Dell Remote Access Controller 5 Firmware Version 1.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. © 2011 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 DRAC 5 Overview . . . . . . . . . . . . . . . . . . . DRAC 5 Specifications and Features DRAC 5 Specifications 25 . . . . . . . . . . 26 . . . . . . . . . . . . . . . 26 DRAC 5 Standard Features . . . . . . . . . . . . . 29 Other Documents You May Need . . . . . . . . . . . . 30 2 Getting Started With the DRAC 5 . . . . . . 33 3 Basic Installation of the DRAC 5 . . . . . . . 35 . . . . . . . . . . . . . . . . . . . . 35 Before You Begin Installing the DRAC 5 Hardware .
Installing and Removing RACADM on a Linux Management Station . . . . . . . Installing RACADM . . . . . . 40 . . . . . . . . . . . . . . . . . 40 Updating the DRAC 5 Firmware Before You Begin . . . . . . . . . . . . . 40 . . . . . . . . . . . . . . . . . . 41 Downloading the DRAC 5 Firmware . . . . . . . . Updating the DRAC 5 Firmware Using the Web-Based Interface . . . . . . . . . . . Updating the DRAC 5 Firmware Using racadm . . . . . . . . . . . . . . . 41 . . . . . . . . . .
Using the connect com2 Serial Command . Configuring the BIOS Setup Program for a Serial Connection on the Managed System . . . . . . . . . . . . . . . 50 . . . . . . . 51 Using the Remote Access Serial Interface. Configuring Linux for Serial Console Redirection During Boot . . . . . . . . . . . 51 . . . . . . . 52 Enabling Login to the Console After Boot . . . . . 54 . . . . . . 57 . . . . . . . 58 Enabling the DRAC 5 Serial/Telnet/SSH Console . . . . . . . . . . . . . . . . .
Enabling Microsoft Telnet for Telnet Console Redirection . . . . . . . . . . . . . . . . 69 . . . . . . . . . . . . 70 . . . . . . . . . . . . . . 71 Using a Serial or Telnet Console Using the Secure Shell (SSH) Configuring the DRAC 5 Network Settings . . . . . . . 72 Accessing the DRAC 5 Through a Network . . . . . . . 73 . . . . . . . . . . . . . . . 75 Configuring the DRAC 5 NIC Configuring the Network and IPMI LAN Settings . . . . . . . . . . . . . . . . . 75 . . . . . . . . . . . .
5 Adding and Configuring DRAC 5 Users . . . . . . . . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . 100 . . . . . . . . . . . . . . . . . 100 Using the RACADM Utility to Configure DRAC 5 Users . . . Before You Begin . Adding a DRAC 5 User Removing a DRAC 5 User . Testing e-mail Alerting 6 101 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 . . . . . . . . . . . . . . . 103 Testing the RAC SNMP Trap Alert Feature . . . . .
Configuring Extended Schema Active Directory to Access Your DRAC 5. . . . . . . . . Extending the Active Directory Schema . . . . . Installing the Dell Extension to the Active Directory Users and Computers Snap-In . 123 Adding DRAC 5 Users and Privileges to Active Directory . . . . . . . . . . . . . . . . . . 124 Configuring the DRAC 5 With Extended Schema Active Directory and Web-Based Interface . . . . . . . . . . . . . . .
Using Active Directory to Log Into the DRAC 5 . . . . . 142 . . . . . . . . 143 Configuring the DRAC 5 to Use Single Sign-On . . . . . . . . . . . . . . . . . . . 143 Logging Into the DRAC 5 Using Single Sign-On . . . . . . . . . . . . . . . . . . . 143 . . . . . . . . . . . . . . 144 Using Active Directory Single Sign-On . Frequently Asked Questions . 7 Enabling Kerberos Authentication Prerequisites for Setting up Kerberos Authentication . . . . . . . . . . . . .
Configuring Active Directory Users for Smart Card Logon . . . . . . . . . . . Configuring Smart Card . . . . . . . . 155 . . . . . . . . . . . . . . . . 155 Logging Into the DRAC 5 Using the Smart Card . . . . . . . . . . . . . . . . . . . . . Logging Into the DRAC 5 Using Active Directory Smart Card Authentication . Troubleshooting the Smart Card Logon in DRAC 5 . . . . . . . . . . . . . . . . . 158 . . . . . . . . . . . 158 10 Using GUI Console Redirection . Overview . . . . . . . 161 . . .
Using and Configuring Virtual Media . . . . . . . Overview . . . . . . . . . . . . . . 183 . . . . . . . . . . . . . . . . . . . . . . . . Installing Virtual Media Browser Plug-In . . . . . . . . . . . . . . 185 185 . . . . . . . . . . . . . . . . . 186 Linux-Based Management Station . . . . . . 186 . . . . . . . . . 186 . . . . . . . . . . . 190 . . . . . . . . . . . . 192 Supported Virtual Media Configurations . Running Virtual Media Using the Web User Interface . . . . . . . .
Before You Begin . . . . . . . . . . . . . . . . . . . . Network Requirements . 202 . . . . . . . . . . . . . 202 Creating a Bootable Image File . . . . . . . . . . . . 203 . . . . . . . . . . . . 203 . . . . . . . . . . . . . . . 203 Creating an Image File for Windows Systems . . . . . . . . . . . . 203 . . . . . . . . . . . 204 . . . . . . . . . . . . . 205 Configuring the Remote Systems . Deploying the Operating System . Frequently Asked Questions . 12 Configuring Security Features .
Configuring the Network Security Settings Using the DRAC 5 GUI . . 13 Using the DRAC 5 SM-CLP Command Line Interface . . DRAC 5 SM-CLP Support . SM-CLP Features . . . . . . . . . . 233 . . . . . . . . . . . . . . . . 233 . . . . . . . . . . . . . . . . . . . . 233 Using SM-CLP . . . . . . . . . . . . . . . . . . . SM-CLP Management Operations and Targets . . . . . . . . . . . . Options 230 . . . . . . . . . 234 . . . . . . . . . 235 . . . . . . . . . . . . . . . . . . . . . . .
Monitoring and Alert Management . . . . . . . . . . . . . . . . . . . . . Configuring the Managed System to Capture the Last Crash Screen . . . . . . . . . . 257 . . . . . . . . 258 . . . . . . . . . . . . . 258 Disabling the Windows Automatic Reboot Option . . . . . . . . . . . Configuring Platform Events . . . . . . 259 . . . . . . . . . . . . . . . . . 261 Configuring Platform Event Filters (PEF) Configuring PET . Configuring E-Mail Alerts . Testing e-mail Alerting . . . . . . . . . .
Selecting Power Control Actions from the DRAC 5 GUI . . . . . . . . . . . . . . . . 278 . . . . . . . . . . . . . . 279 . . . . . . . . . . . . . . . 279 Viewing System Information . Main System Chassis . Remote Access Controller . . . . . . . . . . . 281 . . . . . . . . . . . . 282 Using the System Event Log (SEL) . Using the Command Line to View System Log . . . . . . Using the POST and Operating System Boot Capture Logs . . . . . . . . . . . 283 . . . . . . . . .
Power Supplies Probes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 . . . . . . . . . . . . . . . 292 . . . . . . . . . . . . . . . . 293 Hardware Performance Probes Power Monitoring Probes Graph Information. . . . . . . . . 293 . . . . . . . . . . . . . . . . . 294 . . . . . . . . . . . . . . . . . . 294 . . . . . . . . . . . . . . . . . . . . 294 Power Consumption Information . Power Statistics. Temperature Probes Voltage Probes . A RACADM Subcommand Overview . . . . .
