Users Guide
NOTE: Users can be enabled and disabled over time, and disabling a user does not delete the user from the database.
To verify if a user exists, open a Telnet/SSH text console to the CMC, log in, and then type the following command once for each
index of 1–16:
racadm getconfig -g cfgUserAdmin -i <index>
NOTE: You can also type racadm getconfig -f <myfile.cfg> and view or edit the myle.cfg le, which includes
all the CMC conguration parameters.
Several parameters and object IDs are displayed with their current values. Two objects of importance are:
# cfgUserAdminIndex=XX
cfgUserAdminUserName=
If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object,
is available for use. If a name is displayed after the "=", that index is taken by that user name.
When you manually enable or disable a user with the racadm config subcommand, you must specify the index with the -i option.
The "#" character in the command objects indicates that it is a read-only object. Also, if you use the racadm config -f
racadm.cfg command to specify any number of groups/objects to write, the index cannot be specied. A new user is added to
the rst available index. This behavior allows more exibility in conguring a second CMC with the same settings as the main CMC.
Conguring Active Directory users
If your company uses the Microsoft Active Directory software, you can congure the software to provide access to CMC, allowing
you to add and control CMC user privileges to your existing users in your directory service. This is a licensed feature.
NOTE: On the following Operating Systems, you can recognize the users of CMC users by using Active Directory.
• Microsoft Windows 2000
• Microsoft Windows Server 2003
• Microsoft Windows Server 2008
You can congure user authentication through Active Directory to log in to the CMC. You can also provide role-based authority,
which enables an administrator to congure specic privileges for each user.
Supported Active Directory authentication mechanisms
You can use Active Directory to dene CMC user access using two methods:
• Standard schema solution that uses Microsoft’s default Active Directory group objects only.
• Extended schema solution that has customized Active Directory objects provided by Dell. All the access control objects are
maintained in Active Directory. It provides maximum exibility to congure user access on dierent CMCs with varying privilege
levels.
Standard schema Active Directory overview
As shown in the following gure, using standard schema for Active Directory integration requires conguration on both Active
Directory and CMC.
In Active Directory, a standard group object is used as a role group. A user who has CMC access is a member of the role group. To
give this user access to a specic CMC card, the role group name and its domain name need to be congured on the specic CMC
card. The role and the privilege level is dened on each CMC card and not in the Active Directory. You can congure up to ve role
groups in each CMC. The following table shows the default role group privileges.
Table 20. : Default Role Group Privileges
Role Group Default Privilege Level Permissions Granted Bit Mask
1 None
• CMC Login User
• Chassis Conguration Administrator
0x00000f
101