Dell 2 Configuring User Accounts and Privileges

9

Configuring User Accounts and Privileges

You can set up user accounts with specific privileges (role-based authority) to manage your system with

CMC and maintain system security. By default, CMC is configured with a local administrator account. The

default user name is rootand the password is calvin. As an administrator, you can set up user accounts

to allow other users to access the CMC.

You can set up a maximum of 16 local users, or use directory services such as Microsoft Active Directory

or LDAP to set up additional user accounts. Using a directory service provides a central location for

managing authorized user accounts.

CMC supports role-based access to users with a set of associated privileges. The roles are administrator,

operator, read-only, or none. The role defines the maximum privileges available.

Types of Users

There are two types of users:

• CMC users or chassis users

• iDRAC users or server users (since the iDRAC resides on a server)

CMC and iDRAC users can be local or directory service users.

Except where a CMC user has Server Administrator privilege, privileges granted to a CMC user are not

automatically transferred to the same user on a server, because server users are created independently

from CMC users. In other words, CMC Active Directory users and iDRAC Active Directory users reside on

two different branches in the Active Directory tree. To create a local server user, the Configure Users

must log in to the server directly. The Configure Users cannot create a server user from CMC or vice

versa. This rule protects the security and integrity of the servers.

Table 11. User Types

Privilege Description

CMC Login User User can log in to CMC and view all the CMC data, but cannot add

or modify data or execute commands.

It is possible for a user to have other privileges without the CMC

Login User privilege. This feature is useful when a user is

temporarily not allowed to login. When that user’s CMC Login User

privilege is restored, the user retains all the other privileges

previously granted.

Chassis Configuration

Administrator

User can add or change data that:

• Identifies the chassis, such as chassis name and chassis

location.