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 setniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 314 getniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 315 getsvctag . . . . . . . . . . . . . . . . . . . . . . . . . 316 racdump . . . . . . . . . . . . . . . . . . . . . . . . . 317 racreset . . . . . . . . . . . . . . . . . . . . . . . . . 318 racresetcfg . . . . . . . . . . . . . . . . . . . . . . . . 319 serveraction . . . . . . . . . . . . . . . .
testtrap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 . . . . . . . . . . . . . . . . . . . . . . . . . 340 vmdisconnect vmkey . . . . . . . . . . . . . . . . . . . . . 340 . . . . . . . . . . . . . . . . . . . . . 342 usercertupload . usercertview . localConRedirDisable . . . . . . . . . . . . . . . . . B DRAC 5 Property Database Group and Object Definitions . idRacInfo . 345 . . . . . . . . . . . . . . . . 345 . . . . . . . . . . . . . .
cfgNicNetmask (Read/Write) . . . . . . . . . . . . 351 cfgNicGateway (Read/Write) . . . . . . . . . . . . 352 cfgNicUseDhcp (Read/Write) . . . . . . . . . . . 352 cfgNicSelection (Read/Write) . . . . . . . . . . . 353 cfgNicMacAddress (Read Only) . . . . . . . . . . 353 cfgNicVLanEnable (Read/Write) . . . . . . . . . . 354 . . . . . . . . . . . . 354 cfgNicVLanId (Read/Write) . cfgNicVLanPriority (Read/Write) . cfgRemoteHosts . . . . . . . . . 354 . . . . . . . . . . . . . . . . . .
cfgSsnMgtWebserverTimeout (Read/Write) . . . . . . . . . . . . . . . . . . . . . . . 364 . . . . . 365 . . . . . . . . . . . . . . . . . . . . . . . . 365 cfgSsnMgtSshIdleTimeout (Read/Write) . cfgSsnMgtTelnetTimeout (Read/Write) . cfgSerial cfgSerialBaudRate (Read/Write) . . . . . . . . . cfgSerialConsoleEnable (Read/Write) . . . . . . cfgSerialConsoleQuitKey (Read/Write) . . . . . . cfgSerialConsoleNoAuth (Read/Write) . 366 366 367 . . . . . 368 cfgSerialConsoleCommand (Read/Write) . .
cfgRacTuneIpRangeMask cfgRacTuneIpBlkEnable . . . . . . . . . . . . . 375 . . . . . . . . . . . . . . 375 cfgRacTuneIpBlkFailcount . . . . . . . . . . . . . 376 cfgRacTuneIpBlkFailWindow . . . . . . . . . . . . 376 cfgRacTuneIpBlkPenaltyTime . . . . . . . . . . . 377 cfgRacTuneSshPort (Read/Write) . . . . . . . . . 377 cfgRacTuneTelnetPort (Read/Write) . . . . . . . . 377 cfgRacTuneRemoteRacadmEnable (Read/Write) . . . . . . . . . . . . . . . . . . . .
cfgRacSecCsrLocalityName (Read/Write) cfgRacSecCsrStateName (Read/Write) . . . . 385 . . . . . 385 . . . . 386 . . . . . 386 . . . . . . . 386 . . . . . . . . . . . . . . . . . . . . . 387 cfgRacSecCsrCountryCode (Read/Write) cfgRacSecCsrEmailAddr (Read/Write) . cfgRacSecCsrKeySize (Read/Write) cfgRacVirtual . . . . . . . . 387 . . . . . . . . . 387 cfgVirMediaAttached (Read/Write) cfgVirAtapiSvrPort (Read/Write) cfgVirAtapiSvrPortSsl (Read/Write) . . . . . . . . . . . . .
cfgIpmiSerialFlowControl (Read/Write) cfgIpmiSerialHandshakeControl (Read/Write) . . . . . . . . . . . . . . . . 399 . . . . . . . . . . 400 cfgIpmiSerialLineEdit (Read/Write) . . . . . . . . cfgIpmiSerialEchoControl (Read/Write) . . . . . . 401 . . . . . . . . . 401 cfgIpmiSerialInputNewLineSequence (Read/Write) . . . . . . . . . . . . . . cfgIpmiSol . . . . . . 402 . . . . . . . . . . . . . . . . . . . . . . . . 402 cfgIpmiSolEnable (Read/Write). . . . . . . . . . .
cfgLogging 409 . . . . . . 409 C Supported RACADM Interfaces . . . . . . . 411 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Index 24 . . . . . . . . . . . . . . . . . . . . . . . cfgLoggingSELOEMEventFilterEnable (Read/Write) . . . . . . . . . . . . .
1 DRAC 5 Overview The Dell Remote Access Controller 5 (DRAC 5) is a systems management hardware and software solution designed to provide remote management capabilities, crashed system recovery, and power control functions for Dell systems. By communicating with the system’s baseboard management controller (BMC), the DRAC 5 (when installed) can be configured to send you e-mail alerts for warnings or errors related to voltages, temperatures, intrusion, and fan speeds.
DRAC 5 Specifications and Features Figure 1-1 shows the DRAC 5 hardware. Figure 1-1. DRAC 5 Hardware Features 44-pin MII cable connector 50-pin management cable connector RJ-45 Connector PCIe Connector DRAC 5 Specifications Power Specifications Table 1-1 lists the power requirements for the DRAC 5. Table 1-1. DRAC 5 Power Specifications System Power 1.2 A on +3.3 V AUX (maximum) 550 mA on +3.
The DRAC 5 includes one onboard 10/100 Mbps RJ-45 NIC, a 50-pin management cable, and a 44-pin MII cable. See Figure 1-1 for the DRAC 5 cable connectors. The 50-pin management cable is the main interface to the DRAC that provides connectivity to USB, serial, video, and an inter-integrated circuit (I2C) bus. The 44-pin MII cable connects the DRAC NIC to the system’s motherboard. The RJ-45 connector connects the DRAC NIC to an out-of-band connection when the DRAC 5 is configured in Dedicated NIC mode.
Table 1-3. DRAC 5 Client Ports Port Number Function 25 SMTP 53 DNS 68 DHCP-assigned IP address 69 TFTP 162 SNMP trap 636 LDAPS 3269 LDAPS for global catalog (GC) Supported Remote Access Connections Table 1-4 lists the connection features. Table 1-4.
DRAC 5 Standard Features The DRAC 5 provides the following features: • Two-factor authentication, which is provided by the Smart Card logon. The two-factor authentication is based on what the users have (the Smart Card) and what they know (the PIN). • User authentication through Microsoft Active Directory (optional) or hardware-stored user IDs and passwords. • Role-based authority, which enables an administrator to configure specific privileges for each user.
• IPMI support. • Standards-based management with IPMI over LAN and SM-CLP. • Sensors for monitoring power consumption. The DRAC 5 uses this data to depict system power consumption through charts and statistics. • Secure Sockets Layer (SSL) encryption — Provides secure remote system management through the Web-based interface. • Password-level security management — Prevents unauthorized access to a remote system.
• The Dell Systems Software Support Matrix provides information about the various Dell systems, the operating systems supported by these systems, and the Dell OpenManage components that can be installed on these systems. • The Glossary on the Dell support website provides information on terms used in this document.
DRAC 5 Overview
Getting Started With the DRAC 5 2 The DRAC 5 enables you to remotely monitor, troubleshoot, and repair a Dell system even when the system is down. The DRAC 5 offers a rich set of features like console redirection, virtual media, virtual KVM, Smart Card authentication, and so on. Management station is the system from where an administrator remotely manages a Dell system that is installed with a DRAC card. The systems that are thus monitored are called managed systems.
7 Use the standards-based management Server Management-Command Line Protocol (SM-CLP) to manage the systems on your network. 8 Configure alerts for efficient systems management capability. 9 Configure the DRAC 5 Intelligent Platform Management Interface (IPMI) settings to use the standards-based IPMI tools to manage the systems on your network.
Basic Installation of the DRAC 5 3 This section provides information about how to install and set up your DRAC 5 hardware and software.
Configuring Your System to Use a DRAC 5 To configure your system to use a DRAC 5, use the Dell Remote Access Configuration Utility (formerly known as the BMC Setup Module). To run the Dell Remote Access Configuration Utility: 1 Turn on or restart your system. 2 Press when prompted during POST. If your operating system begins to load before you press , allow the system to finish booting, and then restart your system and try again. 3 Configure the NIC.
4 Configure the network controller LAN parameters to use DHCP or a Static IP address source. a Using the down-arrow key, select LAN Parameters, and press . b Using the up-arrow and down-arrow keys, select IP Address Source. c Using the right-arrow and left-arrow keys, select DHCP or Static. d If you selected Static, configure the Ethernet IP Address, Subnet Mask, and Default Gateway settings. e Press . 5 Press . 6 Select Save Changes and Exit. The system automatically reboots.
Configuring Your DRAC 5 To configure your DRAC 5: 1 Select one of the following configuration tools: • Web-based interface • RACADM CLI • Serial/Telnet/SSH console CAUTION: Using more than one DRAC 5 configuration tool at the same time may generate unexpected results. 2 Configure the DRAC 5 network settings. See "Configuring DRAC 5 Properties" on page 47. 3 Add and configure DRAC 5 users. See "Adding and Configuring DRAC 5 Users" on page 95.
Managed system software installs your choices from the appropriate version of Dell OpenManage Server Administrator on the managed system. NOTE: Do not install the DRAC 5 management station software and the DRAC 5 managed system software on the same system. CAUTION: The latest DRAC firmware supports only the latest RACADM version. You may encounter errors if you use an older version of RACADM to query a DRAC with the latest firmware.
Installing and Removing RACADM on a Linux Management Station To use the remote RACADM functions, install RACADM on a management station running Linux. NOTE: When you run Setup on the Dell Systems Management Tools and Documentation DVD, the RACADM utility for all supported operating systems are installed on your management station. Installing RACADM 1 Log on as root to the system where you want to install the management station components.
