Manuals / Dell / TV and Video / Universal Remote

Dell Remote Access Controller 4 Firmware Version 1.30 manual Overview of the RAC Schema Extensions

Models: Remote Access Controller 4 Firmware Version 1.30

1 232

Download 232 pages 34.76 Kb

Page 86

w w w . d e l l . c o m s u p p o r t . d e l l . c o m

Overview of the RAC Schema Extensions

To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of objects that can be configured by the user depending on the desired results. Dell has extended the schema to include an Association, Device, and Privilege object. The Association object is used to link together the users or groups with a specific set of privileges to one or more RAC devices. This model provides an Administrator maximum flexibility over the different combinations of users, RAC privileges, and RAC devices on the network without adding too much complexity.

Active Directory Object Overview

For each of the physical RACs on the network that you want to integrate with Active Directory for Authentication and Authorization, you must create at least one Association Object and one RAC Device Object. You can create as many Association Objects as you want, and each Association Object can be linked to as many users, groups of users, or RAC Device Objects as desired. The users and RAC Device Objects can be members of any domain in the enterprise.

However, each Association Object may be linked (or, may link users, groups of users, or RAC Device Objects) to only one Privilege Object. This allows an Administrator to control which users have what kind of privileges on specific RACs.

The RAC Device Object is the link to the RAC firmware for querying Active Directory for authentication and authorization. When a RAC is added to the network, the Administrator must configure the RAC and its device object with its Active Directory name so that users can perform authentication and authorization with Active Directory. The Administrator will also need to add the RAC to at least one Association Object in order for users to authenticate.

Figure 5-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization.

86

Using the DRAC 4 With Microsoft® Active Directory

Image 86

Dell Remote Access Controller 4 Firmware Version 1.30 manual Overview of the RAC Schema Extensions