119

Contents

Main Notes, Cautions, and Warnings Contents Page Page Page Page 9 Configuring User Accounts and Privileges..................................................119 10 Configuring CMC For Single Sign-On Or Smart Card Login..................144 11 Configuring CMC to Use Command Line Consoles.................................149 12 Using FlexAddress and FlexAdress Plus Cards..........................................160 14 Managing and Monitoring Power................................................................175 Page Page Page Overview What Is New In This Release Key Features Management Features Security Features Chassis Overview Page Page Minimum CMC Version Supported Remote Access Connections Supported Platforms Supported Web Browsers Managing Licenses Types of Licenses Acquiring Licenses License Operations License Component State or Condition and Available Operations Managing Licenses Using CMC Web Interface Managing Licenses Using RACADM Licensable Features in CMC Page Viewing Localized Versions of the CMC Web Interface Supported Management Console Applications How to Use this User's Guide Other Documents You May Need Accessing documents from Dell support site Page Installing and Setting Up CMC Before You Begin Installing CMC Hardware Checklist To Set up Chassis Basic CMC Network Connection Installing Remote Access Software on a Management Station Installing RACADM on a Linux Management Station Uninstalling RACADM From a Linux Management Station Configuring a Web Browser Proxy Server Internet Explorer Mozilla FireFox Microsoft Phishing Filter Certificate Revocation List (CRL) Fetching Downloading Files From CMC With Internet Explorer Enabling Animations In Internet Explorer Setting Up Initial Access to CMC Configuring Initial CMC Network Configuring CMC Network Using LCD Panel Interface Configuring CMC Using Quick Setup (DHCP) Configuring CMC Using Advanced Setup Page Page Interfaces and Protocols to Access CMC Page Launching CMC Using Other Systems Management Tools Downloading and Updating CMC Firmware Setting Chassis Physical Location and Chassis Name Setting Chassis Physical Location and Chassis Name Using Web Interface Setting Chassis Physical Location and Chassis Name Using RACADM Setting Date and Time on CMC Configuring LEDs to Identify Components on the Chassis Configuring LED Blinking Using CMC Web Interface Configuring LED Blinking Using RACADM Configuring CMC Properties Configuring iDRAC Launch Method Using CMC Web Configuring iDRAC Launch Method Using RACADM Configuring Login Lockout Policy Attributes Using CMC Web Interface Configuring Login Lockout Policy Attributes Using RACADM Understanding Redundant CMC Environment About Standby CMC CMC Failsafe Mode Active CMC Election Process Obtaining Health Status of Redundant CMC Configuring Front Panel Configuring Power Button Configuring LCD Accessing a Server Using KVM Mapping a Server to KVM Using CMC Web Interface Mapping the Server to KVM Using LCD Mapping a Server to a DVD Drive Logging in to CMC Accessing CMC Web Interface Logging in to CMC as a Local User, Active Directory User, or LDAP User Logging in to CMC Using a Smart Card Logging in to CMC Using Single Sign-on Logging In To CMC Using Serial, Telnet, Or SSH Console Accessing CMC Using RACADM Logging in to CMC Using Public Key Authentication Multiple CMC Sessions Changing Default Login Password Changing Default Login Password Using Web Interface Changing Default Login Password Using RACADM Enabling or Disabling Default Password Warning Message Enabling or Disabling Default Password Warning Message Using Web Enabling or Disabling Warning Message to Change Default Login Password Using RACADM Updating Firmware Downloading CMC Firmware Viewing Currently Installed Firmware Versions Viewing Currently Installed Firmware Versions Using CMC Web Interface Viewing Currently Installed Firmware Versions Using RACADM Updating the CMC Firmware Signed CMC Firmware Image Updating CMC Firmware Using Web Interface Updating CMC Firmware Using RACADM Updating Chassis Infrastructure Firmware Updating Chassis Infrastructure Firmware Using CMC Web Interface Updating Chassis Infrastructure Firmware Using RACADM Updating Server iDRAC Firmware Updating Server iDRAC Firmware Using Web Interface Updating Server Component Firmware Page Server Component Update Sequence Enabling Lifecycle Controller Choosing Server Component Firmware Update Type Using CMC Web Filtering Components for Firmware Updates Filtering Components for Firmware Updates Using CMC Web Interface Filtering Components for Firmware Updates Using RACADM Viewing Firmware