Before You Begin Before you update your DRAC 5 firmware using local RACADM or the Dell Update Packages, perform the following procedures. Otherwise, the firmware update operation may fail. 1 Install and enable the appropriate IPMI and managed node drivers. 2 If your system is running a Windows operating system, enable and start the Windows Management Instrumentation (WMI) service. 3 If your system is running SUSE Linux Enterprise Server (version 10) for Intel EM64T, start the Raw service.
3 In the Firmware Update page in the Firmware Image field, type the path to the firmware image that you downloaded from support.dell.com or click Browse to navigate to the image. NOTE: If you are running Firefox, the text cursor does not appear in the Firmware Image field. For example: C:\Updates\V1.0\. The default firmware image name is firmimg.d5. 4 Click Update. The update may take several minutes to complete. When completed, a dialog box appears.
Updating the DRAC 5 Firmware Using Dell Update Packages for Supported Windows and Linux Operating Systems Download and run the Dell Update Packages for supported Windows and Linux operating systems from Dell Support website at support.dell.com. See the Dell Update Package User’s Guide for more information. Clearing the Browser Cache After the firmware upgrade, clear the Web browser cache. See your Web browser’s online help for more information.
List of Trusted Domains When you access the DRAC 5 Web-based interface through the Web browser, you are prompted to add the DRAC 5 IP address to the list of trusted domains if the IP address is missing from the list. When completed, click Refresh or relaunch the Web browser to reestablish a connection to the DRAC 5 Web-based interface. 32-bit and 64-bit Web Browsers The DRAC 5 Web-based interface is not supported on 64-bit Web browsers.
4 In the Add Language window, select a supported language. To select more than one language, press . 5 Select your preferred language and click Move Up to move the language to the top of the list. 6 Click OK. 7 In the Language Preference window, click OK. Linux If you are running Console Redirection on a Red Hat Enterprise Linux (version 4) client with a Simplified Chinese GUI, the viewer menu and title may appear in random characters.
5 In the file, apply the following changes: Current entry: LANG="zh_CN.GB18030" SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" Updated entry: LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" 6 Log out and then login to the operating system. 7 Relaunch the DRAC 5. When you switch from any other language to the Simplified Chinese language, ensure that this fix is still valid. If not, repeat this procedure.
Advanced Configuration of the DRAC 5 4 This section provides information about advanced DRAC 5 configuration and is recommended for users with advanced knowledge of systems management and who want to customize the DRAC environment to suit their specific needs. Before You Begin You should have completed the basic installation and setup of your DRAC 5 hardware and software. See "Basic Installation of the DRAC 5" on page 35 for more information.
Configuring the DRAC 5 Using the Web User Interface See your DRAC 5 online help for context sensitive information about each Web-based interface page. Accessing the Web-Based Interface To access the DRAC 5 Web-based interface: 1 Open a supported Web browser window. For a list of supported Web browsers, see the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals.
Logging In You can log in either as a DRAC 5 user or as a Microsoft Active Directory user. The default user name and password are root and calvin, respectively. Before you log in to the DRAC 5, verify that you have Log In to DRAC 5 permission. Speak to your organization’s DRAC or network administrator to confirm your access privileges. To log in: 1 In the User Name field, type one of the following: • Your DRAC 5 user name.
Logging Out 1 In the upper-right corner of the DRAC 5 Web-based interface window, click Log Out to close the session. 2 Close the browser window. NOTE: The Log Out button does not appear until you log in. NOTE: Closing the browser without gracefully logging out causes the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session remains active until the session timeout is reached.
Configuring the BIOS Setup Program for a Serial Connection on the Managed System Perform the following steps to configure your BIOS Setup program to redirect output to a serial port. NOTE: You must configure the System Setup program in conjunction with the connect com2 command. 1 Turn on or restart your system. 2 Press immediately after you see the following message: = System Setup 3 Scroll down and select Serial Communication by pressing .
To enable the RAC serial terminal interface, set the cfgSerialConsoleEnable property to 1 (TRUE). For example: racadm config -g cfgSerial -o cfgSerialConsoleEnable 1 See "cfgSerialConsoleEnable (Read/Write)" on page 366 for more information. Table 4-1 provides the serial interface settings. Table 4-1.
Table 4-2. Sample File: /etc/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes # to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, e.g. # root (hd0,0) # kernel /boot/vmlinuz-version ro root= /dev/sdal # initrd /boot/initrd-version.img # #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.
When you edit the /etc/grub.conf file, use the following guidelines: 1 Disable GRUB's graphical interface and use the text-based interface; otherwise, the GRUB screen will not be displayed in RAC console redirection. To disable the graphical interface, comment out the line starting with splashimage.
Table 4-3. Sample File: /etc/innitab # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel.
Table 4-3. Sample File: /etc/innitab (continued) # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly.
Table 4-4 shows a sample file with the new line. Table 4-4. Sample File: /etc/securetty vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Enabling the DRAC 5 Serial/Telnet/SSH Console The serial/telnet/ssh console can be enabled locally or remotely. Enabling the Serial/Telnet/SSH Console Locally NOTE: You (the current user) must have Configure DRAC 5 permission in order to perform the steps in this section.
Enabling the Serial/Telnet/SSH Console Remotely To enable the serial/telnet/ssh console remotely, type the following remote RACADM commands from a command prompt: racadm -u -p -r config -g cfgSerial -o cfgSerialConsoleEnable 1 racadm -u -p -r config -g cfgSerial -o cfgSerialTelnetEnable 1 racadm -u -p -r config -g cfgSerial -o cfgSerialSshEnable 1 NOTE: When you use Internet Explore
Using RACADM Remotely To use RACADM commands remotely, type the following command from a command prompt on a management station: racadm -u -p -r config -g -o Ensure that your web server is configured with a DRAC 5 card before you use RACADM remotely. Otherwise, RACADM times out and the following message appears: Unable to connect to RAC at specified IP address.
Configuring the Telnet Port Number Type the following command to change the telnet port number on the DRAC 5. racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort Using a Serial or Telnet Console You can run the serial commands in Table 4-19 remotely using RACADM or from the serial/telnet/ssh console command prompt.
The connect -h com2 command displays the contents of the serial history buffer before waiting for input from the keyboard or new characters from the serial port. NOTE: When using the -h option, the client and server terminal emulation type (ANSI or VT100) must be identical; otherwise, the output may be garbled. Additionally, set the client terminal row to 25. The default (and maximum) size of the history buffer is 8192 characters.
Table 4-6. IPMI Serial Settings (continued) Setting Description Flow Control • None — Hardware Flow Control Off • RTS/CTS — Hardware Flow Control On Channel Privilege Level Limit • Administrator • Operator • User Table 4-7. RAC Serial Settings Setting Description Enabled Enables or disables the RAC serial console. Checked= Enabled; Unchecked=Disabled Maximum Sessions The maximum number of simultaneous sessions allowed for this system.
Table 4-8. Serial Configuration Page Settings Button Description Print Print the Serial Configuration page. Refresh Refresh the Serial Configuration page. Apply Changes Apply the IPMI and RAC serial changes. Terminal Mode Settings Opens the Terminal Mode Settings page. Configuring Terminal Mode 1 Expand the System tree and click Remote Access. 2 Click the Configuration tab and then click Serial. 3 In the Serial Configuration page, click Terminal Mode Settings.
Table 4-10. Terminal Mode Settings Page Buttons Button Description Print Print the Terminal Mode Settings page. Refresh Refresh the Terminal Mode Settings page. Go Back to Serial Port Return to the Serial Port Configuration page. Configuration Apply Changes Apply the terminal mode settings changes.
Connecting the DB-9 or Null Modem Cable for the Serial Console To access the managed system using a serial text console, connect a DB-9 null modem cable to the COM port on the managed system. Not all DB-9 cables carry the pinout/signals necessary for this connection. The DB-9 cable for this connection must conform to the specification shown in Table 4-11. NOTE: The DB-9 cable can also be used for BIOS text console redirection. Table 4-11.
Configuring Linux Minicom for Serial Console Emulation Minicom is the serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly but require the same basic settings. Use the information in "Required Minicom Settings for Serial Console Emulation" on page 67 to configure other versions of Minicom. Configuring Minicom Version 2.
16 At the command shell prompt, type minicom . 17 To expand the Minicom window to 80 x 25, drag the corner of the window. 18 Press , , to exit Minicom. NOTE: If you are using Minicom for serial text console redirection to configure the managed system BIOS, it is recommended to turn on color in Minicom. To turn on color, type the following command: minicom -c on Ensure that the Minicom window displays a command prompt such as [DRAC 5\root]#.
