Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems UCSCPCIEBTG, 57712 manual Configuring Active Directory in Cimc, Server# scope ldap

Models: 57712 UCSCPCIEBTG

1 288

Download 288 pages 20.54 Kb

Page 84

Managing User Accounts

Configuring Active Directory in CIMC

What to Do Next

Use the CIMC to configure Active Directory.

Configuring Active Directory in CIMC

Configure Active Directory (AD) in CIMC when you want to use an AD server for local user authentication and authorization.

Before You Begin

You must log in as a user with admin privileges to perform this task.

Procedure

	Command or Action	Purpose
Step 1	Server# scope ldap	Enters the LDAP command mode for AD configuration.
Step 2	Server /ldap # set enabled	Enables or disables AD. When AD is enabled, user
	{yes no}	authentication and role authorization is performed by AD for
		user accounts not found in the local user database.
Step 3	Server /ldap # set dcn dc-host	Specifies an Active Directory domain controller (DC) host
		name or IP address. You can specify up to three DCs using
		index n values from 1 to 3.
Step 4	Server /ldap # set gcn gc-host	Specifies an Active Directory global catalog (GC) server host
		name or IP address. You can specify up to three GCs using
		index n values from 1 to 3.
Step 5	Server /ldap # set timeout	Specifies the number of seconds the CIMC waits until the
	seconds	LDAP search operation times out.
Step 6	Server /ldap # set encrypted	If encryption is enabled, the server encrypts all information
	{yes no}	sent to AD.
Step 7	Server /ldap # set base-dn	Specifies the domain that all users must be in.
	domain-name

Step 8	Server /ldap # set attribute
	name

Specify an LDAP attribute that contains the role and locale information for the user. This property is always a name-value pair. The system queries the user record for the value that matches this attribute name.

You can use an existing LDAP attribute that is mapped to the CIMC user roles and locales or you can create a custom attribute, such as the CiscoAVPair attribute, which has the following attribute ID:

1.3.6.1.4.1.9.287247.1

Note If you do not specify this property, user access is restricted to read-only.

	Cisco UCS C-Series Servers Integrated Management Controller CLI Configuration Guide, Release 1.5
68	OL-28893-01

Image 84

Cisco Systems UCSCPCIEBTG, 57712 manual Configuring Active Directory in Cimc, Server# scope ldap

