmware Configuration Backup Blackbox.com Blackbox.com Delayed Configuration Commit  Select the System Administration menu option Fips Mode  Select the Status Port Access Port Access and Active UsersChapter Status Reports Statistics Syslog Support Reports Select the Status Statistics  Select Status Syslog Dashboard Configuring the Dashboard Blackbox.com Blackbox.com Echo table Creating custom widgets for the Dashboard Device Management Chapter Management Web Terminal Web Terminal to Command LinePort and Host Logs  Select Manage Terminal SDT Connector access Check Web Terminal and click Apply  Select Manage Power Power Management Accessing config from the command line Chapter Command Line Configuration Options SyntaxDescription Run=configurator At /etc/config/config.xml# /bin/config -d element name Listed below Serial Port configuration Device Mode Console server mode # config -s config.ports.port5.mode=bridge Serial bridge modeConfig.ports.port5.bridge.ssh.enabled=on Syslog settings Adding and Removing Users # config -g config.users.total# config -d config.users.user2.port1 # config -r users # ./delete-node config.users.user2# config -g config.groups.total Adding and removing user Groups # config -r auth # config -a # config -s config.sdt.hosts.total=4 # config -g config.sdt.hosts.totalAdd power device host Add other network host # config -hosts # config -g config.devices.total# config -g config.portaccess.total Cascaded Ports Managed UPSes # config -r cascadeUPS Connections Remote UPSes # config -s config.ups.monitors.total=1RPC Connections Environmental User Syslog Mail News # config -d config.devices.device8Port Log General settings for all alerts ErrorSignal Alert Alerts Pattern Match Alert UPS Power Status AlertEnvironmental and Power Sensor Alert # config -r alerts Alarm Sensor Alert# config -s config.system.smtp.server2=mail.Black Box.com Smtp & SMS Snmp AdministrationIP settings Date & Time Settings # config -s config.system.timezone=US/Eastern Dial-in settings# config -r time # config -s config.console.ppp.defaultroute=on Services Blowfish Twofish RIJNDAEL-256 Serpent Gost Nagios Using IPMItools Chapter Advanced ConfigurationCustom script to run when booting Custom Scripting # cd # dos2unix /etc/config/rc.localRunning custom scripts when alerts are triggered Deleting Configuration Values from the CLI Example script Power Cycling on Pattern MatchExample script Multiple email notifications on each alert Bin/sh /etc/scripts/alert-email $suffix Delete-node script # ./delete-node config.users.user3 While $COUNTER != $TOTAL-NUMBER+1 do NEWTOTAL=$ $TOTAL Power Cycle any device when a ping request fails Ping-detect script Running custom scripts when a configurator is invoked Backing-up the configuration off-box # /etc/scripts/backup-usb list# /etc/scripts/backup-usb load filename Advanced Portmanager Portmanager commandsPmshell Pmchat Pmusers SignalsPortmanager daemon External Scripts and Alerts Access to serial ports Raw Access to Serial Ports IP- Filtering Accessing the console/modem portEtc/config/ipfilter Sysdescr Black Box Syscontact Modifying Snmp Configuration15.5.1 /etc/config/snmpd.conf Adding more than one Snmp server SSH Overview Secure Shell SSH Public Key AuthenticationConfig --set config.system.snmp.password2=yourpassword Generating Public Keys Linux Installing the SSH Public/Private Keys Clustering$ ssh-keygen -t rsadsa 28aa2938ba40f4115e3fd4fae53614d6 user@server Chown fred /etc/config/users/fred/.ssh/authorizedkeys Installing SSH Public Key Authentication Linux Blackbox.com Generating public/private keys for SSH Windows Blackbox.com Offending key in /.ssh/knownhosts1 FingerprintingAb7e33bd85505a430be0bd433f1ca5f8 Client Keys SSH tunneled serial bridging Authorized Keys Public key to refer to either idrsa.pub or iddsa.pub Secure Sockets Layer SSL Support SDT Connector Public Key Authentication$ ls /home/user/keys Uploading Keys Generating an encryption key HttpsOpenssl genrsa -des3 -out sslkey.pem Generating a self-signed certificate with OpenSSL Installing the key and certificate Power Strip ControlLaunching the Https Server Kill -HUP `cat /var/run/inetd.pid` Synopsis PowerMan toolTarget Specification Adding new RPC devices Powerman --on foo0,4-5Pmpower tool Blackbox.com Ipmitool -c-h-v-V-I lan -H hostname -p port P-f password -o oemtype commandIPMItool Cciphersuite AauthtypeIinterface Lprivlvl Ipmitool help Help Custom Development Kit CDK Ipmitool chassis power helpScripts for Managing Slaves Ipmitool chassis help Select Status Support Report Select Alerts & Logging Port LogSelect Serial & Network Serial Port, Edit the serial ports Appendix a Linux Commands & Source Code Blackbox.com Blackbox.com Blackbox.com Commands Sigspec -n signum -si let arg arg Feature Value Appendix B Hardware Specifications FCC Warning Statement Appendix C Safety & Certifications Appendix F End User License Agreement Read Before Using the Accompanying Software JSch License SDT Connector License Blackbox.com No Warranty Blackbox.com Blackbox.com Black Box Tech Support FREE! Live /7