3 Next to Connect using:, select the COM port on the management station (for example, COM2) to which you have connected the DB-9 null modem cable and click OK. 4 Configure the COM port settings as shown in Table 4-13. 5 Click OK. 6 Click File Properties, and then click the Settings tab. 7 Set the Telnet terminal ID: to ANSI. 8 Click Terminal Setup and set Screen Rows to 26. 9 Set Columns to 80 and click OK. Table 4-13.
To run telnet with Linux: 1 Start a new Xterm session. At the command prompt, type xterm & 2 Click on the lower right-hand corner of the XTerm window and resize the window to 80 x 25. 3 Connect to the DRAC 5 in the managed system. At the Xterm prompt, type telnet Enabling Microsoft Telnet for Telnet Console Redirection NOTE: Some telnet clients on Microsoft operating systems may not display the BIOS setup screen correctly when BIOS console redirection is set for VT100 emulation.
3 At the prompt, type: set bsasdel The following message appears: Backspace will be sent as delete. To configure a Linux telnet session to use the key: 1 Open a command prompt and type: stty erase ^h 2 At the prompt, type: telnet Using a Serial or Telnet Console Serial and telnet commands, and RACADM CLI can be typed in a serial or telnet console and executed on the server locally or remotely. The local RACADM CLI is installed for use by a root user only.
Using the Secure Shell (SSH) It is critical that your system’s devices and device management are secure. Embedded connected devices are the core of many business processes. If these devices are compromised, your business may be at risk, which requires new security demands for command line interface (CLI) device management software. Secure Shell (SSH) is a command line session that includes the same capabilities as a telnet session, but with improved security.
Table 4-14. Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST specification Symmetric Cryptography • AES256-CBC • RIJNDAEL256-CBC • AES192-CBC • RIJNDAEL192-CBC • AES128-CBC • RIJNDAEL128-CBC • BLOWFISH-128-CBC • 3DES-192-CBC • ARCFOUR-128 Message Integrity • HMAC-SHA1-160 • HMAC-SHA1-96 • HMAC-MD5-128 • HMAC-MD5-96 Authentication • Password NOTE: SSHv1 is not supported.
Accessing the DRAC 5 Through a Network After you configure the DRAC 5, you can remotely access the managed system using one of the following interfaces: • Web-based interface • RACADM • Telnet Console • SSH • IPMI Table 4-15 describes each DRAC 5 interface. Table 4-15. DRAC 5 Interfaces Interface Description Web-based interface Provides remote access to the DRAC 5 using a graphical user interface.
Table 4-15. DRAC 5 Interfaces (continued) Interface Description Telnet Console Provides access through the DRAC 5 to the server RAC port and hardware management interfaces through the DRAC 5 NIC and provides support for serial and RACADM commands including powerdown, powerup, powercycle, and hardreset commands. NOTE: Telnet is an unsecure protocol that transmits all data— including passwords—in plain text. When transmitting sensitive information, use the SSH interface.
Configuring the DRAC 5 NIC Configuring the Network and IPMI LAN Settings NOTE: You must have Configure DRAC 5 permission to perform the following steps. NOTE: Most DHCP servers require a server to store a client identifier token in its reservations table. The client (DRAC 5, for example) must provide this token during DHCP negotiation. For RACs, the DRAC 5 supplies the client identifier option using a one-byte interface number (0) followed by a six-byte MAC address.
Table 4-16. Network Settings (continued) Setting Description Use DHCP (For Enables Dell OpenManage Server Administrator to obtain the NIC IP DRAC 5 NIC IP address from the Dynamic Host Configuration Address) Protocol (DHCP) server. Selecting the check box deactivates the Static IP Address, Static Gateway, and Static Subnet Mask controls. The default setting is Disabled. Static IP Address Specifies or edits the static IP address for the DRAC 5 NIC.
Network Settings (continued) Table 4-16. Setting Description DNS Domain Name The default DNS domain name is MYDOMAIN. When the Use DHCP for DNS Domain Name check box is selected, this option is grayed out and you cannot modify this field. Auto Negotiation Determines whether the DRAC 5 automatically sets the Duplex Mode and Network Speed by communicating with the nearest router or hub (On) or allows you to set the Duplex Mode and Network Speed manually (Off).
Table 4-18. Network Configuration Page Buttons Button Description Print Prints the Network Configuration page Refresh Reloads the Network Configuration page Advanced Settings Displays the Network Security page. Apply Changes Saves the changes made to the network configuration. NOTE: Changes to the NIC IP address settings will close all user sessions and require users to reconnect to the DRAC 5 Webbased interface using the updated IP address settings.
racadm continues to execute the command. However, if you use the –S option, racadm stops executing the command and displays the following message: Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Racadm not continuing execution of the command. EORROR: Unable to connect to RAC at specified IP address NOTE: The racadm remote capability is supported only on management stations.
RACADM Options Table 4-19 lists the options for the racadm command. Table 4-19. racadm Command Options Option Description -r Specifies the controller’s remote IP address. -r : Use : if the DRAC 5 port number is not the default port (443) -i Instructs racadm to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction.
RACADM Subcommands Table 4-20 provides a description of each racadm subcommand that you can run in RACADM. For a detailed listing of racadm subcommands including syntax and valid entries, see "RACADM Subcommand Overview" on page 295. When entering a RACADM subcommand, prefix the command with racadm. For example: racadm help Table 4-20. RACADM Subcommands Command Description help Lists DRAC 5 subcommands. help Lists usage statement for the specified subcommand.
Table 4-20. RACADM Subcommands (continued) Command Description getsvctag Displays service tags. racdump Dumps DRAC 5 status and state information for debug. racreset Resets the DRAC 5. racresetcfg Resets the DRAC 5 to the default configuration. serveraction Performs power management operations on the managed system. getraclog Displays the RAC log. clrsel Clears the System Event Log entries. gettracelog Displays the DRAC 5 trace log.
Frequently Asked Questions About RACADM Error Messages After performing a DRAC 5 reset (using the racadm racreset command), I issue a command and the following message is displayed: racadm Transport: ERROR: (RC=-1) What does this message mean? You must wait until the DRAC 5 completes the reset before issuing another command. When I use the racadm commands and subcommands, I get errors that I don’t understand.
To configure multiple DRAC 5 cards, perform the following procedures: 1 Use RACADM to query the target DRAC 5 that contains the appropriate configuration. NOTE: The generated .cfg file does not contain user passwords. Open a command prompt and type: racadm getconfig -f myfile.cfg NOTE: Redirecting the RAC configuration to a file using getconfig -f is only supported with the local and remote RACADM interfaces. 2 Modify the configuration file using a simple text editor (optional).
The initial configuration file, racadm.cfg, is named by the user. In the following example, the configuration file is named myfile.cfg. To create this file, type the following at the command prompt: racadm getconfig -f myfile.cfg CAUTION: It is recommended that you edit this file with a simple text editor. The racadm utility uses an ASCII text parser, which does not recognize any kind of formatting and can corrupt the RACADM database.
Use the following guidelines when you create a .cfg file: • If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes. The parser reads in all of the indexes from the DRAC 5 for that group. Any objects within that group are simple modifications when the DRAC 5 is configured. If a modified object represents a new index, the index is created on the DRAC 5 during configuration. • You cannot specify an index of your choice in a .cfg file.
Parsing Rules • All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' character in any other column is treated as a '#' character. Some modem parameters may include # characters in its string. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f .cfg command, and then perform a racadm config -f .cfg command to a different DRAC 5, without adding escape characters.
• All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the '=' is taken as is (for example, a second '=', or a '#', '[', ']', and so forth). These characters are valid modem chat script characters. See the example in the previous bullet. • The .cfg parser ignores an index object entry.
If you type racadm getconfig -f .cfg, the command builds a .cfg file for the current DRAC 5 configuration. This configuration file can be used as an example and as a starting point for your unique .cfg file. Modifying the DRAC 5 IP Address When you modify the DRAC 5 IP address in the configuration file, remove all unnecessary =value entries. Only the actual variable group’s label with "[" and "]" remains, including the two =value entries pertaining to the IP address change.
Use this file to download company-wide changes or to configure new systems over the network. NOTE: "Anchor" is an internal term and should not be used in the file.
racadm config -g cfgLanNetworking -o cfgDNSRacName RAC-EK00002 racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN NOTE: If cfgNicEnable is set to 0, the DRAC 5 LAN is disabled even if DHCP is enabled. DRAC Modes The DRAC 5 can be configured in one of three modes: • Dedicated • Shared • Shared with failover Table 4-21 provides a description of each mode. Table 4-21.
