Dell Drac 5 User Guide

							Advanced Configuration of the DRAC 591
racadm config -g cfgLanNetworking -o cfgDNSRacName 
RAC-EK00002
racadm config -g cfgLanNetworking -o 
cfgDNSDomainNameFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSDomainName 
MYDOMAIN
 NOTE: If cfgNicEnable is set to 0, the DRAC 5 LAN is disabled even if DHCP is 
enabled.
DRAC Modes
The DRAC 5 can be configured in one of three modes:
•Dedicated
•Shared
• Shared with failover
Table 4-21 provides a description of each mode.
Table 4-21. DRAC 5 NIC Configurations
Mode Description
Dedicated The DRAC uses its own NIC (RJ-45 connector) and the BMC 
MAC address for network traffic.
Shared The DRAC uses Broadcom LOM1 on the planar.
Shared with 
failoverThe DRAC uses Broadcom LOM1 and LOM2 as a team for 
failover. The team uses the BMC MAC address. 
						

							92Advanced Configuration of the DRAC 5
Frequently Asked Questions
When accessing the DRAC 5 Web-based interface, I get a security warning 
stating the hostname of the SSL certificate does not match the hostname of 
the DRAC 5.
The DRAC 5 includes a default DRAC 5 server certificate to ensure network 
security for the Web-based interface and remote racadm features. When this 
certificate is used, the Web browser displays a security warning because the 
default certificate is issued to DRAC 5 default certificate which does not 
match the host name of the DRAC 5 (for example, the IP address). 
To address this security concern, upload a DRAC 5 server certificate issued to 
the IP address of the DRAC 5. When generating the certificate signing 
request (CSR) to be used for issuing the certificate, ensure that the common 
name (CN) of the CSR matches the IP address of the DRAC 5 (for example, 
192.168.0.120) or the registered DNS DRAC name.
To ensure that the CSR matches the registered DNS DRAC name:
1
In the System tree, click Remote Access.
2Click the Configuration tab and then click Network.
3In the Network Settings page:
aSelect the Register DRAC on DNS check box.
bIn the DNS DRAC Name field, enter the DRAC name.
4Click Apply Changes.
See Securing DRAC 5 Communications Using SSL and Digital Certificates 
on page 215 for more information about generating CSRs and issuing 
certificates.
Why are the remote racadm and Web-based services unavailable after a 
property change?
It may take a while for the remote RACADM services and the Web-based 
interface to become available after the DRAC 5 Web server resets.
The DRAC 5 Web server is reset after the following occurrences:
• When the network configuration or network security properties are 
changed using the DRAC 5 Web user interface
•When the 
cfgRacTuneHttpsPort property is changed (including when a 
config 
-f  changes it) 
						

							Advanced Configuration of the DRAC 593
•When racresetcfg is used
• When the DRAC 5 is reset
• When a new SSL server certificate is uploaded
Why doesn’t my DNS server register my DRAC 5?
Some DNS servers only register names of 31 characters or fewer.
When accessing the DRAC 5 Web-based interface, I get a security warning 
stating the SSL certificate was issued by a certificate authority (CA) that is 
not trusted.
DRAC 5 includes a default DRAC 5 server certificate to ensure network 
security for the Web-based interface and remote racadm features. This 
certificate was not issued by a trusted CA. To address this security concern, 
upload a DRAC 5 server certificate issued by a trusted CA (for example, 
Thawte or Verisign). See Securing DRAC 5 Communications Using SSL and 
Digital Certificates on page 215 for more information about issuing 
certificates. 
						

							94Advanced Configuration of the DRAC 5 
						

							Adding and Configuring DRAC 5 Users95
5
Adding and Configuring DRAC 5 
Users
To manage your system with the DRAC 5 and maintain system security, create 
unique users with specific administrative permissions (or role-based authority). 
For additional security, you can also configure alerts that are e-mailed to 
specific users when a specific system event occurs.
To add and configure DRAC 5 users:
 NOTE: You must have Configure DRAC 5 permission to perform the following steps.
1Expand the System tree and click Remote Access.
2Click the Configuration tab and then click Users.
The 
Users page appears, which includes each user’s State, User Name, RAC 
Privilege
, IPMI LAN Privilege, IPMI Serial Privilege and Serial Over LAN.
3In the User ID column, click a user ID number.
4On the User Main Menu page, you can configure users, upload a user 
certificate, view an existing user certificate, upload a trusted certification 
authority (CA) certificate, or view a trusted CA certificate.
If you select 
Configure User and click Next, the User Configuration page 
is displayed. See step 5 for more information.
See Table 5-1 if you select the options under the 
Smart Card 
Configuration
 section.
5In the User Configuration page, configure the user’s properties and privileges.
Table 5-2 describes the General settings for configuring a new or existing 
DRAC user name and password.
Ta b l e 5 - 3 describes the IPMI User Privileges for configuring the user’s 
LAN privileges. 
						

