Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems 57712, UCSCPCIEBTG Configuring Active Directory Groups in Cimc, Server# scope ldap

Models: 57712 UCSCPCIEBTG

1 288

Download 288 pages 20.54 Kb

Page 85

Managing User Accounts

Configuring Active Directory Groups in CIMC

	Command or Action	Purpose
Step 9	Server /ldap # commit	Commits the transaction to the system configuration.
Step 10	Server /ldap # show [detail]	(Optional) Displays the AD configuration.

This example configures AD using the CiscoAVPair attribute:

Server# scope ldap

Server /ldap # set enabled yes

Server /ldap *# set dc1 192.0.20.123

Server /ldap *# set gc1 192.0.20.11

Server /ldap *# set timeout 60

Server /ldap *# set encrypted yes

Server /ldap *# set base-dn example.com

Server /ldap *# set attribute CiscoAVPair

Server /ldap *# commit

Server /ldap # show detail

LDAP Settings:

Domain Controller 1: 192.0.20.123

Domain Controller 2: 0.0.0.0

Domain Controller 3: 0.0.0.0

BaseDN: example.com

Encrypted: yes

Timeout: 60

Enabled: yes

Attribute: CiscoAvPair

Group Authorization: no

Global Catalog 1: 192.0.20.11

Global Catalog 2: 0.0.0.0

Global Catalog 3: 0.0.0.0

Server /ldap #

What to Do Next

If you want to use Active Directory groups for group authorization, see Configuring Active Directory Groups in CIMC.

Configuring Active Directory Groups in CIMC

Note When Active Directory (AD) group authorization is enabled and configured, user authentication is also done on the group level for users that are not found in the local user database or who are not individually authorized to use CIMC in the Active Directory.

Before You Begin

•You must log in as a user with admin privileges to perform this task.

•Active Directory (or LDAP) must be enabled and configured.

Cisco UCS C-Series Servers Integrated Management Controller CLI Configuration Guide, Release 1.5

OL-28893-01

69

Image 85

Cisco Systems 57712, UCSCPCIEBTG manual Configuring Active Directory Groups in Cimc, Server# scope ldap

