Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems UCSCPCIEBTG Configuring Active Directory, Configuring the Active Directory Server

Models: 57712 UCSCPCIEBTG

1 288

Download 288 pages 20.54 Kb

Page 82

Managing User Accounts

Configuring Active Directory

	Command or Action	Purpose
		• Manage the power control options such as power
		on, power cycle, and power off
		• Launch the KVM console and virtual media
		• Clear all logs
		• Toggle the locator LED
		• admin—This user can perform all actions available
		through the GUI, CLI, and IPMI.
Step 6	Server /user # commit	Commits the transaction to the system configuration.

This example configures user 5 as an admin:

Server# scope user 5
Server	/user # set enabled yes
Server	/user *# set name john
Server	/user *# set password
Please	enter password:
Please	confirm password:
Server	/user *# set role readonly
Server	/user *# commit
Server	/user # show	Role	Enabled
User	Name	Role	Enabled
------	----------------	-------- --------
5	john	readonly yes

Configuring Active Directory

Active Directory

Active Directory is a technology that provides a variety of network services including LDAP-like directory services, Kerberos-based authentication, and DNS-based naming. The CIMC utilizes the Kerberos-based authentication service of Active Directory.

When Active Directory is enabled in the CIMC, user authentication and role authorization is performed by Active Directory for user accounts not found in the local user database.

you can require the server to encrypt data sent to Active Directory.

Configuring the Active Directory Server

The CIMC can be configured to use Active Directory for user authentication and authorization. To use Active Directory, configure users with an attribute that holds the user role and locale information for the CIMC. You can use an existing LDAP attribute that is mapped to the CIMC user roles and locales or you can modify the Active Directory schema to add a new custom attribute, such as the CiscoAVPair attribute, which has an

	Cisco UCS C-Series Servers Integrated Management Controller CLI Configuration Guide, Release 1.5
66	OL-28893-01

Image 82

Cisco Systems UCSCPCIEBTG, 57712 manual Configuring Active Directory, Configuring the Active Directory Server