							96Adding and Configuring DRAC 5 Users
Ta b l e 5 - 4 describes the User Group Permissions for the IPMI User 
Privileges 
and the DRAC User Privileges settings.
Ta b l e 5 - 5 describes the DRAC Group permissions. If you add a DRAC 
User Privilege to the Administrator, Power User, or Guest User, the 
DRAC 
Group 
will change to the Custom group. 
6When completed, click Apply Changes.
7Click the appropriate User Configuration page button to continue. See 
Table 5-6.
Table 5-1. Options in the Smart Card Configuration section
Option Description
Upload User Certificate Enables you to upload the user certificate to DRAC and 
import it to the user profile.
View User Certificate Displays the user certificate page that has been 
uploaded to the DRAC.
Upload Trusted CA 
CertificateEnables you to upload the trusted CA certificate to 
DRAC and import it to the user profile.
View Trusted CA 
Certificate Displays the trusted CA certificate that has been 
uploaded to the DRAC. The trusted CA certificate is 
issued by the CA who is authorized to issue certificates 
to users. 
Table 5-2. General Properties 
Property Description
User IDSpecifies one of 16 preset User ID numbers. 
If you are editing information for user root, this field is 
static. You cannot edit the username for root.
Enable UserEnables the user to access the DRAC 5. When 
unchecked, the User Name cannot be changed.  
						

							Adding and Configuring DRAC 5 Users97
User Name Specifies a DRAC 5 user name with up to 16 characters. 
Each user must have a unique user name.
NOTE: User names on the local DRAC 5 cannot include 
the @ (at the rate) ,  (back slash) ,  (double quotes), / 
(forward slash), or . (period) characters.
NOTE: If the user name is changed, the new name will 
not appear in the user interface until the next user login. 
Change PasswordEnables the New Password and Confirm New Password 
fields. When unchecked, the user’s Password cannot be 
changed. 
New PasswordSpecifies or edits the DRAC 5 users password.
Confirm New Password Requires you to retype the DRAC 5 users password to 
confirm.
Table 5-3. IPMI User Privileges
Property Description
Maximum LAN User 
Privilege GrantedSpecifies the user’s maximum privilege on the IPMI 
LAN channel to one of the following user groups: 
Administrator, Operator, User, or None.
Maximum Serial Port 
User Privilege GrantedSpecifies the user’s maximum privilege on the IPMI 
Serial channel to one of the following: Administrator, 
Operator, User, or None.
Enable Serial Over LANAllows user to use IPMI Serial Over LAN. When 
checked, this privilege is enabled. Table 5-2. General Properties  
(continued)
Property Description 
						

							98Adding and Configuring DRAC 5 Users
Table 5-4. DRAC User Privileges
Property Description
DRAC GroupSpecifies the user’s maximum DRAC user privilege to 
one of the following: Administrator, Po w e r  U s e r, Guest 
User, None, or Custom.
See Table 5-5 for DRAC Group permissions.
Login to DRACEnables the user to log in to the DRAC.
Configure DRACEnables the user to configure the DRAC.
Configure UsersEnables the user to allow specific users to access the 
system.
Clear LogsEnables the user to clear the DRAC logs.
Execute Server Control 
CommandsEnables the user to execute racadm commands. 
Access Console 
RedirectionEnables the user to run Console Redirection.
Access Virtual MediaEnables the user to run and use Virtual Media.
Te s t  A l e r t sEnables the user to send test alerts (e-mail and PET) to 
a specific user. 
Execute Diagnostic 
CommandsEnables the user to run diagnostic commands.
Table 5-5. DRAC Group Permissions
User Group Permissions Granted
Administrator Login to DRAC, Configure DRAC, Configure Users, Clear 
Logs, Execute Server Control Commands, Access Console 
Redirection, Access Virtual Media, Te s t  A l e r t s, Execute 
Diagnostic Commands.
Power User Login to DRAC, Clear Logs, Execute Server Control 
Commands, Access Console Redirection, Access Virtual 
Media, Te s t  A l e r t s .
Guest User Login to DRAC. 
						

							Adding and Configuring DRAC 5 Users99
CustomSelects any combination of the following permissions: Login 
to DRAC, Configure DRAC, Configure Users, Clear Logs, 
Execute Server Action Commands, Access Console 
Redirection, Access Virtual Media, Te s t  A l e r t s, Execute 
Diagnostic Commands.
NoneNo assigned permissions.
Table 5-6. User Configuration Page Buttons
Button Action
PrintPrints the User Configuration page
RefreshReloads the User Configuration page
Go Back To Users 
Pa g eReturns to the Users Page.
Apply ChangesSaves the changes made to the network configuration.  Table 5-5. DRAC Group Permissions
User Group Permissions Granted 
						

							100Adding and Configuring DRAC 5 Users
Using the RACADM Utility to Configure 
DRAC 5 Users
 NOTE: You must be logged in as user root to execute RACADM commands on a 
remote Linux system. 
The DRAC 5 Web-based interface is the quickest way to configure a DRAC 5. 
If you prefer command-line or script configuration or need to configure 
multiple DRAC 5s, use RACADM, which is installed with the DRAC 5 
agents on the managed system.
To configure multiple DRAC 5s with identical configuration settings, 
perform one of the following procedures:
• Use the RACADM examples in this section as a guide to create a batch file 
of 
racadm commands and then execute the batch file on each 
managed system.
• Create the DRAC 5 configuration file as described in RACADM 
Subcommand Overview on page 295 and execute the 
racadm config 
subcommand on each managed system using the same configuration file.
Before You Begin
You can configure up to 16 users in the DRAC 5 property database. Before 
you manually enable a DRAC 5 user, verify if any current users exist. If you 
are configuring a new DRAC 5 or you ran the racadm racresetcfg command, 
the only current user is root with the password calvin. The racresetcfg 
subcommand resets the DRAC 5 to the original default values.
 CAUTION: Use caution when using the racresetcfg command, as all 
configuration parameters are reset to their default values. Any previous changes 
are lost.
 
NOTE: Users can be enabled and disabled over time. As a result, a user may have a 
different index number on each DRAC 5.