Contents

Firmware Version 1.30 User’s Guide W . d e l l . c o m s u p p o r t . d e l l . c o m May Contents Viewing Localized Versions of the Web-Based Interface Configuring the Drac 4 Network SettingsConfiguring Red Hat Enterprise Linux for Removing Drac 4-Related Applications and Drivers Enabling Microsoft Telnet for Telnet Console Redirection Configuring Red Hat Enterprise Linux Minicom forAdding and Configuring Drac 4 Users and Alerts First Steps to Troubleshoot a Remote System Configuring the Drac 4 Active Directory Settings Configuring Active Directory to Access Your DracInstalling the Dell Extension to the Active Directory Users Using Active Directory to Log In To the Drac 100 Viewing a List of Serial/Telnet Commands 128 Installing Operating Systems Using Virtual Media 114Enabling and Disabling the Virtual Media Feature 115 111 134 Using the racadm Utility to Configure the Drac 137Creating Bootable Deployment Image Files 146 136 153 151152 154 166 164165 167 174 172173 175 180 178179 181 197 190194 199 200 CfgNetTuningNicAutoneg Read/Write 204CfgNetTuningNicFullDuplex Read/Write 205 203 218 214217 219 Management Station COM Port Settings Setting Up Active Directory ObjectsDrac 4 Power Requirements Overall Architecture of Virtual Media 111 Watchdog Information Fields Enable email Alert PropertiesCertificate Signing Request Generation Last Crash Screen Page Buttons List of Attributes Added to Drac 4 Network Error CodesDellAssociationObject Class Log/Verbose Level Options 131 Table A-10 Fwupdate Subcommand Options 157 Table A-11 Table A-5 Config Subcommand OptionsTable A-6 Getconfig Subcommand Options 152 Table A-7 Table A-12 Getssinfo Subcommand Options 159 Table A-13 Table A-35 Sslcsrgen Subcommand Options 175 Table A-36 Table A-28 Serveraction Subcommand Options 169 Table A-29Table A-33 Setrac Subcommand Options 173 Table A-34 Table A-41 Sslcertview Subcommand Options 178 Table A-42 What’s New in Drac 4 in this Release? Drac 4 Overview Drac 4 Hardware Features Drac 4/I Hardware Features RJ-45 Connector Connectors Hardware SpecificationsPower Requirements Lists the power requirements for the Drac Lists the features of each type of connection Supported Remote Access ConnectionsDrac 4 Security Features Supported Web Browsers Supported PlatformsSupported Operating Systems Features Other Documents You May Need Drac 4 Overview Installing and Setting Up the Drac Installing the Drac 4 HardwareSoftware Installation and Configuration Overview What You Need to Get Started Installing the Software on the Managed System Disabling the Windows Automatic Reboot Option Mount /mnt/cdrom Cd /mnt/cdrom Rpm -ivh linux/rac/*.rpm Installing the Software on the Management StationConfiguring a Supported Web Browser Rpm -e racadm Installing the Sun Java Plug-In to Use Mozilla Installing the Sun Java Plug-InInstalling the Sun Java Plug-In to Use Console Redirection Viewing Localized Versions of the Web-Based Interface For example Configuring Drac 4 PropertiesRpm -iv j2re-14versionnumber-linux-i586.rpm Register the Java plug-in Configuring the Drac 4 Network Settings Configuring the Drac 4 Network Settings Using the Option ROM Waiting for response from Dhcp Server Virtual Media Configuration Options Adding and Configuring Drac 4 Users Adding and Configuring Snmp Alerts Clearing the Web Browser Cache With Mozilla Updating the Drac 4 FirmwareClearing the Web Browser Cache With Internet Explorer Accessing the Drac 4 Through a Network Drac 4 Software Basics for Red Hat Enterprise Linux Service racsvc statusWhere action is start, stop, status, or probe Removing Drac 4-Related Applications and Drivers Additional InformationRemoving the Drac Serial and Telnet Console Features Drac 4 NIC Configuring the System Setup Program on the Managed System F2 = System Setup Kernel ............. console=ttyS0,57600 