Contents

Americas Headquarters First Published March 04Page N T E N T S Viewing Server Properties Viewing Server Sensors Managing User Accounts Creating a vNIC Configuring Communication Services Configuring Platform Event Filters Bios Parameters by Server Model Conventions PrefaceAudience This preface includes the following sectionsString will include the quotation marks Default responses to system prompts are in square bracketsString Indicates a comment lineFeature Description Where Documented New and Changed Information for this ReleaseFeature Description Related Cisco UCS Documentation Documentation RoadmapsOther Documentation Resources System UCS Documentation Roadmap BundleOverview of the Server Software OverviewThis chapter includes the following sections Server OS Cisco Integrated Management ControllerCimc Firmware Management InterfacesCommand Modes Cimc CLIOverview Command Modes Mode Name Command to Access Mode PromptCommand to Access Mode Prompt Scope sensor command from Scope role-group command fromScope power-cap command from Scope trap-destinations commandCommitting, Discarding, and Viewing Pending Commands Complete a CommandCommand History Command Output FormatsOnline Help for the CLI OL-28893-01 OS Installation Methods Installing the Server OSKVM Console Installing an OS Using a PXE Installation Server PXE Installation ServersYou can use the KVM console to install an OS on the server Managing the Server Command or Action Purpose StepEnters chassis command mode Toggling the Locator LEDToggling the Locator LED for a Hard Drive Managing the Server Boot OrderServer Boot Order Server /chassis/hdd # set locateHDDConfiguring the Server Boot Order Server# scope biosServer /bios # show actual-boot-order Resetting the ServerViewing the Actual Server Boot Order DetailShutting Down the Server Server# scope chassis Enters chassis modeServer /chassis # power shutdown Server# scope chassisPowering On the Server Managing Server PowerPowering Off the Server Command or Action Purpose Power Cycling the ServerServer# scope chassis Enters chassis command mode Viewing the Power Statistics Configuring Power PoliciesName Description Configuring the Power Cap Policy Power Capping PolicyNon-Compliance Action Server /power-cap # set Server# scope power-capEnters the power cap command mode Enabled yes noRestore-last-state Configuring the Power Restore PolicyPower-off power-on Delay-value delayDual Card Management in the Cisco Flexible Flash Controller Managing the Flexible Flash ControllerCisco Flexible Flash Action DescriptionConfiguring the Flexible Flash Controller Properties Scenario Behavior# set virtual-drives-enabled list # set read-error-count-threshold# set write-error-count-threshold # set raid-primary-member slot1Server /bios # set boot-override Booting from the Flexible FlashNone SCU HV HUU Resetting the Flexible Flash Controller Permissible index value is FlexFlash-0Default configuration Server /chassis/flexflash # commitBios Version Version string of the running Bios Configuring Bios SettingsViewing Bios Status Secondary slotFor each Bios setting, see one the following topics Configuring Main Bios SettingsBoot Order Attempt to useConfigure the Bios settings Server /bios/advanced # Configuring Advanced Bios SettingsOn, you are prompted to choose whether to reboot now Server /bios/main # set POSTErrorPause EnabledConfigure the Bios settings Configuring Server Management Bios SettingsCommand or Action Server-managementRestoring Bios Manufacturing Custom Defaults Restoring Bios DefaultsServer /bios # bios-setup-default Default values Server /bios # restore-mfg-defaultsServer # scope bios Server /bios # restore-mfg-defaults OL-28893-01 Server# show chassis detail Viewing Server PropertiesViewing Server Properties Displays server propertiesServer# show cimc detail Viewing Cimc PropertiesViewing CPU Properties Displays Cimc propertiesViewing Memory Properties This example displays Dimm summary informationViewing Storage Adapter Properties Viewing Power Supply PropertiesViewing Storage Properties Show psu detailSettings detail Error-counters detailHw-config detail Server /chassis # show storageadapterOptional Displays the available Cisco Flexible Viewing the Flexible Flash Controller PropertiesServer /chassis # show flexflash detail Flash controllersViewing Physical Drive Properties Virtual-drive-count detail Viewing Virtual Drive PropertiesVirtual-drive drive-number detail Virtual-drive drive-numberSlot number of the GPU card Viewing Nvidia GPU Card InformationServer # scope chassis Viewing LOM Properties Viewing PCI Adapter PropertiesViewing Network Related Properties Server# scope cimcServer# scope cimc Network OL-28893-01 Server# scope sensor Viewing Power Supply SensorsViewing Server Sensors Show psu-redundancyViewing Fan Sensors Viewing Temperature SensorsServer /sensor # show temperature detail Server /sensor # show psu-redundancyViewing