Frequently Asked Questions When accessing the DRAC 5 Web-based interface, I get a security warning stating the hostname of the SSL certificate does not match the hostname of the DRAC 5. The DRAC 5 includes a default DRAC 5 server certificate to ensure network security for the Web-based interface and remote racadm features.
• When racresetcfg is used • When the DRAC 5 is reset • When a new SSL server certificate is uploaded Why doesn’t my DNS server register my DRAC 5? Some DNS servers only register names of 31 characters or fewer. When accessing the DRAC 5 Web-based interface, I get a security warning stating the SSL certificate was issued by a certificate authority (CA) that is not trusted.
Advanced Configuration of the DRAC 5
Adding and Configuring DRAC 5 Users 5 To manage your system with the DRAC 5 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. To add and configure DRAC 5 users: NOTE: You must have Configure DRAC 5 permission to perform the following steps. 1 Expand the System tree and click Remote Access.
Table 5-4 describes the User Group Permissions for the IPMI User Privileges and the DRAC User Privileges settings. Table 5-5 describes the DRAC Group permissions. If you add a DRAC User Privilege to the Administrator, Power User, or Guest User, the DRAC Group will change to the Custom group. 6 When completed, click Apply Changes. 7 Click the appropriate User Configuration page button to continue. See Table 5-6. Table 5-1.
Table 5-2. General Properties (continued) Property Description User Name Specifies a DRAC 5 user name with up to 16 characters. Each user must have a unique user name. NOTE: User names on the local DRAC 5 cannot include the @ (at the rate) , \ (back slash) , " (double quotes), / (forward slash), or . (period) characters. NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login.
Table 5-4. DRAC User Privileges Property Description DRAC Group Specifies the user’s maximum DRAC user privilege to one of the following: Administrator, Power User, Guest User, None, or Custom. See Table 5-5 for DRAC Group permissions. Login to DRAC Enables the user to log in to the DRAC. Configure DRAC Enables the user to configure the DRAC. Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear the DRAC logs.
Table 5-5. DRAC Group Permissions User Group Permissions Granted Custom Selects any combination of the following permissions: Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands. None No assigned permissions. Table 5-6.
Using the RACADM Utility to Configure DRAC 5 Users NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. The DRAC 5 Web-based interface is the quickest way to configure a DRAC 5. If you prefer command-line or script configuration or need to configure multiple DRAC 5s, use RACADM, which is installed with the DRAC 5 agents on the managed system.
To verify if a user exists, type the following command at the command prompt: racadm getconfig -u OR type the following command once for each index of 1–16: racadm getconfig -g cfgUserAdmin -i NOTE: You can also type racadm getconfig -f and view or edit the myfile.cfg file, which includes all DRAC 5 configuration parameters. Several parameters and object IDs are displayed with their current values.
Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.
Testing e-mail Alerting The RAC e-mail alerting feature allows users to receive e-mail alerts when a critical event occurs on the managed system. The following example shows how to test the e-mail alerting feature to ensure that the RAC can properly send out e-mail alerts across the network. racadm testemail -i 2 NOTE: Ensure that the SMTP and Email Alert settings are configured before testing the e-mail alerting feature. See "Configuring E-Mail Alerts" on page 263 for more information.
Adding and Configuring DRAC 5 Users
6 Using the DRAC 5 With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, etc. on a network. If your company already uses the Microsoft Active Directory service software, you can configure the software to provide access to the DRAC 5, allowing you to add and control DRAC 5 user privileges to your existing users in your Active Directory software.
Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on the DRAC 5 through two methods: you can use a standard schema solution, which uses Active Directory group objects only or you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. For more information about these solutions, see the sections below.
Figure 6-1. Configuration of DRAC 5 with Microsoft Active Directory and Standard Schema Configuration on DRAC 5 Side Configuration on Active Directory Side Role Group Name and Domain Name Role Group Role Definition User Table 6-1.
Table 6-1. Default Role Group Privileges (continued) Role Groups Default Permissions Granted Privilege Level Bit Mask Role Group 3 Guest User Login to DRAC 0x00000001 Role Group 4 None No assigned permissions 0x00000000 Role Group 5 None No assigned permissions 0x00000000 NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM. There are two ways to enable Standard Schema Active Directory: • With the DRAC 5 web-based user interface.
Configuring the DRAC 5 With Standard Schema Active Directory and Web-Based Interface 1 Open a supported Web browser window. 2 Log in to the DRAC 5 Web-based interface. 3 Expand the System tree and click Remote Access. 4 Click the Configuration tab and select Active Directory. 5 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name.
14 Click Go Back To Active Directory Configuration and Management. 15 Click Go Back To Active Directory Main Menu. 16 Upload your domain forest Root CA certificate into the DRAC 5. a Select the Upload Active Directory CA Certificate check-box and then click Next. b In the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading.
Configuring the DRAC 5 With Standard Schema Active Directory and RACADM Using the following commands to configure the DRAC 5 Active Directory Feature with Standard Schema using the RACADM CLI instead of the Web-based interface.
Instead of DRAC 5 searching for Active Directory servers, you can specify the servers DRAC 5 needs to connect to, to authenticate the user. See "Specify Server for Active Directory Configuration" on page 131 for information on RACADM commands to specify servers. Extended Schema Active Directory Overview There are two ways to enable Extended Schema Active Directory: • With the DRAC 5 web-based user interface.
The Active Directory OID database maintained by Microsoft can be viewed at http://msdn.microsoft.com/certification/ADAcctInfo.asp by entering our extension Dell. Overview of the RAC Schema Extensions To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of properties that can be configured by the user depending on the desired results. Dell has extended the schema to include an Association, Device, and Privilege property.
Figure 6-2. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC4 Privilege Object NOTE: The RAC privilege object applies to both DRAC 4 and DRAC 5. You can create as many or as few association objects as required.
When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local Groups and will not work with Universal Groups from other domains. Figure 6-3.
See "Adding DRAC 5 Users and Privileges to Active Directory" on page 124 for detailed instructions. Figure 6-4 provides an example of Active Directory objects in multiple domains. In this scenario, you have two DRAC 5 cards (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2.
4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges. 5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1. 7 Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RAC2 as RAC Devices in AO2.
You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema.
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the DRAC 5 device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 FALSE List of dellRacDevices Objects Distinguished Name (LDAPTYPE_DN that belong to this role. This 1.3.6.1.4.1.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers snap-in so the administrator can manage RAC (DRAC 5) devices, Users and User Groups, RAC Associations, and RAC Privileges.
4 Select the Active Directory Users and Computers snap-in and click Add. 5 Click Close and click OK. Adding DRAC 5 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers snap-in, you can add DRAC 5 users and privileges by creating RAC, Association, and Privilege objects.
6 Right-click the privilege object that you created, and select Properties. 7 Click the RAC Privileges tab and select the privileges that you want the user to have (for more information, see Table 5-4). Creating an Association Object The Association Object is derived from a Group and must contain a Group Type. The Association Scope specifies the Security Group Type for the Association Object.
Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to a RAC device. Only one privilege object can be added to an Association Object. Adding Privileges 1 Select the Privileges Object tab and click Add. 2 Type the Privilege Object name and click OK. Click the Products tab to add one or more RAC devices to the association.
8 In the Extended Schema Settings section: a Type the DRAC Name. This name must be the same as the common name of the new RAC object you created in your Domain Controller (see step 3 of "Creating a RAC Device Object" on page 124). b Type the DRAC Domain Name (for example, drac5.com). Do not use the NetBIOS name. The DRAC Domain Name is the fully qualified domain name of the sub-domain where the RAC Device Object is located. 9 Click Apply to save the Active Directory settings.
15 If Use DHCP (for NIC IP Address) is selected under Network Settings, then select Use DHCP to obtain DNS server address. To manually input a DNS server IP address, deselect Use DHCP to obtain DNS server addresses and type your primary and alternate DNS server IP addresses. 16 Click Apply Changes. The DRAC 5 Extended Schema Active Directory feature configuration is complete.
3 If DHCP is disabled on the DRAC 5 or you want to input your DNS IP address, type following racadm commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 Press Enter to complete the DRAC 5 Active Directory feature configuration.
Figure 6-5. Privilege Accumulation for a User A02 A01 Group1 User1 User2 Priv2 Priv1 User1 RAC1 RAC2 The figure shows two Association Objects—A01 and A02. These Association Objects may be part of the same or different domains. User1 is associated to RAC1 and RAC2 through both association objects. Therefore, User1 has accumulated privileges that results when combining the Privileges set for objects Priv1 and Priv2.
Specify Server for Active Directory Configuration If you want to specify an LDAP, Global Catalog server, or Association Object (applicable only for Extended Schema) domain instead of using the servers returned by the DNS server to search for a user name, type the following command to enable the Specify Server option: racadm config -g cfgActive Directory -o cfgADSpecifyServer Enable 1 NOTE: If you use this option, the hostname in the CA certificate is not matched against the name of the specified server.