Contents

Americas Headquarters First Published March 04Page N T E N T S Viewing Server Properties Viewing Server Sensors Managing User Accounts Creating a vNIC Configuring Communication Services Configuring Platform Event Filters Bios Parameters by Server Model Preface AudienceConventions This preface includes the following sectionsDefault responses to system prompts are in square brackets StringString will include the quotation marks Indicates a comment lineFeature Description Where Documented New and Changed Information for this ReleaseFeature Description Related Cisco UCS Documentation Documentation RoadmapsOther Documentation Resources System UCS Documentation Roadmap BundleOverview Overview of the Server SoftwareThis chapter includes the following sections Cisco Integrated Management Controller Cimc FirmwareServer OS Management InterfacesCommand Modes Cimc CLIOverview Command Modes Mode Name Command to Access Mode PromptCommand to Access Mode Prompt Scope role-group command from Scope power-cap command fromScope sensor command from Scope trap-destinations commandComplete a Command Command HistoryCommitting, Discarding, and Viewing Pending Commands Command Output FormatsOnline Help for the CLI OL-28893-01 Installing the Server OS OS Installation MethodsKVM Console PXE Installation Servers Installing an OS Using a PXE Installation ServerYou can use the KVM console to install an OS on the server Command or Action Purpose Step Enters chassis command modeManaging the Server Toggling the Locator LEDManaging the Server Boot Order Server Boot OrderToggling the Locator LED for a Hard Drive Server /chassis/hdd # set locateHDDConfiguring the Server Boot Order Server# scope biosResetting the Server Viewing the Actual Server Boot OrderServer /bios # show actual-boot-order DetailServer# scope chassis Enters chassis mode Server /chassis # power shutdownShutting Down the Server Server# scope chassisManaging Server Power Powering On the ServerPowering Off the Server Power Cycling the Server Command or Action PurposeServer# scope chassis Enters chassis command mode Configuring Power Policies Viewing the Power StatisticsName Description Power Capping Policy Configuring the Power Cap PolicyNon-Compliance Action Server# scope power-cap Enters the power cap command modeServer /power-cap # set Enabled yes noConfiguring the Power Restore Policy Power-off power-onRestore-last-state Delay-value delayManaging the Flexible Flash Controller Cisco Flexible FlashDual Card Management in the Cisco Flexible Flash Controller Action DescriptionConfiguring the Flexible Flash Controller Properties Scenario Behavior# set read-error-count-threshold # set write-error-count-threshold# set virtual-drives-enabled list # set raid-primary-member slot1Booting from the Flexible Flash Server /bios # set boot-overrideNone SCU HV HUU Resetting the Flexible Flash Controller Permissible index value is FlexFlash-0Default configuration Server /chassis/flexflash # commitConfiguring Bios Settings Viewing Bios StatusBios Version Version string of the running Bios Secondary slotConfiguring Main Bios Settings Boot OrderFor each Bios setting, see one the following topics Attempt to useConfiguring Advanced Bios Settings On, you are prompted to choose whether to reboot nowConfigure the Bios settings Server /bios/advanced # Server /bios/main # set POSTErrorPause EnabledConfiguring Server Management Bios Settings Command or ActionConfigure the Bios settings Server-managementRestoring Bios Defaults Restoring Bios Manufacturing Custom DefaultsServer /bios # bios-setup-default Server /bios # restore-mfg-defaults Default valuesServer # scope bios Server /bios # restore-mfg-defaults OL-28893-01 Viewing Server Properties Viewing Server PropertiesServer# show chassis detail Displays server propertiesViewing Cimc Properties Viewing CPU PropertiesServer# show cimc detail Displays Cimc propertiesViewing Memory Properties This example displays Dimm summary informationViewing Power Supply Properties Viewing Storage PropertiesViewing Storage Adapter Properties Show psu detailError-counters detail Hw-config detailSettings detail Server /chassis # show storageadapterViewing the Flexible Flash Controller Properties Server /chassis # show flexflash detailOptional Displays the available Cisco Flexible Flash controllersViewing Physical Drive Properties Viewing Virtual Drive Properties Virtual-drive drive-number detailVirtual-drive-count detail Virtual-drive drive-numberViewing Nvidia GPU Card Information Slot number of the GPU cardServer # scope chassis Viewing PCI Adapter Properties Viewing Network Related PropertiesViewing LOM Properties Server# scope cimcServer# scope cimc Network OL-28893-01 Viewing Power Supply Sensors Viewing Server SensorsServer# scope sensor Show psu-redundancyViewing Temperature Sensors Server /sensor # show temperature detailViewing Fan Sensors Server /sensor # show psu-redundancyThis