Voltage Sensors This example displays temperature sensor statisticsPurpose Step Viewing Storage Sensors Procedure Command or Action Purpose StepViewing Current Sensors Status columnLED Status column Current LED color, if anyOL-28893-01 Managing the Virtual KVM Managing Remote PresenceKVM Console Disabling the Virtual KVM Server /kvm # set enabled yesEnabling the Virtual KVM Server# scope kvmSet local-video yes Configuring the Virtual KVMSet encrypted yes Server /kvm # set max-sessionsSet enabled yes Configuring Virtual MediaServer# scope vmedia Volume-name remote-share Configuring Network Mounted vMedia MappingCommand or Action Server # scope vmedia Remote-file-path mount optionsRemoving Network Mounted vMedia Mapping Enters the virtual media command modeViewing Network Mount vMedia Mapping Properties Server # scope vmediaManaging Serial over LAN Serial Over LANServer# scope sol Configuring Serial Over LANEnters SoL command mode Yes noLaunching Serial Over LAN Server console port. You can enter this command in anyCommand mode Server# connect hostOL-28893-01 Configuring Local Users Managing User AccountsConfiguring the Active Directory Server Configuring Active DirectoryActive Directory Properties Value RoleConfiguring Active Directory in Cimc Server# scope ldapServer# scope ldap Configuring Active Directory Groups in CimcServer /ldap *# set dc1 Server /ldap *# set gc1 Set group-auth Admin user readonlyScope role-group Viewing User Sessions Terminating a User SessionTerminate NIC Mode Configuring Network-Related SettingsServer NIC Configuration Server NICsNIC Redundancy Configuring Server NICsServer /cimc/network # set mode dedicated Sharedlom Sharedlom10g shipping ciscocardActive-active Configuring Common PropertiesRedundancy none Active-standbyConfiguring IPv4 You must be logged in as admin to configure the server Vlan Configuring the Server VlanOptional Displays the IPv4 network settings Specifies the IP address of the secondary DNSSet vlan-enabled Connecting to a Port ProfileSet vlan-priority Management interface, the virtual Ethernet, and the VIF on Port profile must be defined on the switch toDisplays the network settings Supported adapter cards such as the Cisco UCS VIC1225Configuring Network Security Network Security ConfigurationNetwork Security Server # scope cimc Network Time Protocol ConfigurationConfiguring Network Time Protocol Settings Yes10.120.34.45 Server /cimc/network/ntp* # commit Commits the transaction10.120.33.44 10.120.35.46Managing Network Adapters Overview of the Cisco UCS C-Series Network AdaptersCisco UCS P81E Virtual Interface Card Cisco UCS VIC1225 Virtual Interface CardViewing Network Adapter Properties Configuring Network Adapter PropertiesIndex detail Configure-vmfex port-count Fip-mode disable enableNiv-mode disable enable Managing vHBAsHost-fc-if fc0 fc1 name detail Viewing vHBA PropertiesAll vHBAs Modifying vHBA Properties Error-recovery Error-detect-timeout msecResource-allocation-timeout msec # set fcp-error-recovery disable EnableInterrupt Enters the interrupt command modeSet flogi-timeout msec Interrupt-mode intx msi msixPort-p-logi Enters the Fibre Channel port login command modeSet plogi-timeout msec ServerCreating a vHBA Host-fc-if nameServer /chassis/adapter # delete Deleting a vHBASet channel-number number Server /chassis/adapter # commitCreating a Boot Table Entry VHBA Boot TableViewing the Boot Table Show bootCreate-boot-entry wwpn lun-id Deleting a Boot Table EntryServer /chassis # scope adapter VHBA Persistent Binding Delete boot entryTake effect upon the next server reset Locate the number of the entry to be deletedDisabling Persistent Binding Set persistent-lun-binding enableEnabling Persistent Binding PerbiScope perbi Set persistent-lun-binding disableRebuilding Persistent Binding # rebuildViewing vNIC Properties Managing vNICsGuidelines for Managing vNICs Host-eth-if eth0 eth1 name detailHost-eth-if eth0 eth1 name Modifying vNIC PropertiesUplink 0 Uplink-failover disable enable Trust-host-cos disable enableVlan-mode access trunk Channel-number numberSet interrupt-count count Uplink-failback-timeout secondsScope interrupt Set coalescing-time usec# set rq-ring-size size Set tcp-segment-offload disable# set rq-count count Scope trans-queueSet tcp-large-receive-offload disable Set tcp-rx-checksum-offload disableSet tcp-tx-checksum-offload disable Set rss disable enableSet rss-hash-tcp-ipv6-ex disable Set rss-hash-tcp-ipv6 disableSet rss-hash-ipv6-ex disable enable Creating a vNICDeleting a vNIC Host-eth-if nameYou can configure a maximum of 2 iSCSI vNICs for each host Configuring iSCSI Boot CapabilityReboot This example deletes a vNIC on adapterDhcp-iscsi-settings enabled Iscsi-boot indexDhcp-net-settings enabled Eth0 eth1 nameManaging VM FEX Delete iscsi-bootVirtual Machine Fabric Extender Viewing VM FEX Properties General Properties Settings Name Description VM FEX SettingsName Ethernet