To specify the Association Object, ensure that you also provide the IP or FQDN of the Global Catalog. NOTE: If you specify the IP address as 0.0.0.0, DRAC 5 will not search for any server. You can specify a list of LDAP, Global Catalog servers, or Association Objects separated by commas. DRAC 5 allows you to specify up to four IP addresses or hostnames.
Configuring and Managing Active Directory Certificates To access the Active Directory Main Menu: 1 Expand the System tree and click Remote Access. 2 Click the Configuration tab and click Active Directory. Table 6-9 lists the Active Directory Main Menu page options. Table 6-9.
4 Click the appropriate Active Directory Configuration page button to continue. See Table 6-11. 5 To configure the Role Groups for Active Directory Standard Schema, click on the individual Role Group (1-5). See Table 6-12 and Table 6-13. NOTE: To save the settings on the Active Directory Configuration and Management page, you have to click Apply before proceeding to the Custom Role Group page. Table 6-10.
Table 6-10. Active Directory Configuration and Management Page Settings (continued) Setting Description Role Groups The list of role groups associated with the DRAC 5 card. To change the settings for a role group, click their role group number, in the role groups list. The Configure Role Group window displays. NOTE: If you click on the role group link prior to applying the settings for the Active Directory Configuration and Management page, you will lose these settings.
Table 6-12. Role Group Privileges (continued) Setting Description Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear the DRAC logs. Execute Server Control Commands Enables the user to execute racadm commands. Access Console Redirection Enables the user to run Console Redirection. Access Virtual Media Enables the user to run and use Virtual Media. Test Alerts Enables the user to send test alerts (e-mail and PET) to a specific user.
Uploading an Active Directory CA Certificate 1 In the Active Directory Main Menu page, select Upload Active Directory CA Certificate and click Next. 2 In the Certificate Upload page, in the File Path field, type the file path of the certificate or click Browse to navigate to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.
Table 6-14. Active Directory CA Certificate Information (continued) Field Description Valid From Certificate issue date. Valid To Certificate expiration date. Enabling SSL on a Domain Controller When the DRAC 5 authenticates users against an Active Directory domain controller, it starts an SSL session with the domain controller. At this time, the domain controller should publish a certificate signed by the Certificate Authority (CA)—the root certificate of which is also uploaded into the DRAC 5.
4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 machines) and select Add/Remove Snap-in. 5 In the Add/Remove Snap-In window, click Add. 6 In the Standalone Snap-In window, select Certificates and click Add. 7 Select Computer account and click Next. 8 Select Local Computer and click Finish. 9 Click OK. 10 In the Console 1 window, expand the Certificates folder, expand the Personal folder, and click the Certificates folder.
f g In the Certificate Upload screen, perform one of the following procedures: • Click Browse and select the certificate • In the Value field, type the path to the certificate. Click Apply. Importing the DRAC 5 Firmware SSL Certificate NOTE: If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload the DRAC 5 Server certificate to the Active Directory Domain controller as well.
5 Click Next and select whether you would like Windows to automatically select the certificate store based on the type of certificate, or browse to a store of your choice. 6 Click Finish and click OK. Setting the SSL Time on the DRAC 5 When the DRAC 5 authenticates an Active Directory user, the DRAC 5 also verifies the certificate published by the Active Directory server to ensure that the DRAC is communicating with an authorized Active Directory server.
DRAC 5 Active Directory supports multiple domain environments provided the domain forest function level is Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups. NOTE: The Association Object and the Privilege Object must be in the same domain. The Dell-extended Active Directory Users and Computers snap-in forces you to create these two objects in the same domain.
Using Active Directory Single Sign-On You can enable the DRAC 5 to use Kerberos—a network authentication protocol—to enable single sign-on and log into the DRAC 5. For more information on setting up the DRAC 5 to use the Active Directory Single Sign-On feature, see "Enabling Kerberos Authentication" on page 147. Configuring the DRAC 5 to Use Single Sign-On 1 Navigate to Remote Access Configuration tab Active Directory subtabselectConfigure Active Directory.
Frequently Asked Questions Are there any restrictions on Domain Controller SSL configuration? Yes. All Active Directory servers’ SSL certificates in the forest must be signed by the same root CA since DRAC 5 only allows uploading one trusted CA SSL certificate. I created and uploaded a new RAC certificate and now the Web-based interface does not launch.
e Ensure that your DRAC Name, Root Domain Name, and DRAC Domain Name match your Active Directory environment configuration. f Ensure that the DRAC 5 password has a maximum of 127 characters. While the DRAC 5 can support passwords of up to 256 characters, Active Directory only supports passwords that have a maximum length of 127 characters. SSO login fails with Active Directory users on Windows 7 operating systems. What should I do to resolve this? You must enable the encryption types for Windows 7.
Perform the following additional settings for extended schema: 1 Go to Start and run regedit. The Registry Editor window is displayed. 2 Navigate to HKEY_LOCAL_MACHINESystem CurrentControlSetControlLSA. 3 In the right-pane, right-click and select NewDWORD (32-bit) Value. 4 Name the new key as SuppressExtendedProtection. 5 Right-click SuppressExtendedProtection and click Modify. 6 In the Value data field, type 1 and click OK. 7 Close the Registry Editor window.
7 Enabling Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 use Kerberos as their default authentication method. Starting with DRAC 5 version 1.
c Select Register DRAC on DNS. d Provide a valid DNS Domain Name. NOTE: Ensure that the DNS name is resolved by the DNS server. See the DRAC 5 Online Help for more information. • Synchronize the DRAC 5 time settings with that of the Active Directory Domain Controller. Kerberos authentication on DRAC 5 fails if the DRAC time differs from the Domain Controller time. A maximum offset of 5 minutes is allowed.
e Start a command prompt, and then type the following command: C:\>ktpass -princ HOST/dracname.domainname.com@DOMAIN-NAME.COM -mapuser account crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL pass password -out c:\krbkeytab where: f • dracname is the DRAC 5’s DNS name. • domain-name is the Active Directory domain name with which you want to authenticate. It should be replaced by the actual domain name in capital letters.
Configuring DRAC 5 for Kerberos Authentication Upload the keytab obtained from the Active Directory root domain, to the DRAC 5: 1 Navigate to Remote Access Configuration tab Active Directory subtab. 2 Select Upload Kerberos Keytab and click Next. 3 On the Kerberos Keytab Upload page, select the keytab file to upload and click Apply.
Enabling Single Sign-On 8 Single Sign-On allows you to log into the DRAC without providing your credentials, after you have logged into the operating system using a valid Active Directory account. In this case, DRAC uses the credentials cached in the operating system. DRAC uses Kerberos, a network authentication protocol, for single sign-on. Prerequisites for Setting up Single Sign-On • Configure DRAC 5 for Active Directory login.
Logging Into DRAC 5 Using Single Sign-On NOTE: To log into the DRAC 5, ensure that you have the latest runtime components of Microsoft Visual C++ 2005 Libraries. For more information, see the Microsoft website. 1 Log into your system using a valid Active Directory account. 2 Type the web address of the DRAC 5 in the address bar of your browser. NOTE: Depending on your browser settings, you may be prompted to download and install the Single Sign-On ActiveX plug-in when using this feature for the first time.
Configuring Smart Card Authentication 9 The Dell Remote Access Controller 5 (DRAC 5) version 1.30 and later support the two-factor-authentication for logging into the DRAC 5 Web interface. This support is provided by the Smart Card Logon feature on the DRAC 5. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security.
When you select Enable with Remote Racadm, all CLI out-of-band interfaces, except remote racadm, are disabled. NOTE: Dell recommends that the DRAC 5 administrator use the Enable with Remote Racadm setting only to access the DRAC 5 user interface to run scripts using the remote racadm commands. If the administrator does not need to use the remote racadm, Dell recommends the Enabled setting for Smart Card logon.
For example, in case the Smart Card certificate has been issued to the user, "sampleuser@domain.com," the username should be configured as "sampleuser." Configuring Active Directory Users for Smart Card Logon To configure the Active Directory users to log into the DRAC 5 using the Smart Card, the DRAC 5 administrator should configure the DNS server, upload the Active Directory CA certificate to the DRAC 5, and enable the Active Directory logon.
Table 9-1. Smart Card Settings Setting Description Configure Smart Card • Disabled — Disables Smart Card logon. Subsequent logins Logon from the graphical user interface (GUI) display the regular login page. All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM are set to their default state. • Enabled — Enables Smart Card logon.