Serial --unit=0 --speed=57600 terminal --timeout=10 serialAppend two options to the kernel line Sample File /etc/innitab Enabling Login to the Console After BootCo2345respawn/sbin/agetty -h -L 57600 ttyS0 vt100 TtyS0 Enabling the Serial/Telnet Console on the Drac Using racadm Remotely Racadm config -g group -o object valueRacadm getconfig -g group Racadm config -g cfgSerial -o cfgSerialSshEnable Using the Secure Shell SSHRacadm getconfig -g cfgSerial AES128-CBC You can change the SSH port with the commandAES192-CBC 3DES-192-CBC Connecting the DB-9 Cable Required Pinout for DB-9 Null Modem Cable Signal NamePage Type minicom -c on Configuring HyperTerminal for Serial Console RedirectionClear the init, reset, connect, and hangup Page Using a Serial or Telnet Console Enabling Microsoft Telnet for Telnet Console Redirection Logging Accessing the Web-Based InterfaceManaging and Recovering a Remote System Password Adding and Configuring Drac 4 Users and AlertsAdding and Configuring Drac 4 Users User Properties Property Description User Name Configuring User email Alerts Use the information in -3 to enable email alerts Severe Go Back To User ConfigurationEmail Alert Severity Description Informational Alert Description Configuring the Drac 4 NIC Check box is selected Default Smtp Email Server Duplex ModeEmail Alert Settings Drac 4 Network Configuration Page Buttons Adding and Configuring Snmp Alerts Configuring Alerts by Severity Such as chassis intrusion Severity Options Description InformationalSystem Fan Sensors Monitors the system fan speed RPM 10. Snmp Alerts Page Buttons Action Print Managing a Remote SystemSnmp Alert Properties PropertyDescription Updating the Drac 4 Firmware Ensuring Drac 4 Network Security Serial IssuerType Key Size Upload Certificate Default certificate you received with your DracFrom the CA View Server Certificate Management Generate 14. Required CSR Fields Properties Description Locality LState S 16. Certificate Management Page Buttons Action Print Viewing System Information Server Address Bios VersionService Tag System Information Recovering and Troubleshooting the Managed System Managing Power on a Remote System First Steps to Troubleshoot a Remote System Using the SEL SEL provides buttons see -24 in the top-right corner Date/ Time Using the Drac 4 Log25. Status Indicator Icons Description User Using the Diagnostic Console Viewing the Last System Crash Screen Netstat 28. Diagnostic Commands Description ArpIfconfig Ping IP Address Troubleshooting Network Problems 30. Drac 4 Network Error Codes Description Troubleshooting Alerting Problems RAC189A RAC065A Frequently Asked Questions Managing and Recovering a Remote System Managing and Recovering a Remote System Active Directory Schema Extensions Using the Drac 4 With Microsoft Active Directory Overview of the RAC Schema Extensions Active Directory Object Overview RAC4 Privilege Object Group1 Priv1 User1 User2 User3 AO1 Using the Dell Schema Extender Configuring Active Directory to Access Your DracExtending the Active Directory Schema Click Next to run the Dell Schema Extender Click Finish 840.113556.1.8000.1280.1.1.1.4 Description DellRAC4Privileges Class840.113556.1.8000.1280.1.1.1.3 Description Attributes DellRAC4Privileges DellProduct Class DelIsLogClearAdmin False Ldaptypecaseignorestring Creating a RAC Device Object Adding Drac 4 Users and Privileges to Active DirectoryOpening the Active Directory Users and Computers Snap-In Creating a Privilege Object Select the scope for the Association Object Click OK Creating an Association ObjectAdding Objects to an Association Object Enabling SSL on a Domain Controller Click Next and click Finish Click Finish and click OK Exporting the Domain Controller Root CA CertificateSelect Computer account and click Next Configuring the Drac Click the Configuration tab