Inventory Viewing Firmware Inventory Using CMC Web Interface Viewing Firmware Inventory Using RACADM Saving Chassis Inventory Report Using CMC Web Configuring Network Share Using CMC Web Interface Lifecycle Controller Job Operations Reinstalling Server Component Firmware Re-installing Server Component Firmware Using Web Interface Rolling Back Server Component Firmware Rolling Back Server Component Firmware Using the CMC Web Interface Upgrading Server Component Firmware Upgrading Server Component Firmware From File Using CMC Web Interface Server Component Single Click Update Using Network Share Pre-requisites for Using Network Share Update Mode Upgrading Server Component Firmware From Network Share Using CMC Web Interface Deleting Scheduled Server Component Firmware Jobs Deleting Scheduled Server Component Firmware Jobs Using the Web Updating Storage Component Using CMC Web Interface Recovering iDRAC Firmware Using CMC Viewing Chassis Information and Monitoring Chassis and Component Health Viewing Chassis and Component Summaries Chassis Graphics Selected Component Information Page Viewing Server Model Name and Service Tag Viewing Chassis Summary Viewing Chassis Controller Information and Status Viewing Information and Health Status of All Servers Viewing Health Status and Information for Individual Server Viewing Information and Health Status of the IOM Viewing Information and Health Status of Fans Configuring Fans Viewing Front Panel Properties Viewing KVM Information and Health Status Viewing LCD Information and Health Viewing Information and Health Status of Temperature Sensors Viewing Storage Capacity and Status of the Storage Components Page Configuring CMC Viewing and Modifying CMC Network LAN Settings Viewing and Modifying CMC Network LAN Settings Using CMC Web Viewing and Modifying CMC Network LAN Settings Using RACADM Enabling the CMC Network Interface Enabling or Disabling DHCP for the CMC Network Interface Address Enabling or Disabling DHCP for DNS IP Addresses Setting Static DNS IP addresses Configuring DNS Settings (IPv4 and IPv6) Configuring Auto Negotiation, Duplex Mode, and Network Speed (IPv4 and IPv6) Setting the Maximum Transmission Unit (MTU) (IPv4 and IPv6) Configuring CMC Network and Login Security Settings Configuring IP Range Attributes Using CMC Web Interface Configuring IP Range Attributes Using RACADM Configuring Virtual LAN Tag Properties for CMC Configuring Virtual LAN Tag Properties for CMC Using RACADM Configuring Virtual LAN Tag Properties for CMC Using Web Interface Configuring Services Configuring Services Using CMC Web Interface Configuring Services Using RACADM Configuring CMC Extended Storage Card Setting Up Chassis Group Adding Members To Chassis Group Removing a Member from the Leader Disbanding a Chassis Group Disabling an Individual Member at the Member Chassis Accessing the Web page of a Member Chassis or Server Propagating Leader Chassis Properties to Member Chassis Server Inventory for MCM group Saving Server Inventory Report Exported Data Data Format Chassis Group Inventory and Firmware Version Viewing Chassis Group Inventory Viewing Selected Chassis Inventory Using Web Interface Viewing Selected Server Component Firmware Versions Using Web Interface Configuring Multiple CMCs Using RACADM Creating a CMC Configuration File Parsing Rules Modifying the CMC IP Address Viewing and Ending CMC Sessions Viewing and Ending CMC Sessions Using Web Interface Viewing and Ending CMC Sessions Using RACADM Configuring Servers Configuring Slot Names Configuring iDRAC Network Settings Configuring iDRAC QuickDeploy Network Settings Page Page Assigning QuickDeploy IP Address to Servers Modifying iDRAC Network Settings for Individual Server iDRAC Modifying iDRAC Network Settings Using RACADM Configuring iDRAC Virtual LAN Tag Settings Configuring iDRAC Virtual LAN Tag Settings Using RACADM Configuring iDRAC Virtual LAN Tag Settings Using Web Interface Setting First Boot Device Setting First Boot Device For Multiple Servers Using CMC Web Interface Setting First Boot Device For Individual Server Using CMC Web Interface Setting First Boot Device Using RACADM Configuring Server FlexAddress Configuring Remote File Share Configuring Profile Settings Using Server Configuration Replication Accessing Server Profiles Page Adding or Saving Profile Applying Profile Importing Profile Exporting Profile Editing Profile Deleting Profile Viewing Profile Settings Viewing Stored Profile Settings Viewing Profile Log Completion Status And Troubleshooting Quick Deploy of Profiles Assigning Server Profiles to Slots Launching iDRAC using Single