Logging Into the DRAC 5 Using the Smart Card The DRAC 5 Web interface displays the Smart Card login page if you have enabled the Smart Card Logon feature. NOTE: Ensure that the DRAC 5 local user and/or Active Directory configuration is complete before enabling the Smart Card Logon for the user. NOTE: Depending on your browser settings, you may be prompted to download and install the Smart Card reader ActiveX plug-in when using this feature for the first time. 1 Access the DRAC 5 Web page using https.
Logging Into the DRAC 5 Using Active Directory Smart Card Authentication 1 Log into the DRAC 5 using https. https:// If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for the DRAC 5 and port number is the HTTPS port number. The DRAC 5 Login page is displayed prompting you to insert the Smart Card. 2 Insert the Smart Card into the reader and enter your Smart Card PIN. 3 Click Login.
Unable to Log into Local DRAC 5 If a local DRAC 5 user cannot log in, check if the username and the user certificates uploaded to the DRAC 5 have expired. The DRAC 5 trace logs may provide important log messages regarding the errors; although the error messages are sometimes intentionally ambiguous due to security concerns. Unable to Log into DRAC 5 as an Active Directory User If you cannot log into the DRAC 5 as an Active Directory user, try to log into the DRAC 5 without enabling the Smart Card logon.
Configuring Smart Card Authentication
10 Using GUI Console Redirection This section provides information about using the DRAC 5 console redirection feature. Overview The DRAC 5 console redirection feature enables you to access the local console remotely in either graphic or text mode. Using console redirection, you can control one or more DRAC 5-enabled systems from one location. Today with the power of networking and the Internet, you do not have to sit in front of each server to perform all the routine maintenance.
Supported Screen Resolutions Refresh Rates on the Managed System Table 10-1 lists the supported screen resolutions and corresponding refresh rates for a console redirection session that is running on the managed system. Table 10-1.
Configuring Console Redirection 1 On your management station, open a supported Web browser and log into the DRAC 5. See "Accessing the Web-Based Interface" on page 48 for more information. 2 In the System tree, click System. 3 Click the Console tab and then click Configuration. 4 In the Console Redirect Configuration page, use the information in Table 10-2 to configure your console redirection session. 5 In DRAC 5 versions 1.40 and later, you can select the Native or Java plug-in type you want to install.
Table 10-2. Console Redirection Configuration Page Information (continued) Information Description Default Access for Console Sharing Select the default type of console sharing access to be provided to the console sharing request from the second user for console access when the first user is connected to the console. The access permissions are: • No Access — Does not allow any access to the second user. • Read-only Access — Allows read-only access to the second user.
To open a console redirection session: 1 On your management station, open a supported Web browser and log into the DRAC 5. See "Accessing the Web-Based Interface" on page 48 for more information. 2 In the System tree, click System and then in the Console tab, click Console Redirect. NOTE: If you receive a security warning prompting you to install and run the Console Redirection plug-in, verify the plug-in’s authenticity and then click Yes to install and run the plug-in.
The buttons in Table 10-5 are available on the Console Redirection page. Table 10-5. Console Redirection Page Buttons Button Definition Refresh Reloads the Console Redirection Configuration page Connect Opens a console redirection session on the targeted remote system. Print Prints the Console Redirection Configuration page. 4 To open a new console, click Connect. NOTE: DRAC 5 supports four simultaneous console redirections.
Disabling or Enabling Local Video To disable or enable local video, perform the following procedure: 1 On your management station, open a supported Web browser and log into the DRAC 5. See "Accessing the Web-Based Interface" on page 48 for more information. 2 In the System tree, click System. 3 Click the Console tab and then click Configuration.
When you start a console redirection session and the Video Viewer appears, you may be required to adjust the following controls in order to view and control the remote system properly. These adjustments include: • Accessing the Viewer Menu Bar • Adjusting the video quality • Synchronizing the mouse pointers Accessing the Viewer Menu Bar The viewer menu bar is a hidden menu bar. To access the menu bar, move your cursor near the top-center edge of the Viewer’s desktop window.
Table 10-6. Viewer Menu Bar Selections (continued) Menu Item Item Description View Refresh Updates the entire remote system-screen viewport. Full Screen Expands the session screen from a window to full screen. Various keyboard shortcuts Executes a keystroke combination on the remote system. Macros To connect your management station’s keyboard to the remote system and run a macro: 1 Click Tools. 2 In the Session Options window, click the General tab. 3 Select Pass all keystrokes to target.
Table 10-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Tools Automatic Video Adjust Recalibrates the session viewer video output. Manual Video Adjust Provides individual controls to manually adjust the session viewer video output. NOTE: Adjusting the horizontal position offcenter desynchronizes the mouse pointers. Session Options Provides additional session viewer control adjustments.
Adjusting the Video Quality The Video Viewer provides video adjustments that allow you to optimize the video for the best possible view. Click Help for more information. To automatically adjust the video quality: 1 Access the Viewer Menu Bar. See "Accessing the Viewer Menu Bar" on page 168. 2 Click Tools and select Automatic Video Adjust (for Native plug-in) or Video Settings (for Java plug-in) to automatically adjust the video quality of the Viewer window.
Synchronizing the Mouse Pointers When you connect to a remote Dell system using Console Redirection, the mouse acceleration speed on the remote system may not synchronize with the mouse pointer on your management station, causing two mouse pointers to appear in the Video Viewer window. To synchronize the mouse pointers: 1 Access the Viewer Menu Bar. See "Accessing the Viewer Menu Bar" on page 168. 2 Click Tools and select Session Options.
Using Power Control Option The Power Control option allows you to do the following on the managed system: • Power on the system • Power off the system • Reset the system • Power cycle the system To control power on the managed system: 1 Access the Viewer Menu Bar. See "Accessing the Viewer Menu Bar" on page 168. 2 Click Tools and then click Power Control. 3 Click any of the options provided: • Power on the system. • Power off the system. • Reset the system.
Can the local user also turn OFF the video? Yes, a local user can use racadm CLI (local) to turn OFF the video. Can the local user also turn ON the video? Yes, the user should have racadm CLI installed on the server and only if the user is able to access the server over an RDP connection, such as terminal services, telnet, or SSH. The user can then log on to the server and can run racadm (local) to turn ON the video.
The status is displayed on the Console Redirection Configuration page of the DRAC 5 web-based interface. The racadm CLI command racadm getconfig –g cfgRacTuning displays the status in the object cfgRacTuneLocalServerVideo. The status is also seen by the local user on the server LCD screen as “Video OFF” or as “Video OFF in 15”.
If the problem is still not resolved, you must reset the DRAC 5 by running the racadm racreset hard command. Why aren’t the vKVM keyboard and mouse working? You must set the USB controller to On with BIOS support in the BIOS settings of the managed system. Restart the managed system and press to enter setup. Select Integrated Devices, and then select USB Controller. Save your changes and restart the system.
Why doesn’t the vKVM mouse sync when I use the Dell Systems Management Tools and Documentation DVD to remotely install the operating system? Configure Console Redirection for the operating system that is running on the target system. 1 In the vKVM toolbar menu, click Tools and select Session Options. 2 In the Session Options window, click the Mouse tab. 3 In the Mouse Acceleration box, select the operating system that is running on the target system and click OK.
I am still having issues with mouse synchronization. Ensure that the target system’s desktop is centered in the console redirection window. 1 In the vKVM toolbar, click Tools and select Manual Video Adjustment. 2 Adjust the horizontal and vertical controls as needed to align the desktop in the console redirection window. 3 Click Close. 4 Move the target system’s mouse cursor to the top left corner of the console redirection window, and then move the cursor back to the center of the window.
Why does console redirection fail to show the operating system boot menu in the Chinese, Japanese, and Korean versions of Microsoft Windows 2000? On systems running Windows 2000 that can boot to multiple operating systems, change the default boot operating system by performing the following steps: 1 Right-click the My Computer icon and select Properties. 2 Click the Advanced tab. 3 Click Startup and Recovery. 4 Select the new default operating system from the Startup list.
What are the minimum system requirements for my management station to run console redirection? The management station requires an Intel Pentium III 500 MHz processor with at least 256 MB of RAM. What are the maximum number of console redirection sessions that I can run on a remote system? The DRAC 5 supports up to two simultaneous console redirection sessions. Why do I have mouse synchronization problems? On Linux (Red Hat or Novell) systems, there are known mouse arrow synchronization issues.
3 Notice the two subdirectories vm and vkvm. Navigate to the appropriate subdirectory, right click the rac5XXX.xpi file, and select Save Link Target As.... 4 Choose a location to save the plug-in installation package file. To install the plug-in installation package: 1 Copy the installation package to the client's native file system share that is accessible by the client. 2 Open an instance of the browser on the client system.
Using GUI Console Redirection
Using and Configuring Virtual Media 11 Overview The Virtual Media feature provides the managed system with a virtual CD drive, which can use standard media from anywhere on the network. Figure 11-1 shows the overall architecture of virtual media. Figure 11-1.