example displays temperature sensor statistics Viewing Voltage SensorsPurpose Step Procedure Command or Action Purpose Step Viewing Current SensorsViewing Storage Sensors Status columnLED Status column Current LED color, if anyOL-28893-01 Managing Remote Presence Managing the Virtual KVMKVM Console Server /kvm # set enabled yes Enabling the Virtual KVMDisabling the Virtual KVM Server# scope kvmConfiguring the Virtual KVM Set encrypted yesSet local-video yes Server /kvm # set max-sessionsConfiguring Virtual Media Set enabled yesServer# scope vmedia Configuring Network Mounted vMedia Mapping Command or Action Server # scope vmediaVolume-name remote-share Remote-file-path mount optionsEnters the virtual media command mode Viewing Network Mount vMedia Mapping PropertiesRemoving Network Mounted vMedia Mapping Server # scope vmediaManaging Serial over LAN Serial Over LANConfiguring Serial Over LAN Enters SoL command modeServer# scope sol Yes noServer console port. You can enter this command in any Command modeLaunching Serial Over LAN Server# connect hostOL-28893-01 Configuring Local Users Managing User AccountsConfiguring Active Directory Configuring the Active Directory ServerActive Directory Properties Value RoleConfiguring Active Directory in Cimc Server# scope ldapConfiguring Active Directory Groups in Cimc Server# scope ldapServer /ldap *# set dc1 Server /ldap *# set gc1 Admin user readonly Set group-authScope role-group Viewing User Sessions Terminating a User SessionTerminate Configuring Network-Related Settings Server NIC ConfigurationNIC Mode Server NICsConfiguring Server NICs Server /cimc/network # set mode dedicatedNIC Redundancy Sharedlom Sharedlom10g shipping ciscocardConfiguring Common Properties Redundancy noneActive-active Active-standbyConfiguring IPv4 Configuring the Server Vlan Optional Displays the IPv4 network settingsYou must be logged in as admin to configure the server Vlan Specifies the IP address of the secondary DNSConnecting to a Port Profile Set vlan-enabledSet vlan-priority Port profile must be defined on the switch to Displays the network settingsManagement interface, the virtual Ethernet, and the VIF on Supported adapter cards such as the Cisco UCS VIC1225Network Security Configuration Configuring Network SecurityNetwork Security Network Time Protocol Configuration Configuring Network Time Protocol SettingsServer # scope cimc YesServer /cimc/network/ntp* # commit Commits the transaction 10.120.33.4410.120.34.45 10.120.35.46Managing Network Adapters Overview of the Cisco UCS C-Series Network AdaptersCisco UCS P81E Virtual Interface Card Cisco UCS VIC1225 Virtual Interface CardConfiguring Network Adapter Properties Viewing Network Adapter PropertiesIndex detail Fip-mode disable enable Niv-mode disable enableConfigure-vmfex port-count Managing vHBAsViewing vHBA Properties Host-fc-if fc0 fc1 name detailAll vHBAs Modifying vHBA Properties Error-detect-timeout msec Resource-allocation-timeout msecError-recovery # set fcp-error-recovery disable EnableEnters the interrupt command mode Set flogi-timeout msecInterrupt Interrupt-mode intx msi msixEnters the Fibre Channel port login command mode Set plogi-timeout msecPort-p-logi ServerCreating a vHBA Host-fc-if nameDeleting a vHBA Set channel-number numberServer /chassis/adapter # delete Server /chassis/adapter # commitVHBA Boot Table Viewing the Boot TableCreating a Boot Table Entry Show bootDeleting a Boot Table Entry Create-boot-entry wwpn lun-idServer /chassis # scope adapter Delete boot entry Take effect upon the next server resetVHBA Persistent Binding Locate the number of the entry to be deletedSet persistent-lun-binding enable Enabling Persistent BindingDisabling Persistent Binding PerbiSet persistent-lun-binding disable Rebuilding Persistent BindingScope perbi # rebuildManaging vNICs Guidelines for Managing vNICsViewing vNIC Properties Host-eth-if eth0 eth1 name detailModifying vNIC Properties Host-eth-if eth0 eth1 nameUplink 0 Trust-host-cos disable enable Vlan-mode access trunkUplink-failover disable enable Channel-number numberUplink-failback-timeout seconds Scope interruptSet interrupt-count count Set coalescing-time usecSet tcp-segment-offload disable # set rq-count count# set rq-ring-size size Scope trans-queueSet tcp-rx-checksum-offload disable Set tcp-tx-checksum-offload disableSet tcp-large-receive-offload disable Set rss disable enableSet rss-hash-tcp-ipv6 disable Set rss-hash-ipv6-ex disable enableSet rss-hash-tcp-ipv6-ex disable Creating a vNICDeleting a vNIC Host-eth-if nameConfiguring iSCSI Boot Capability RebootYou can configure a maximum of 2 iSCSI vNICs for each host This example deletes a vNIC on adapterIscsi-boot index Dhcp-net-settings enabledDhcp-iscsi-settings enabled Eth0 eth1 nameDelete iscsi-boot Managing VM FEXVirtual Machine Fabric Extender Viewing VM FEX Properties VM FEX Settings General Properties Settings Name DescriptionName Ethernet