Interrupt Settings Name Description Completion Queue Settings Name Description TCP Offload Settings Name Description Receive Side Scaling Settings NameStorageadapter slot Managing Storage AdaptersCreate Virtual Drive from Unused Physical Drives Create virtual-driveWrite policy for the new virtual drive. Enter Create Virtual Drive from an Existing Drive GroupCarve-virtual-drive Appropriate information at each promptServer /chassis # scope storageadapter Clearing Foreign Configuration500 MB Deleting a Virtual Drive Clear-foreign-config# delete-virtual-drive Start-initialization Cancel-initializationInitializing a Virtual Drive # get-operation-statusModifying Attributes of a Virtual Drive Set as Boot DriveSet-boot-drive Server /chassis/storageadapter # scopePolicy Making a Dedicated Hot SpareModify-attributes You are prompted to choose a virtual drive forServer /chassis/storageadapter/physical-drive # Making a Global Hot SparePreparing a Drive for Removal Make-global-hot-sparePrepare-for-removal Removing a Drive from Hot Spare Pools# remove-hot-spare Undo Preparing a Drive for Removal Enabling Auto Learn Cycles for the Battery Backup UnitEnable-auto-learn Undo-prepare-for-removalDisable-auto-learn Disabling Auto Learn Cycles for the Battery Backup UnitStarting a Learn Cycle for a Battery Backup Unit You must be logged in as an admin to use this commandPhysical-drive Toggling the Locator LED for a Physical DriveStart-learn-cycle # locator-led on offExporting the Adapter Configuration Backing Up and Restoring the Adapter ConfigurationViewing Storage Controller Logs Importing the Adapter Configuration This example exports the configuration of adapterAdapter-reset-defaults index Restoring Adapter DefaultsReboot the server to apply the imported configuration PCI slot number specified by the indexAdapter Firmware Installing Adapter FirmwareManaging Adapter Firmware Or two specified adapters or, if no adapter is specifiedActivating Adapter Firmware Resetting the AdapterServer /chassis # activate-adapter-fw This example resets the adapter in PCI slot Server/chassis # adapter-reset indexResetting the adapter also resets HostServer# scope http Configuring Communication ServicesConfiguring Http Server /http # set http-redirect yesServer# scope ssh Configuring SSHSet timeout seconds Set ssh-port numberEnabling XML API Configuring XML APIXML API for Cimc Server# scope xmlapiSet enabled Configuring IpmiConfiguring Ipmi over LAN Ipmi Over LANEncryption-key key Configuring SnmpConfiguring Snmp Properties Server# scope snmpSettrap-community-str Setcommunity-accessCommunity-str community Server /snmp # set sys-locationVersion 1 2 Configuring Snmp Trap SettingsTrap-destinations number Type trap informTo send a test message Configuring SNMPv3 UsersSending a Test Snmp Trap Message Specified user numberAuthnopriv authpriv V3security-name security-nameV3security-level noauthnopriv MD5 SHA142 Managing the Server Certificate Managing CertificatesGenerating a Certificate Signing Request Server /certificate # generate-csr Enters the certificate command modeServer# scope certificate Signing request CSRCreating a Self-Signed Certificate Managing Certificates Creating a Self-Signed CertificateOpenssl req -new -x509 -days numdays Openssl genrsa -out CAkeyfilenameExample Echo nsCertType = server openssl.confServer /certificate # upload Uploading a Server CertificateNew server certificate This example uploads a new certificate to the server Begin CertificatePlatform-event-enabled yes Configuring Platform Event FiltersServer# scope fault Platform Event FiltersPlatform-event-enabled no Configuring Platform Event FiltersDisabling Platform Event Alerts Power-off None reboot power-cyclePlatform Event Filter Server /fault # scope pef-destinations Configuring Platform Event Trap SettingsEnabled yes Event Number Note Platform Event Description Interpreting Platform Event TrapsPlatform Event Trap Descriptions Test Trap154 Event Number Note 155156 Cimc Firmware Management Overview of FirmwareClick the Unified Computing System UCS Server Firmware link Obtaining Firmware from CiscoCenter box, click Unified Computing and Servers Click Accept License AgreementInstalling Cimc Firmware from a Remote Server Log in to the as a user with admin privilegesActivating Installed Cimc Firmware Is specified, the server activates the currently Server /cimc/firmware # activate 1Inactive image Installing Bios Firmware from a Remote Server Current FW Version fieldServer # scope bios 163164 Show fault-entries Viewing the Faults and Logs SummaryScope fault Viewing LogsCimc Log Viewing the Cimc LogServer /cimc # scope log Configuring the Cimc Log ThresholdClearing the Cimc Log Server /cimc/log # clearLocal-syslog-severity Sending the Cimc Log to a Remote ServerRemote-syslog-severity level Critical Error Informational DebugServer-ip ip-address Viewing the System Event Log System Event LogServer# scope