Contents

First Published March 04 Americas HeadquartersPage N T E N T S Viewing Server Properties Viewing Server Sensors Managing User Accounts Creating a vNIC Configuring Communication Services Configuring Platform Event Filters Bios Parameters by Server Model Audience PrefaceConventions This preface includes the following sectionsString Default responses to system prompts are in square bracketsString will include the quotation marks Indicates a comment lineNew and Changed Information for this Release Feature Description Where DocumentedFeature Description Documentation Roadmaps Related Cisco UCS DocumentationSystem UCS Documentation Roadmap Bundle Other Documentation ResourcesOverview of the Server Software OverviewThis chapter includes the following sections Cimc Firmware Cisco Integrated Management ControllerServer OS Management InterfacesCimc CLI Command ModesOverview Command Modes Command to Access Mode Prompt Mode NameCommand to Access Mode Prompt Scope power-cap command from Scope role-group command fromScope sensor command from Scope trap-destinations commandCommand History Complete a CommandCommitting, Discarding, and Viewing Pending Commands Command Output FormatsOnline Help for the CLI OL-28893-01 OS Installation Methods Installing the Server OSKVM Console Installing an OS Using a PXE Installation Server PXE Installation ServersYou can use the KVM console to install an OS on the server Enters chassis command mode Command or Action Purpose StepManaging the Server Toggling the Locator LEDServer Boot Order Managing the Server Boot OrderToggling the Locator LED for a Hard Drive Server /chassis/hdd # set locateHDDServer# scope bios Configuring the Server Boot OrderViewing the Actual Server Boot Order Resetting the ServerServer /bios # show actual-boot-order DetailServer /chassis # power shutdown Server# scope chassis Enters chassis modeShutting Down the Server Server# scope chassisPowering On the Server Managing Server PowerPowering Off the Server Command or Action Purpose Power Cycling the ServerServer# scope chassis Enters chassis command mode Viewing the Power Statistics Configuring Power PoliciesName Description Configuring the Power Cap Policy Power Capping PolicyNon-Compliance Action Enters the power cap command mode Server# scope power-capServer /power-cap # set Enabled yes noPower-off power-on Configuring the Power Restore PolicyRestore-last-state Delay-value delayCisco Flexible Flash Managing the Flexible Flash ControllerDual Card Management in the Cisco Flexible Flash Controller Action DescriptionScenario Behavior Configuring the Flexible Flash Controller Properties# set write-error-count-threshold # set read-error-count-threshold# set virtual-drives-enabled list # set raid-primary-member slot1Server /bios # set boot-override Booting from the Flexible FlashNone SCU HV HUU Permissible index value is FlexFlash-0 Resetting the Flexible Flash ControllerServer /chassis/flexflash # commit Default configurationViewing Bios Status Configuring Bios SettingsBios Version Version string of the running Bios Secondary slotBoot Order Configuring Main Bios SettingsFor each Bios setting, see one the following topics Attempt to useOn, you are prompted to choose whether to reboot now Configuring Advanced Bios SettingsConfigure the Bios settings Server /bios/advanced # Server /bios/main # set POSTErrorPause EnabledCommand or Action Configuring Server Management Bios SettingsConfigure the Bios settings Server-managementRestoring Bios Manufacturing Custom Defaults Restoring Bios DefaultsServer /bios # bios-setup-default Default values Server /bios # restore-mfg-defaultsServer # scope bios Server /bios # restore-mfg-defaults OL-28893-01 Viewing Server Properties Viewing Server PropertiesServer# show chassis detail Displays server propertiesViewing CPU Properties Viewing Cimc PropertiesServer# show cimc detail Displays Cimc propertiesThis example displays Dimm summary information Viewing Memory PropertiesViewing Storage Properties Viewing Power Supply PropertiesViewing Storage Adapter Properties Show psu detailHw-config detail Error-counters detailSettings detail Server /chassis # show storageadapterServer /chassis # show flexflash detail Viewing the Flexible Flash Controller PropertiesOptional Displays the available Cisco Flexible Flash controllersViewing Physical Drive Properties Virtual-drive drive-number detail Viewing Virtual Drive PropertiesVirtual-drive-count detail Virtual-drive drive-numberSlot number of the GPU card Viewing Nvidia GPU Card InformationServer # scope chassis Viewing Network Related Properties Viewing PCI Adapter PropertiesViewing LOM Properties Server# scope cimcServer# scope cimc Network OL-28893-01 Viewing Server Sensors Viewing Power Supply SensorsServer# scope sensor Show psu-redundancyServer /sensor # show temperature detail Viewing Temperature SensorsViewing Fan Sensors Server /sensor # show psu-redundancyViewing