Interrupt Settings Name Description Completion Queue Settings Name Description TCP Offload Settings Name Description Receive Side Scaling Settings NameManaging Storage Adapters Create Virtual Drive from Unused Physical DrivesStorageadapter slot Create virtual-driveCreate Virtual Drive from an Existing Drive Group Carve-virtual-driveWrite policy for the new virtual drive. Enter Appropriate information at each promptClearing Foreign Configuration Server /chassis # scope storageadapter500 MB Clear-foreign-config Deleting a Virtual Drive# delete-virtual-drive Cancel-initialization Initializing a Virtual DriveStart-initialization # get-operation-statusSet as Boot Drive Set-boot-driveModifying Attributes of a Virtual Drive Server /chassis/storageadapter # scopeMaking a Dedicated Hot Spare Modify-attributesPolicy You are prompted to choose a virtual drive forMaking a Global Hot Spare Preparing a Drive for RemovalServer /chassis/storageadapter/physical-drive # Make-global-hot-spareRemoving a Drive from Hot Spare Pools Prepare-for-removal# remove-hot-spare Enabling Auto Learn Cycles for the Battery Backup Unit Enable-auto-learnUndo Preparing a Drive for Removal Undo-prepare-for-removalDisabling Auto Learn Cycles for the Battery Backup Unit Starting a Learn Cycle for a Battery Backup UnitDisable-auto-learn You must be logged in as an admin to use this commandToggling the Locator LED for a Physical Drive Start-learn-cyclePhysical-drive # locator-led on offBacking Up and Restoring the Adapter Configuration Exporting the Adapter ConfigurationViewing Storage Controller Logs Importing the Adapter Configuration This example exports the configuration of adapterRestoring Adapter Defaults Reboot the server to apply the imported configurationAdapter-reset-defaults index PCI slot number specified by the indexInstalling Adapter Firmware Managing Adapter FirmwareAdapter Firmware Or two specified adapters or, if no adapter is specifiedResetting the Adapter Activating Adapter FirmwareServer /chassis # activate-adapter-fw Server/chassis # adapter-reset index Resetting the adapter also resetsThis example resets the adapter in PCI slot HostConfiguring Communication Services Configuring HttpServer# scope http Server /http # set http-redirect yesConfiguring SSH Set timeout secondsServer# scope ssh Set ssh-port numberConfiguring XML API XML API for CimcEnabling XML API Server# scope xmlapiConfiguring Ipmi Configuring Ipmi over LANSet enabled Ipmi Over LANConfiguring Snmp Configuring Snmp PropertiesEncryption-key key Server# scope snmpSetcommunity-access Community-str communitySettrap-community-str Server /snmp # set sys-locationConfiguring Snmp Trap Settings Trap-destinations numberVersion 1 2 Type trap informConfiguring SNMPv3 Users Sending a Test Snmp Trap MessageTo send a test message Specified user numberV3security-name security-name V3security-level noauthnoprivAuthnopriv authpriv MD5 SHA142 Managing Certificates Managing the Server CertificateGenerating a Certificate Signing Request Enters the certificate command mode Server# scope certificateServer /certificate # generate-csr Signing request CSRCreating a Self-Signed Certificate Managing Certificates Creating a Self-Signed CertificateOpenssl genrsa -out CAkeyfilename ExampleOpenssl req -new -x509 -days numdays Echo nsCertType = server openssl.confUploading a Server Certificate Server /certificate # uploadNew server certificate This example uploads a new certificate to the server Begin CertificateConfiguring Platform Event Filters Server# scope faultPlatform-event-enabled yes Platform Event FiltersConfiguring Platform Event Filters Platform-event-enabled noDisabling Platform Event Alerts None reboot power-cycle Power-offPlatform Event Filter Configuring Platform Event Trap Settings Server /fault # scope pef-destinationsEnabled yes Interpreting Platform Event Traps Platform Event Trap DescriptionsEvent Number Note Platform Event Description Test Trap154 Event Number Note 155156 Cimc Firmware Management Overview of FirmwareObtaining Firmware from Cisco Center box, click Unified Computing and ServersClick the Unified Computing System UCS Server Firmware link Click Accept License AgreementInstalling Cimc Firmware from a Remote Server Log in to the as a user with admin privilegesActivating Installed Cimc Firmware Server /cimc/firmware # activate 1 Is specified, the server activates the currentlyInactive image Installing Bios Firmware from a Remote Server Current FW Version fieldServer # scope bios 163164 Viewing the Faults and Logs Summary Scope faultShow fault-entries Viewing LogsCimc Log Viewing the Cimc LogConfiguring the Cimc Log Threshold Clearing the Cimc LogServer /cimc # scope log Server /cimc/log # clearSending the Cimc Log to a Remote Server Local-syslog-severityRemote-syslog-severity level Error Informational Debug CriticalServer-ip ip-address System Event Log Viewing the System Event LogServer# scope