and select Network 100 Using Active Directory to Log In To the DracRacadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP Lists frequently asked questions and answers 101 Racadm sslcertupload -t 0x1 -f websslcert 102 103 Using Console RedirectionOverview Maximum console redirection sessions Current console redirection sessions 105 Running the racadm racreset hard command Using Console Redirection Frequently Asked Questions AnswerRacadm racreset command 106 107 108 109 Run Xconfigurator if not previously run beforeRpm -qa grep radeon7000mdellserver Run Xwindows startx 110 111 Overall Architecture of Virtual Media Managed System Operating System Requirements on the Managed System 113 Installing the Virtual Media Plug-InUsing the Virtual Media Feature Booting From the Virtual Media Installing Operating Systems Using Virtual Media Cat /var/log/messages grep Virtual Enabling and Disabling the Virtual Media FeatureRacadm config -g cfgRacVirtual -o cfgVirMediaDisable 115 Racadm config -g cfgRacVirtual -o cfgFloppyEmulation Configuring the Virtual Floppy Feature as a Super FloppyConfiguring the Virtual Floppy as a Hard Drive DELL-VIRTUALS-120 Removable Media Drive Execution Environment InstallationRacvmcli 117 Racvmcli parameters OS-shell options Interfaces and APIsVM-CLI Parameters Drac 4 IP Address UDRAC-user-name 119 CD/DVD Device or Image File Cdevice-name image-file 121 Detect Virtual device Racadm getconfig -gDrive Number 0 failed to Drive Number 1 failed to CfgRacVirtual Messages Use the racadm vmdisconnect command toOther console startup 123 Drive Number 1 Virtualcdrom Drive Number 0 VirtualfloppyDrive Removable Media Drive 124 125 Mount /mnt/cdrom1 Cat /var/log/messages grepCat /etc/fstab grep /dev/hde 126 127 Logging into the DracStarting a Text Console Setsvctag Firmware Unsupported Command Viewing a List of Serial/Telnet CommandsRacadm config -g cfgSerial -o cfgSerialHistorySize number 128 Prompt a racadm help more Using the racadm CLIRacadm Command Description 129 Racadm Synopsis Using the racadm CLI RemotelyLists the options for the racadm command Racadm Options 131 Type the following command to disable the remote capabilityRacadm Command Options Option Description Racadm Subcommand Descriptions 132 Configuration File Overview Configuring Multiple Drac 4sRacadm Error Messages 133 Creating a Drac 4 Configuration File Racadm getconfig -f myfile.cfg See the example in the previous bullet Use the racresetcfg subcommand to keep all Drac 4s the sameCfgLanNetworking CfgNicIpAddress=143.154.133.121 135 Racadm getconfig -g groupName -i index Configuration File ExampleRacadm config -g groupName -o objectName -i index 136 This file will be updated as follows Using the racadm Utility to Configure the DracFile contents are as follows 137 # cfgUserAdminIndex=XX CfgUserAdminUserName= Racadm getconfig -u usernameRacadm getconfig -g cfgUserAdmin -i index Before Adding a Drac 4 User Specific object Adding a Drac 4 User With Alerting Capabilities139 Adding a Drac 4 User With Permissions 140 141 Configuring Drac 4 Network PropertiesRacadm getconfig -g cfgLanNetworking Racadm subcmd Firmware Error message Racadm subcmd Error messageRacadm subcmd Transport Error message 142 Requirements 143 Tasks Vmdeploy 145 Linux Users Creating Bootable Deployment Image FilesTo create image files from existing bootable media Windows Users 147 Troubleshooting the DracTroubleshooting Troubleshooting Synopsis Racadm help Racadm help subcommandHelp Description Clearasrscreen Config/getconfigArp Racadm arp Racadm getconfig Filename Config Subcommand DescriptionRacadm config -p -c -f filename Racadm config -g Racadm Getconfig Filename command Getconfig Subcommand DescriptionTable A-6. getconfig Subcommand Options Description 152 Examples Table A-7 describes the coredump subcommandCoredump Racadm coredump