Sign-On Launching iDRAC from Server Status Page Launching iDRAC from Servers Status Page Launching Remote Console Launching Remote Console from Chassis Health Page Launching Remote Console from Server Status Page Launching Remote Console from Servers Status Page Configuring CMC To Send Alerts Enabling Or Disabling Alerts Enabling Or Disabling Alerts Using CMC Web Interface Filtering Alerts Filtering Alerts Using CMC Web Interface Configuring Alert Destinations Configuring SNMP Trap Alert Destinations Configuring SNMP Trap Alert Destinations Using CMC Web Interface Configuring SNMP Trap Alert Destinations Using RACADM Configuring Email Alert Settings Configuring Email Alert Settings Using CMC Web Interface Configuring EMail Alert Settings Using RACADM Page Configuring User Accounts and Privileges Types of Users Page Page Page Modifying Root User Administrator Account Settings Configuring Local Users Configuring Local Users Using CMC Web Interface Configure Local Users Using RACADM Adding CMC User Using RACADM Disabling CMC User Enabling CMC User With Permissions Configuring Active Directory Users Supported Active Directory Authentication Mechanisms Standard Schema Active Directory Overview Configuring Standard Schema Active Directory Configuring Active Directory With Standard Schema Using CMC Web Interface Configuring Active Directory With Standard Schema Using RACADM Page Extended Schema Active Directory Overview Active Directory Schema Extensions Overview of Schema Extensions Configuring Extended Schema Active Directory Extending Active Directory Schema Using Dell Schema Extender Page Page Page Page Installing Dell Extension to the Active Directory Users and Computers Snap-In Adding CMC Users And Privileges To Active Directory Creating RAC Device Object Creating Privilege Object Creating Association Object Adding Objects To Association Object Adding Users Or User Groups Adding Privileges Adding RAC Devices Or RAC Device Groups Configuring Active Directory With Extended Schema Using CMC Web Interface Page Configuring Active Directory With Extended Schema Using RACADM Configuring Generic LDAP Users Configuring the Generic LDAP Directory to Access CMC Authentication of LDAP Users Authorization Of LDAP Users Configuring Generic LDAP Directory Service Using CMC Web Interface Configuring Generic LDAP Directory Service Using RACADM Page Configuring CMC For Single Sign-On Or Smart Card Login System Requirements Client Systems CMC Prerequisites For Single Sign-On Or Smart Card Login Generating Kerberos Keytab File Configuring CMC For Active Directory Schema Configuring Browser For SSO Login Internet Explorer Mozilla Firefox Configuring Browser For Smart Card Login Configuring CMC SSO Or Smart Card Login For Active Directory Users Configuring CMC SSO Or Smart Card Login For Active Directory Users Using Web Interface Uploading Keytab File Page Configuring CMC to Use Command Line Consoles CMC Command Line Console Features CMC Command Line Interface Commands Using Telnet Console With CMC Using SSH With CMC Supported SSH Cryptography Schemes Configure Public Key Authentication Over SSH Generating Public Keys for Systems Running Windows Generating Public Keys for Systems Running Linux RACADM Syntax Notes for CMC Viewing Public Keys Adding Public Keys Configuring Terminal Emulation Software Configuring Linux Minicom Configuring Minicom Version 2.0 Required Minicom Settings Connecting to Servers or I/O Module Using Connect Command Page Configuring the Managed Server BIOS for Serial Console Redirection Configuring Windows for Serial Console Redirection Configuring Linux for Server Serial Console Redirection During Boot Configuring Linux for Server Serial Console Redirection After Boot Page Page Using FlexAddress and FlexAdress Plus Cards About FlexAddress About FlexAddress Plus Viewing FlexAddress Activation Status Page Deactivating FlexAddress Configuring FlexAddress Configuring FlexAddress for Chassis-Level Fabric and Slots Configuring FlexAddress for Chassis-Level Fabric and Slots Using CMC Web Interface Configuring FlexAddress for Chassis-Level Fabric and Slots Using RACADM Viewing World Wide Name/Media Access Control (WWN/ MAC) Addresses Fabric Configuration Viewing WWN/MAC Address Information Viewing Basic WWN/MAC Address Information Using Viewing Advanced WWN/MAC Address Information Using Viewing WWN/MAC Address Information Using RACADM Command Messages Page FlexAddress DELL SOFTWARE LICENSE AGREEMENT Page Page Managing Fabrics Fresh Power-up Scenario Monitoring IOM Health Configuring Network Settings for IOM Configuring Network Settings for IOM