sel Enters the system event log command mode Clearing the System Event LogServer# scope sel 172 Server Utilities Exporting Technical Support DataServer /cimc # scope tech-support Remote-ip ip-addressRemote-password password Remote-protocol protocolRemote-username name Rebooting the Cimc Clearing the Bios CmosServer# scope bios Enters the bios command mode Provide the generated report file to Cisco TACRecovering from a Corrupted Bios Scope biosRecover Resetting the Cimc to Factory Defaults This example shows how to recover from a corrupted BiosPower cycle or reset the server Exporting and Importing the Cimc Configuration Exporting and Importing the Cimc ConfigurationExporting the Cimc Configuration Server /cimc # scope import-exportImporting a Cimc Configuration Server# scope cimc Enters the Cimc command modeServer /cimc/import-export # Generating Non maskable Interrupts to the Host 181 182 Bios Parameters by Server Model Main Bios Parameters for C22 and C24 ServersC22 and C24 Servers TPM SupportAdvanced Bios Parameters for C22 and C24 Servers Processor Configuration Parameters NameNumber of Enabled Cores Execute DisableIntel VT Intel VT-dIntel VT-d Coherency Support Intel VT-d ATS SupportCPU Performance Hardware PrefetcherAdjacent Cache Line Prefetcher Direct Cache Access Support DCU Streamer PrefetchDCU IP Prefetcher Power Technology Processor Power State C6 Processor Power State C1 EnhancedIntel Turbo Boost Technology Frequency Floor OverrideState Coordination Energy PerformanceMemory Configuration Parameters Name Description Select Memory RASDram Clock Throttling Low Voltage DDR Mode Dram Refresh rateChannel Interleaving Rank InterleavingPatrol Scrub Demand ScrubAltitude QPI Configuration Parameters Name Description USB Configuration Parameters Name DescriptionOnboard Storage Parameters Name All USB Devices USB Port RearUSB Port Front USB Port InternalPCI Configuration Parameters Name Description Mmio Above 4GBAspm Support VGA PriorityConsole Redirection Terminal TypeBits per second Flow Control Putty KeyPadAll Onboard LOM Ports LOM Port n OptionROMAll PCIe Slots OptionROM PCIe Slot n OptionROMServer Management Bios Parameters for C22 and C24 Servers FRB-2 TimerOS Watchdog Timer PCIe Slot n Link SpeedOS Watchdog Timer Timeout OS Watchdog Timer PolicyBoot Order Rules Main Bios Parameters for C220 and C240 Servers Advanced Bios Parameters for C220 and C240 ServersC220 and C240 Servers 204 Disabled -The processor does not support ATS Enabled -The processor uses VT-d ATS as required206 207 Power consumption but may reduce system performance 209 210 211 212 213 214 USB Port SD Card Memory Mapped I/O Above 4GB4GB or greater address space Enables console redirection on COM port 0 during Post Enables console redirection on COM port 1 during PostOffboard -Priority is given to the Pcie Graphics adapter Introduced by a hidden terminal problem. This can be one None -No flow control is usedAllows you to change the action of the PuTTY function keys 218 Server Management Bios Parameters for C220 and C240 Servers PCIe Mezzanine OptionROMIf it hangs during POST. This can be one of the following Watchdog timer expires 5 minutes after the OS System removes that device type from the boot order Main Bios Parameters for C260 Servers Advanced Bios Parameters for C260 ServersProcessor Configuration Parameters Name Description C260 ServersEnhanced Intel Speedstep Technology Whether the processor uses Enhanced Intel SpeedStepIntel Hyper-Threading Technology Which allows multithreaded software applications to executeIntel Virtualization Technology Intel VT for Directed IOIntel VT-d Interrupt Remapping Direct Cache Access Processor C3 ReportProcessor C6 Report Package C State LimitCPU C State Numa Optimized Sparing Mode Mirroring ModeSparing MirroringSerial Port Configuration Parameters Name Description Serial a EnableUSB Configuration Parameters Name Patrol Scrub IntervalOnboard NIC n ROM PCIe OptionROMsPCIe Slot n ROM Onboard Gbit LOMOnboard 10Gbit LOM SriovIOH Resource Allocation Server Management Bios Parameters for C260 Servers Assert NMI on SerrAssert NMI on Perr OS Boot Watchdog Timer Timeout Baud RateOS Boot Watchdog Policy OS Boot Watchdog TimerLegacy OS Redirection Main Bios Parameters for C420 Servers Advanced Bios Parameters for C420 ServersC420 Servers 236 237 238 239 240 241 242 243 244 245 Not detected by the Bios and operating system Enabled -Enables the SD card drives247 Can be one of the following Allows you to change the action of the PuTTY function keys 250 Server Management Bios Parameters for C420 Servers 252 Main Bios Parameters for C460 Servers Advanced Bios Parameters for C460 ServersC460 Servers 254 255 Intel VT-d PassThrough DMA 257 258 259 260 261 262 Server Management Bios Parameters for C460 Servers 264 265 266 D E Installing from remote server 159 obtaining from Cisco Dedicated LDAP, See Active Directory local usersIN-4 Yaml IN-6