Output Example 154 Current task stack Ipev -#005e0000 binary data FwupdateCoredumpdelete FW dcmdCoreDump No Core dump available Table A-9. fwupdate Subcommand Definition Load the update file into the Drac 4 RAMdisk areaTable A-10 describes the fwupdate subcommand options 156 Input Table A-10. fwupdate Subcommand Options Description 157 158 Racadm -r Racip -u user -p password fwupdate -g -u -aUpdating the Firmware Getssninfo Table A-11 describes the getssinfo subcommandTable A-12 describes the getssinfo subcommand options Racadm getssninfo -A -u username Root Thu 06 Mar GetsysinfoWeb 143.166.174.19 2004 103239 GMT-0600 Following data element is output as a string Table A-15 describes the getsysinfo subcommand optionsWatchdog information/recovery action 161 Racadm getsysinfo -w -s RestrictionsRacadm getsysinfo -A -w -s Getractime IfconfigRacadm ifconfig Racadm getractime -u -d Setniccfg/getniccfg NetstatPing Racadm ping ipaddress Description for getniccfg Table A-21. setniccfg/getniccfg Subcommand DefinitionDescription for setniccfg 165 Example GetsvctagRacdump Racadm getsvctag Racadm racreset hard soft graceful delay in seconds RacresetTransport Error RC=-1 Table A-26 describes the racresetcfg subcommand RacresetcfgTable A-25 describes the racreset subcommand options Racadm racresetcfg Table A-27. serveraction SubcommandDefinition Table A-27 describes the serveraction subcommandRacadm serveraction -d delay action Serveraction Table A-29 Getraclog Command Definition Serveraction command returns without output if successfulTable A-29 describes the getraclog command Getraclog Getsel Table A-30 describes the getsel commandClrraclog Racadm clrraclog Racadm clrsel ClrselGettracelog Racadm gettracelog Racadm gettracelog -m Setrac Racadm setrac -h -o -T -d Table A-34. sslcsrgen SubcommandDescription Table A-34 describes the sslcsrgen subcommandTable A-33. setrac Subcommand Options Sslcsrgen Options Table A-35 describes the sslcsrgen subcommand optionsTable A-35. sslcsrgen Subcommand Options Description 175 Racadm sslcertupload -t 0x1 -f c\cert\cert.txt SslcertuploadRacadm sslcertupload -t type -f filename Racadm sslcertdownload -t 0x1 -f c\cert\cert.txt SslcertdownloadRacadm sslcertdownload -t type -f filename Racadm sslcertview -t type -A SslcertviewOutput Examples Round Rock Texas john@dell.com 1024 DSU+123431 DSU+153431 RMC Default Certificate Dell IncTestemail Racadm testemail -i index -u username Testtrap Racadm testtrap -i index Vmdisconnect Table A-46 describes the vmdisconnect subcommandTable A-46. vmdisconnect Subcommand Description Racadm vmdisconnect Racadm Subcommand Man Pages IdRacDescriptionInfo Read Only IdRacInfoIdRacProductInfo Read Only IdRacMisc Read/Write IdRacVersionInfo Read OnlyIdRacName Read/Write CfgDNSDomainNameFromDHCP Read/Write CfgLanNetworkingIdRacType Read CfgDNSDomainName Read/Write CfgDNSRacName Read/Write CfgDNSRegisterRac Read/Write CfgDNSServer2 Read/Write CfgDNSServersFromDHCP Read/WriteCfgDNSServer1 Read/Write 187 CfgNicNetmask Read/Write CfgNicEnable Read/WriteCfgNicIpAddress Read/Write CfgNicUseDhcp Read/Write CfgCurrentLanNetworkingCfgNicGateway Read/Write CfgNicMacAddress Read Only CfgNicCurrentGateway Read Only CfgNicCurrentIpAddress Read OnlyCfgNicCurrentNetmask Read Only CfgNicCurrentDhcpWasUsed Read Only CfgDNSCurrentDomainName Read Only CfgRhostsSmtpEmailEnable Read/WriteCfgRemoteHosts CfgDNSCurrentServer1 Read Only CfgRhostsSmtpServerIpAddr Read/Write CfgRhostsFwUpdateTftpEnable Read/WriteCfgRhostsFwUpdateIpAddr Read/Write CfgUserAdminPrivilege Read/Write CfgUserAdminCfgRhostsFwUpdatePath Read/Write Legal Values Table B-1. Bit Masks for User Privileges CfgUserAdminUserName Read/WriteCfgUserAdminPassword Write Only CfgUserAdminEmailEnable Read/Write CfgUserAdminAlertFilterRacEventMask Read/WriteCfgUserAdminAlertFilterSysEventMask Read/Write 