Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 2.21 For Dell PowerEdge FX2

101

102

103

104

105

106

107

108

109

110

Role Group Default Privilege Level Permissions Granted Bit Mask

2 None

• CMC Login User

• Clear Logs Administrator

• Chassis Control Administrator (Power Commands)

• Server Administrator

• Test Alert User

• Fabric A Administrator

0x00000ed9

3 None CMC Login User 0x00000001

4 None No assigned permissions 0x00000000

5 None No assigned permissions 0x00000000

NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.

NOTE: For more information about user privileges, see Types of Users.

Configuring standard schema Active Directory

To configure CMC for an Active Directory login access:

1. On an Active Directory server (domain controller), open Active Directory Users and Computers Snap-in.

2. Using the CMC Web interface or RACADM:

a) Create a group or select an existing group.

b) Configure the role privileges.

3. Add the Active Directory user as a member of the Active Directory group to access CMC.

Extended schema Active Directory overview

Using the extended schema solution requires the Active Directory schema extension.

Configuring extended schema Active Directory

To configure Active Directory to access CMC:

1. Extend the Active Directory schema.

2. Extend the Active Directory Users and Computers Snap-in.

3. Add CMC users and their privileges to Active Directory.

4. Enable SSL on each of your domain controllers.

5. Configure CMC Active Directory properties using CMC web interface or RACADM.

Configuring generic LDAP users

CMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not

require any schema extension on your directory services.

A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires configuration on both LDAP

server and CMC. On the LDAP server, a standard group object is used as a role group. A user who has CMC access becomes a member

of the role group. Privileges are still stored on CMC for authorization similar to the working of the Standard Schema setup with Active

Directory support.

To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured on the specific

CMC card. You can configure a maximum of five role groups in each CMC. A user has the option to be added to multiple groups within the

directory service. If a user is a member of multiple groups, then the user obtains the privileges of all their groups.

104

Configuring user accounts and privileges