Voltage Sensors This example displays temperature sensor statisticsPurpose Step Viewing Current Sensors Procedure Command or Action Purpose StepViewing Storage Sensors Status columnCurrent LED color, if any LED Status columnOL-28893-01 Managing the Virtual KVM Managing Remote PresenceKVM Console Enabling the Virtual KVM Server /kvm # set enabled yesDisabling the Virtual KVM Server# scope kvmSet encrypted yes Configuring the Virtual KVMSet local-video yes Server /kvm # set max-sessionsSet enabled yes Configuring Virtual MediaServer# scope vmedia Command or Action Server # scope vmedia Configuring Network Mounted vMedia MappingVolume-name remote-share Remote-file-path mount optionsViewing Network Mount vMedia Mapping Properties Enters the virtual media command modeRemoving Network Mounted vMedia Mapping Server # scope vmediaSerial Over LAN Managing Serial over LANEnters SoL command mode Configuring Serial Over LANServer# scope sol Yes noCommand mode Server console port. You can enter this command in anyLaunching Serial Over LAN Server# connect hostOL-28893-01 Managing User Accounts Configuring Local UsersConfiguring the Active Directory Server Configuring Active DirectoryActive Directory Role Properties ValueServer# scope ldap Configuring Active Directory in CimcServer# scope ldap Configuring Active Directory Groups in CimcServer /ldap *# set dc1 Server /ldap *# set gc1 Set group-auth Admin user readonlyScope role-group Terminating a User Session Viewing User SessionsTerminate Server NIC Configuration Configuring Network-Related SettingsNIC Mode Server NICsServer /cimc/network # set mode dedicated Configuring Server NICsNIC Redundancy Sharedlom Sharedlom10g shipping ciscocardRedundancy none Configuring Common PropertiesActive-active Active-standbyConfiguring IPv4 Optional Displays the IPv4 network settings Configuring the Server VlanYou must be logged in as admin to configure the server Vlan Specifies the IP address of the secondary DNSSet vlan-enabled Connecting to a Port ProfileSet vlan-priority Displays the network settings Port profile must be defined on the switch toManagement interface, the virtual Ethernet, and the VIF on Supported adapter cards such as the Cisco UCS VIC1225Configuring Network Security Network Security ConfigurationNetwork Security Configuring Network Time Protocol Settings Network Time Protocol ConfigurationServer # scope cimc Yes10.120.33.44 Server /cimc/network/ntp* # commit Commits the transaction10.120.34.45 10.120.35.46Overview of the Cisco UCS C-Series Network Adapters Managing Network AdaptersCisco UCS VIC1225 Virtual Interface Card Cisco UCS P81E Virtual Interface CardViewing Network Adapter Properties Configuring Network Adapter PropertiesIndex detail Niv-mode disable enable Fip-mode disable enableConfigure-vmfex port-count Managing vHBAsHost-fc-if fc0 fc1 name detail Viewing vHBA PropertiesAll vHBAs Modifying vHBA Properties Resource-allocation-timeout msec Error-detect-timeout msecError-recovery # set fcp-error-recovery disable EnableSet flogi-timeout msec Enters the interrupt command modeInterrupt Interrupt-mode intx msi msixSet plogi-timeout msec Enters the Fibre Channel port login command modePort-p-logi ServerHost-fc-if name Creating a vHBASet channel-number number Deleting a vHBAServer /chassis/adapter # delete Server /chassis/adapter # commitViewing the Boot Table VHBA Boot TableCreating a Boot Table Entry Show bootCreate-boot-entry wwpn lun-id Deleting a Boot Table EntryServer /chassis # scope adapter Take effect upon the next server reset Delete boot entryVHBA Persistent Binding Locate the number of the entry to be deletedEnabling Persistent Binding Set persistent-lun-binding enableDisabling Persistent Binding PerbiRebuilding Persistent Binding Set persistent-lun-binding disableScope perbi # rebuildGuidelines for Managing vNICs Managing vNICsViewing vNIC Properties Host-eth-if eth0 eth1 name detailHost-eth-if eth0 eth1 name Modifying vNIC PropertiesUplink 0 Vlan-mode access trunk Trust-host-cos disable enableUplink-failover disable enable Channel-number numberScope interrupt Uplink-failback-timeout secondsSet interrupt-count count Set coalescing-time usec# set rq-count count Set tcp-segment-offload disable# set rq-ring-size size Scope trans-queueSet tcp-tx-checksum-offload disable Set tcp-rx-checksum-offload disableSet tcp-large-receive-offload disable Set rss disable enableSet rss-hash-ipv6-ex disable enable Set rss-hash-tcp-ipv6 disableSet rss-hash-tcp-ipv6-ex disable Creating a vNICHost-eth-if name Deleting a vNICReboot Configuring iSCSI Boot CapabilityYou can configure a maximum of 2 iSCSI vNICs for each host This example deletes a vNIC on adapterDhcp-net-settings enabled Iscsi-boot indexDhcp-iscsi-settings enabled Eth0 eth1 nameManaging VM FEX Delete iscsi-bootVirtual Machine Fabric Extender Viewing VM FEX Properties General Properties Settings Name Description VM FEX SettingsName Ethernet