sel Clearing the System Event Log Enters the system event log command modeServer# scope sel 172 Server /cimc # scope tech-support Server UtilitiesExporting Technical Support Data Remote-ip ip-addressRemote-protocol protocol Remote-password passwordRemote-username name Server# scope bios Enters the bios command mode Rebooting the CimcClearing the Bios Cmos Provide the generated report file to Cisco TACScope bios Recovering from a Corrupted BiosRecover This example shows how to recover from a corrupted Bios Resetting the Cimc to Factory DefaultsPower cycle or reset the server Exporting the Cimc Configuration Exporting and Importing the Cimc ConfigurationExporting and Importing the Cimc Configuration Server /cimc # scope import-exportServer# scope cimc Enters the Cimc command mode Importing a Cimc ConfigurationServer /cimc/import-export # Generating Non maskable Interrupts to the Host 181 182 C22 and C24 Servers Bios Parameters by Server ModelMain Bios Parameters for C22 and C24 Servers TPM SupportNumber of Enabled Cores Advanced Bios Parameters for C22 and C24 ServersProcessor Configuration Parameters Name Execute DisableIntel VT-d Coherency Support Intel VTIntel VT-d Intel VT-d ATS SupportHardware Prefetcher CPU PerformanceAdjacent Cache Line Prefetcher DCU Streamer Prefetch Direct Cache Access SupportDCU IP Prefetcher Power Technology Intel Turbo Boost Technology Processor Power State C6Processor Power State C1 Enhanced Frequency Floor OverrideState Coordination Energy PerformanceSelect Memory RAS Memory Configuration Parameters Name DescriptionDram Clock Throttling Channel Interleaving Low Voltage DDR ModeDram Refresh rate Rank InterleavingDemand Scrub Patrol ScrubAltitude USB Configuration Parameters Name Description QPI Configuration Parameters Name DescriptionOnboard Storage Parameters Name USB Port Front All USB DevicesUSB Port Rear USB Port InternalAspm Support PCI Configuration Parameters Name DescriptionMmio Above 4GB VGA PriorityTerminal Type Console RedirectionBits per second Flow Control Putty KeyPadAll PCIe Slots OptionROM All Onboard LOM PortsLOM Port n OptionROM PCIe Slot n OptionROMOS Watchdog Timer Server Management Bios Parameters for C22 and C24 ServersFRB-2 Timer PCIe Slot n Link SpeedOS Watchdog Timer Timeout OS Watchdog Timer PolicyBoot Order Rules Advanced Bios Parameters for C220 and C240 Servers Main Bios Parameters for C220 and C240 ServersC220 and C240 Servers 204 Disabled -The processor does not support ATS Enabled -The processor uses VT-d ATS as required206 207 Power consumption but may reduce system performance 209 210 211 212 213 214 Memory Mapped I/O Above 4GB USB Port SD Card4GB or greater address space Enables console redirection on COM port 1 during Post Enables console redirection on COM port 0 during PostOffboard -Priority is given to the Pcie Graphics adapter None -No flow control is used Introduced by a hidden terminal problem. This can be oneAllows you to change the action of the PuTTY function keys 218 PCIe Mezzanine OptionROM Server Management Bios Parameters for C220 and C240 ServersIf it hangs during POST. This can be one of the following Watchdog timer expires 5 minutes after the OS System removes that device type from the boot order Processor Configuration Parameters Name Description Main Bios Parameters for C260 ServersAdvanced Bios Parameters for C260 Servers C260 ServersIntel Hyper-Threading Technology Enhanced Intel Speedstep TechnologyWhether the processor uses Enhanced Intel SpeedStep Which allows multithreaded software applications to executeIntel VT for Directed IO Intel Virtualization TechnologyIntel VT-d Interrupt Remapping Direct Cache Access Processor C3 ReportPackage C State Limit Processor C6 ReportCPU C State Numa Optimized Sparing Sparing ModeMirroring Mode MirroringUSB Configuration Parameters Name Serial Port Configuration Parameters Name DescriptionSerial a Enable Patrol Scrub IntervalPCIe Slot n ROM Onboard NIC n ROMPCIe OptionROMs Onboard Gbit LOMSriov Onboard 10Gbit LOMIOH Resource Allocation Assert NMI on Serr Server Management Bios Parameters for C260 ServersAssert NMI on Perr OS Boot Watchdog Timer Timeout Baud RateOS Boot Watchdog Timer OS Boot Watchdog PolicyLegacy OS Redirection Advanced Bios Parameters for C420 Servers Main Bios Parameters for C420 ServersC420 Servers 236 237 238 239 240 241 242 243 244 245 Not detected by the Bios and operating system Enabled -Enables the SD card drives247 Can be one of the following Allows you to change the action of the PuTTY function keys 250 Server Management Bios Parameters for C420 Servers 252 Advanced Bios Parameters for C460 Servers Main Bios Parameters for C460 ServersC460 Servers 254 255 Intel VT-d PassThrough DMA 257 258 259 260 261 262 Server Management Bios Parameters for C460 Servers 264 265 266 D E Installing from remote server 159 obtaining from Cisco Dedicated LDAP, See Active Directory local usersIN-4 Yaml IN-6