Using CMC Web Interface Managing Power Control Operation for I/O Modules Enabling or Disabling LED Blinking for I/O Modules Managing and Monitoring Power Redundancy Policies Grid Redundancy Policy Grid Redundancy Levels Power Supply Redundancy Policy Dynamic Power Supply Engagement Default Redundancy Configuration Grid Redundancy Power Supply Redundancy Power Budgeting For Hardware Modules Page Server Slot Power Priority Settings Assigning Priority Levels To Servers Assigning Priority Levels To Servers Using CMC Web Assigning Priority Levels To Servers Using RACADM Viewing Power Consumption Status Viewing Power Consumption Status Using CMC Web Interface Viewing Power Consumption Status Using RACADM Redundancy Status and Overall Power Health Power Management After PSU Failure Power Management After Removing PSU New Server Engagement Policy Page Power Supply and Redundancy Policy Changes in System Event Log Configuring Power Budget and Redundancy Power Conservation and Power Budget Maximum Power Conservation Mode Server Power Reduction to Maintain Power Budget 110V PSUs AC Operation Remote Logging External Power Management Configuring Power Budget and Redundancy Using CMC Web Interface Configuring Power Budget and Redundancy Using RACADM Executing Power Control Operations Executing Power Control Operations on the Chassis Executing Power Control Operations on the Chassis Using Web Interface Executing Power Control Operations on the Chassis Using RACADM Executing Power Control Operations on a Server Executing Power Control Operations for Multiple Servers Using CMC Web Interface Executing Power Control Operations on the IOM Executing Power Control Operations on IOM Using CMC Web Interface Executing Power Control Operations on the IOM Using RACADM Managing Chassis Storage Viewing Status of the Storage Components Viewing the Storage Topology Viewing Fault-tolerant Troubleshooting Information of SPERC Using CMC Web Interface Assigning Virtual Adapters To Slots Using CMC Web Fault-Tolerance in Storage Controllers Viewing Controller Properties Using CMC Web Interface Viewing Controller Properties Using RACADM Importing or Clearing Foreign Configuration Configuring Storage Controller Settings Configuring Storage Controller Settings Using CMC Web Interface Configuring Storage Controller Settings Using RACADM Shared PERC Controllers Enabling or Disabling RAID Controller Using CMC Web Enabling or Diasabling RAID Controller Using RACADM Viewing Physical Disk Properties Using the CMC Web Viewing Physical Disk Drives Properties Using RACADM Identifying Physical Disks and Virtual Disks Assigning Global Hot Spares Using CMC Web Interface Assigning Global Hot Spares Using RACADM Recovering Physical Disks Viewing Virtual Disk Properties Using CMC Web Interface Viewing Virtual Disk Properties Using RACADM Creating Virtual Disk Using CMC Web Interface Applying Virtual Adapter Access Policy To Virtual Disks Modifying Virtual Disk Properties Using CMC Web Viewing Enclosure Properties Using CMC Web Interface Managing PCIe Slots Viewing PCIe Slot Properties Using CMC Web Interface Assigning PCIe Slots To Servers Using CMC Web Interface Managing PCIe Slots Using RACADM PCIe Power Ride-Through Viewing PCIe Ride-through Properties Using CMC Web Interface Viewing PCIe Ridethrough Properties Status Using RACADM Configuring PCIe Ride-through Properties Using CMC Web Interface Configuring PCIe Ride-through Properties Status Using RACADM Troubleshooting and Recovery Gathering Configuration Information, Chassis Status, and Logs Using RACDUMP Supported Interfaces Downloading SNMP Management Information Base (MIB) File First Steps to Troubleshoot a Remote System Power Troubleshooting Page Troubleshooting Alerts Viewing Event Logs Viewing Hardware Log Viewing Hardware Logs Using CMC Web Interface Viewing Hardware Logs Using RACADM Using Diagnostic Console Resetting Components Saving or Restoring Chassis Configuration Troubleshooting Network Time Protocol (NTP) Errors Interpreting LED Colors and Blinking Patterns Troubleshooting Non-responsive CMC Observing LEDs to Isolate the Problem Obtain Recovery Information from DB-9 Serial Port Recovering Firmware Image Troubleshooting Network Problems Troubleshooting Controller Page Using LCD Panel Interface LCD Navigation Main Menu KVM Mapping Menu DVD Mapping Enclosure Menu IP Summary Menu Settings LCD Language Diagnostics Front Panel LCD Messages LCD Module and Server Status Information Page Page Page Page Frequently Asked Questions RACADM Managing and Recovering a Remote System Active Directory FlexAddress and FlexAddressPlus Page IOM