Interrupt Settings Name Description Completion Queue Settings Name Description Receive Side Scaling Settings Name TCP Offload Settings Name DescriptionCreate Virtual Drive from Unused Physical Drives Managing Storage AdaptersStorageadapter slot Create virtual-driveCarve-virtual-drive Create Virtual Drive from an Existing Drive GroupWrite policy for the new virtual drive. Enter Appropriate information at each promptServer /chassis # scope storageadapter Clearing Foreign Configuration500 MB Deleting a Virtual Drive Clear-foreign-config# delete-virtual-drive Initializing a Virtual Drive Cancel-initializationStart-initialization # get-operation-statusSet-boot-drive Set as Boot DriveModifying Attributes of a Virtual Drive Server /chassis/storageadapter # scopeModify-attributes Making a Dedicated Hot SparePolicy You are prompted to choose a virtual drive forPreparing a Drive for Removal Making a Global Hot SpareServer /chassis/storageadapter/physical-drive # Make-global-hot-sparePrepare-for-removal Removing a Drive from Hot Spare Pools# remove-hot-spare Enable-auto-learn Enabling Auto Learn Cycles for the Battery Backup UnitUndo Preparing a Drive for Removal Undo-prepare-for-removalStarting a Learn Cycle for a Battery Backup Unit Disabling Auto Learn Cycles for the Battery Backup UnitDisable-auto-learn You must be logged in as an admin to use this commandStart-learn-cycle Toggling the Locator LED for a Physical DrivePhysical-drive # locator-led on offExporting the Adapter Configuration Backing Up and Restoring the Adapter ConfigurationViewing Storage Controller Logs This example exports the configuration of adapter Importing the Adapter ConfigurationReboot the server to apply the imported configuration Restoring Adapter DefaultsAdapter-reset-defaults index PCI slot number specified by the indexManaging Adapter Firmware Installing Adapter FirmwareAdapter Firmware Or two specified adapters or, if no adapter is specifiedActivating Adapter Firmware Resetting the AdapterServer /chassis # activate-adapter-fw Resetting the adapter also resets Server/chassis # adapter-reset indexThis example resets the adapter in PCI slot HostConfiguring Http Configuring Communication ServicesServer# scope http Server /http # set http-redirect yesSet timeout seconds Configuring SSHServer# scope ssh Set ssh-port numberXML API for Cimc Configuring XML APIEnabling XML API Server# scope xmlapiConfiguring Ipmi over LAN Configuring IpmiSet enabled Ipmi Over LANConfiguring Snmp Properties Configuring SnmpEncryption-key key Server# scope snmpCommunity-str community Setcommunity-accessSettrap-community-str Server /snmp # set sys-locationTrap-destinations number Configuring Snmp Trap SettingsVersion 1 2 Type trap informSending a Test Snmp Trap Message Configuring SNMPv3 UsersTo send a test message Specified user numberV3security-level noauthnopriv V3security-name security-nameAuthnopriv authpriv MD5 SHA142 Managing the Server Certificate Managing CertificatesGenerating a Certificate Signing Request Server# scope certificate Enters the certificate command modeServer /certificate # generate-csr Signing request CSRManaging Certificates Creating a Self-Signed Certificate Creating a Self-Signed CertificateExample Openssl genrsa -out CAkeyfilenameOpenssl req -new -x509 -days numdays Echo nsCertType = server openssl.confServer /certificate # upload Uploading a Server CertificateNew server certificate Begin Certificate This example uploads a new certificate to the serverServer# scope fault Configuring Platform Event FiltersPlatform-event-enabled yes Platform Event FiltersPlatform-event-enabled no Configuring Platform Event FiltersDisabling Platform Event Alerts Power-off None reboot power-cyclePlatform Event Filter Server /fault # scope pef-destinations Configuring Platform Event Trap SettingsEnabled yes Platform Event Trap Descriptions Interpreting Platform Event TrapsEvent Number Note Platform Event Description Test Trap154 155 Event Number Note156 Overview of Firmware Cimc Firmware ManagementCenter box, click Unified Computing and Servers Obtaining Firmware from CiscoClick the Unified Computing System UCS Server Firmware link Click Accept License AgreementLog in to the as a user with admin privileges Installing Cimc Firmware from a Remote ServerActivating Installed Cimc Firmware Is specified, the server activates the currently Server /cimc/firmware # activate 1Inactive image Current FW Version field Installing Bios Firmware from a Remote Server163 Server # scope bios164 Scope fault Viewing the Faults and Logs SummaryShow fault-entries Viewing LogsViewing the Cimc Log Cimc LogClearing the Cimc Log Configuring the Cimc Log ThresholdServer /cimc # scope log Server /cimc/log # clearLocal-syslog-severity Sending the Cimc Log to a Remote ServerRemote-syslog-severity level Critical Error Informational DebugServer-ip ip-address Viewing the System Event Log System Event LogServer# scope