195 CfgUserAdminIndex Read Only CfgUserAdminEmailAddress Read/WriteCfgUserAdminEmailCustomMsg Read/Write CfgTraps CfgTrapsFilterRacEventMask Read/Write CfgTrapsEnable Read/WriteCfgTrapsSnmpCommunity Read/Write 197 CfgTrapsIndex Read Only CfgSessionManagementCfgTrapsFilterSysEventMask Read/Write CfgSsnMgtMaxSessionsPerUser Read/Write CfgSsnMgtSshIdleTimeout Read/WriteCfgSsnMgtMaxSessions Read/Write 199 CfgSerialBaudRate Read/Write CfgSerialConsoleEnable Read/WriteCfgSerial CfgSerialConsoleShellType Read/Write CfgSerialConsoleIdleTimeout Read/WriteCfgSerialConsoleQuitKey Read/Write 201 CfgSerialHistorySize Read/Write CfgSerialConsoleCommand Read/WriteCfgSerialConsoleNoAuth Read/Write CfgSerialCom2RedirEnable Read/Write CfgSerialSshEnable Read/WriteCfgSerialTelnetEnable Read/Write 203 CfgNetTuningNic100MB Read/Write CfgNetTuningCfgNetTuningNicAutoneg Read/Write CfgSerialTelnet7flsBackspace Read/Write CfgNetTuningIpTtl Read/Write CfgNetTuningNicFullDuplex Read/WriteCfgNetTuningNicMtu Read/Write Legal Values Integer from 1 to Default 0x40 CfgNetTuningTcpSrttDflt Read/Write CfgNetTuningIpReassTtl Read/WriteCfgNetTuningTcpSrttBase Read/Write Legal Values Integer from 6 to Default 0x6 206 CfgNetTuningTcpMsl Read/Write CfgNetTuningTcpReXmtMin Read/WriteCfgNetTuningTcpReXmtMax Read/Write 207 Where value is obtained from Table B-2 CfgNetTuningIpSubnetsAreLocal Read/WriteTuning the Drac 4 for Satellite Connectivity Ini files are used CfgOobSnmp CfgOobSnmpTrapsEnable Read/WriteLegal Values Boolean, either 1 or 0 True or False Default CfgOobSnmpAgentCommunity Read/Write Description =Disable, 1=Enable transmission of Snmp traps CfgRacTuningCfgOobSnmpAgentEnable Read/Write CfgRacTuneHttpPort Read/Write CfgRacTuneTelnetPort Read/Write CfgRacTuneHttpsPort Read/WriteCfgRacTuneSshPort Read/Write 211 Legal Values 115200, 57600, 19200, Default 212 CfgRacTuneFwUpdateResetDelay Read/WriteCfgRacTuneRemoteRacadmEnable Read/Write CfgRacTuneHostCom2BaudRate Read/Write IfcRacMnOsHostname Read/Write IfcRacManagedNodeOsCfgRacTuneConRedirPort Read/Write IfcRacMnOsOsName Read/Write CfgRacSecCsrCommonName Read/Write CfgRacSecurityIfcRacMnOsOsType Read Only CfgRacSecCsrOrganizationName Read/Write CfgRacSecCsrStateName Read/Write CfgRacSecCsrOrganizationUnit Read/WriteCfgRacSecCsrLocalityName Read/Write CfgRacSecCsrKeySize Read/Write CfgRacSecCsrCountryCode Read/WriteCfgRacSecCsrEmailAddr Read/Write Description CSR state CfgRacVirtual CfgVirMediaDisable Read/WriteLegal Values Or 0 True or False Default Description CfgFloppyEmulation Read/Write CfgVirAtapiSrvPort Read/Write CfgVirtualBootOnce Read/WriteCfgActiveDirectory CfgADRacDomain Read/Write CfgADRacName Read/Write CfgADEnable Read/WriteCfgADAuthTimeout Read/Write 219 CfgADRootDomain Read/Write Event Filter Operation and Event Mask PropertiesDrac 4-Generated Event Mask Definitions 220 221 System-Generated Alert Mask DefinitionsRacadm -g cfgTraps -o cfgTrapsFilterSysEventMask -i1 Miscmask StatMask Alert Filter Properties222 SenMask Alert Data Definitions Alert Test CommandsEmail Test Command Racadm testemail -i index Racadm testemail -u username Racadm testtrap -t -i trap index Trap Test CommandSynopsis 224 Abbreviation for compact disc Acronym for application programming interfaceOther characters Acronym for custom factory integration Abbreviation for Domain Name System Abbreviation for Dell Remote Access ControllerAbbreviation for Dynamic Domain Naming System Abbreviation for disk storage unit Abbreviation for light-emitting diode Abbreviation for international standards organizationAbbreviation for local area network Abbreviation for management information base RAM disk Abbreviation for remote access controllerAbbreviation for uninterruptible power supply Acronym for system event log 229 Index Drac 4, removing related applications and drivers 231 Index