sel Clearing the System Event Log Enters the system event log command modeServer# scope sel 172 Exporting Technical Support Data Server UtilitiesServer /cimc # scope tech-support Remote-ip ip-addressRemote-protocol protocol Remote-password passwordRemote-username name Clearing the Bios Cmos Rebooting the CimcServer# scope bios Enters the bios command mode Provide the generated report file to Cisco TACScope bios Recovering from a Corrupted BiosRecover This example shows how to recover from a corrupted Bios Resetting the Cimc to Factory DefaultsPower cycle or reset the server Exporting and Importing the Cimc Configuration Exporting and Importing the Cimc ConfigurationExporting the Cimc Configuration Server /cimc # scope import-exportServer# scope cimc Enters the Cimc command mode Importing a Cimc ConfigurationServer /cimc/import-export # Generating Non maskable Interrupts to the Host 181 182 Main Bios Parameters for C22 and C24 Servers Bios Parameters by Server ModelC22 and C24 Servers TPM SupportProcessor Configuration Parameters Name Advanced Bios Parameters for C22 and C24 ServersNumber of Enabled Cores Execute DisableIntel VT-d Intel VTIntel VT-d Coherency Support Intel VT-d ATS SupportHardware Prefetcher CPU PerformanceAdjacent Cache Line Prefetcher DCU Streamer Prefetch Direct Cache Access SupportDCU IP Prefetcher Power Technology Processor Power State C1 Enhanced Processor Power State C6Intel Turbo Boost Technology Frequency Floor OverrideEnergy Performance State CoordinationSelect Memory RAS Memory Configuration Parameters Name DescriptionDram Clock Throttling Dram Refresh rate Low Voltage DDR ModeChannel Interleaving Rank InterleavingDemand Scrub Patrol ScrubAltitude USB Configuration Parameters Name Description QPI Configuration Parameters Name DescriptionOnboard Storage Parameters Name USB Port Rear All USB DevicesUSB Port Front USB Port InternalMmio Above 4GB PCI Configuration Parameters Name DescriptionAspm Support VGA PriorityTerminal Type Console RedirectionBits per second Putty KeyPad Flow ControlLOM Port n OptionROM All Onboard LOM PortsAll PCIe Slots OptionROM PCIe Slot n OptionROMFRB-2 Timer Server Management Bios Parameters for C22 and C24 ServersOS Watchdog Timer PCIe Slot n Link SpeedOS Watchdog Timer Policy OS Watchdog Timer TimeoutBoot Order Rules Advanced Bios Parameters for C220 and C240 Servers Main Bios Parameters for C220 and C240 ServersC220 and C240 Servers 204 Enabled -The processor uses VT-d ATS as required Disabled -The processor does not support ATS206 207 Power consumption but may reduce system performance 209 210 211 212 213 214 Memory Mapped I/O Above 4GB USB Port SD Card4GB or greater address space Enables console redirection on COM port 1 during Post Enables console redirection on COM port 0 during PostOffboard -Priority is given to the Pcie Graphics adapter None -No flow control is used Introduced by a hidden terminal problem. This can be oneAllows you to change the action of the PuTTY function keys 218 PCIe Mezzanine OptionROM Server Management Bios Parameters for C220 and C240 ServersIf it hangs during POST. This can be one of the following Watchdog timer expires 5 minutes after the OS System removes that device type from the boot order Advanced Bios Parameters for C260 Servers Main Bios Parameters for C260 ServersProcessor Configuration Parameters Name Description C260 ServersWhether the processor uses Enhanced Intel SpeedStep Enhanced Intel Speedstep TechnologyIntel Hyper-Threading Technology Which allows multithreaded software applications to executeIntel VT for Directed IO Intel Virtualization TechnologyIntel VT-d Interrupt Remapping Processor C3 Report Direct Cache AccessPackage C State Limit Processor C6 ReportCPU C State Numa Optimized Mirroring Mode Sparing ModeSparing MirroringSerial a Enable Serial Port Configuration Parameters Name DescriptionUSB Configuration Parameters Name Patrol Scrub IntervalPCIe OptionROMs Onboard NIC n ROMPCIe Slot n ROM Onboard Gbit LOMSriov Onboard 10Gbit LOMIOH Resource Allocation Assert NMI on Serr Server Management Bios Parameters for C260 ServersAssert NMI on Perr Baud Rate OS Boot Watchdog Timer TimeoutOS Boot Watchdog Timer OS Boot Watchdog PolicyLegacy OS Redirection Advanced Bios Parameters for C420 Servers Main Bios Parameters for C420 ServersC420 Servers 236 237 238 239 240 241 242 243 244 245 Enabled -Enables the SD card drives Not detected by the Bios and operating system247 Can be one of the following Allows you to change the action of the PuTTY function keys 250 Server Management Bios Parameters for C420 Servers 252 Advanced Bios Parameters for C460 Servers Main Bios Parameters for C460 ServersC460 Servers 254 255 Intel VT-d PassThrough DMA 257 258 259 260 261 262 Server Management Bios Parameters for C460 Servers 264 265 266 D E Installing from remote server 159 obtaining from Cisco LDAP, See Active Directory local users DedicatedIN-4 Yaml IN-6