The managed system is configured with a DRAC 5 card. The virtual CD and floppy drives are two electronic devices embedded in the DRAC 5 that are controlled by the DRAC 5 firmware. These two devices are present on the managed system’s operating system and BIOS at all times, whether virtual media is connected or disconnected. The management station provides the physical media or image file across the network.
Installing Virtual Media Browser Plug-In The virtual media browser plug-in must be installed on your management station to use the virtual media feature. After you open the DRAC 5 user interface and launch the Virtual Media page, the browser automatically downloads the plug-in, if required. If the plug-in is successfully installed, the Virtual Media page displays a list of floppy diskettes and optical disks that connect to the virtual drive.
Running Virtual Media CAUTION: Do not issue a racreset command when running a Virtual Media session. Otherwise, undesired results may occur, including loss of data. Using Virtual Media, you can "virtualize" a diskette image or drive, enabling a floppy image, floppy drive, or optical drive on your management console to become an available drive on the remote system. You can connect to a virtual media using the browser plug-in or Java plug-in.
The Virtual Media page appears with the client drives that can be virtualized. NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear, as this device can be virtualized as a virtual floppy. You can select one optical drive and one floppy at the same time, or a single drive. NOTE: The virtual device drive letters on the managed system do not coincide with the physical drive letters on the management station.
Only one active Virtual Media session is allowed at one time. This session could have been created by any Web-based interface or VMCLI utility. d Select the Encryption Enabled check box to establish an encrypted connection between the remote system and your management station (if desired). 6 If you are virtualizing a floppy image or ISO image, select Floppy Image File or ISO Image File and enter or browse to the image file you want to virtualize.
3 Click the Media tab and then click Virtual Media. The Virtual Media page is displayed with the client drives that can be virtualized. NOTE: The plug-in with which you can connect to a virtual media depends on the pug-in type you selected in the Configuration tab. 4 In the Attribute box, perform the following steps: a In the Value column, ensure that the Attach/Detach status value is Attached. If the value is Detached, perform the following steps: • In the Media tab, click Configuration.
7 To virtualize a floppy image or ISO image, click Add Image and select an image. 8 Click the Mapped check-box associated with the driver or image that you want to connect. The device in the managed system to which the driver or image attached is displayed in the Details table. Disconnecting Virtual Media Deselect the Mapped check box associated with a driver or image.
Attaching, Auto-Attaching, and Detaching Virtual Media using the Web browser You can set the status of a virtual media to Attach, Auto-Attach, or Detach. Based on this status, the devices in the remote system are displayed in the DRAC 5 GUI. • Attach—If the status is Attach, DRAC 5 automatically attaches all devices of the remote system to the server. When you connect to the server, the devices available in the remote system are displayed in the DRAC 5 GUI.
Booting From Virtual Media On supported systems, the system BIOS enables you to boot from virtual optical drives or virtual floppy drives. During POST, enter the BIOS setup window and verify that the virtual drives are enabled and listed in the correct order. To change the BIOS setting: 1 Boot the managed system. 2 Press to enter the BIOS setup window. 3 Scroll to the boot sequence and press .
Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using Virtual Media may take less than 15 minutes to complete. See "Deploying Your Operating System Using VM-CLI" on page 202 for more information.
Using Virtual Flash The DRAC 5 provides persistent Virtual Flash—16 MB of flash memory that resides in the DRAC 5 file system that can be used for persistent storage and accessed by the system. When enabled, Virtual Flash is configured as a third virtual drive and appears in the BIOS boot order, allowing a user to boot from the Virtual Flash. NOTE: To boot from the Virtual Flash, the Virtual Flash image must be a bootable image.
Storing Images in a Virtual Flash The Virtual Flash can be formatted from the managed host. If you are running the Windows operating system, right-click the drive icon and select Format. If you are running Linux, system tools such as format and fdisk allow you to partition and format the USB. Before you upload an image from the RAC Web browser to the Virtual Flash, ensure that the image file is between 1.44 MB and 16 MB in size (inclusive) and Virtual Flash is disabled.
Using the Virtual Media Command Line Interface Utility The Virtual Media Command Line Interface (VM-CLI) utility is a scriptable command-line interface that provides virtual media features from the management station to the DRAC 5 in the remote system. The VM-CLI utility provides the following features: • Supports multiple, simultaneously-active sessions. NOTE: When virtualizing read-only image files, multiple sessions may share the same image media.
Utility Installation The VM-CLI utility is located on the Dell Systems Management Tools and Documentation DVD, which is included with your Dell OpenManage System Management Software Kit. To install the utility, insert the Dell Systems Management Tools and Documentation DVD into your system’s DVD drive and follow the on-screen instructions.
VM-CLI Parameters DRAC 5 IP Address -r [:] where is a valid, unique IP address or the DRAC 5 Dynamic Domain Naming System (DDNS) name (if supported). This parameter provides the DRAC 5 IP address and SSL port. The VM-CLI utility needs this information to establish a Virtual Media connection with the target DRAC 5. If you enter an invalid IP address or DDNS name, an error message appears and the command is terminated.
Floppy/Disk Device or Image File -f { | } where is a valid drive letter (for Windows systems) or a valid device file name, including the mountable file system partition number, if applicable (for Linux systems); and is the filename and path of a valid image file. This parameter specifies the device or file to supply the virtual floppy/disk media. For example, an image file is specified as: -f c:\temp\myfloppy.img (Windows system) -f /tmp/myfloppy.
For example, a device is specified as: -c d:\ (Windows systems) -c /dev/cdrom (Linux systems) Additionally, omit this parameter from the command line if you are not virtualizing CD/DVD media. If an invalid value is detected, an error message is listed and the command terminates. Specify at least one media type (floppy or CD/DVD drive) with the command, unless only switch options are provided. Otherwise, an error message displays and the command terminates and generates an error.
VM-CLI Operating System Shell Options The following operating system features can be used in the VM-CLI command line: • stderr/stdout redirection — Redirects any printed utility output to a file. For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the VM-CLI utility. NOTE: The VM-CLI utility does not read from standard input (stdin). As a result, stdin redirection is not required.
Deploying Your Operating System Using VM-CLI The Virtual Media Command Line Interface (VM-CLI) utility is a command-line interface that provides Virtual Media features from the management station to the DRAC 5 in the remote system. Using VM-CLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the VM-CLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the DRAC 5 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems. Creating an Image File for Linux Systems Use the Data Duplicator utility to create a bootable image file for your Linux system.
When you create the image file, ensure that you: • Follow standard network-based installation procedures • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure 4 Perform one of the following procedures: • Integrate RACADM and the Virtual Media command line interface (VM-CLI) into your existing operating system deployment application.
Frequently Asked Questions Sometimes, I notice my Virtual Media client connection drops. Why? When a network time-out occurs, the DRAC 5 firmware drops the connection, disconnecting the link between the server and the Virtual Drive. To reconnect to the Virtual Drive, use the Virtual Media feature. Which operating systems support the DRAC 5? See the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals for a list of supported operating systems.
Why can’t I install Windows 2000 locally or remotely? This issue usually happens if Virtual Flash is enabled and does not contain a valid image, for example, the virtual flash contains a corrupted or random image, you may not be able to install Windows 2000 locally or remotely. To fix this issue, install a valid image on Virtual Flash or disable Virtual Flash if it will not be used during the installation procedure.
What types of media can I boot from? The DRAC 5 allows you to boot from the following bootable media: • CDROM/DVD Data media • ISO 9660 image • 1.44 Floppy disk or floppy image • DRAC 5 embedded virtual flash • A USB key that is recognized by the operating system as a removable disk • A USB key image How can I make my USB key bootable? Only USB keys with Windows 98 DOS can boot from the Virtual Floppy.
I cannot locate my Virtual Floppy device on a system running Red Hat Enterprise Linux or the SUSE Linux operating System. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner. In order to mount the Virtual Floppy Drive, locate the device node that Linux assigns to the Virtual Floppy Drive.
When I performed a firmware update remotely using the DRAC 5 Webbased interface, my virtual drives at the server were removed. Why? Firmware updates cause the DRAC 5 to reset, drop the remote connection, and unmount the virtual drives. The drives will reappear when the DRAC reset is complete. When enabling or disabling the Virtual Flash, I noticed that all my virtual drives disappeared and then reappeared.
To install the plug-in installation package: 1 Copy the installation package to the client's native file system share that is accessible by the client. 2 Open an instance of the browser on the client system. 3 Enter the file-path to the plug-in installation package in the browser's address bar. For example: file:///tmp/rac5vm.xpi 4 The browser guides the user through plug-in installation.
12 Configuring Security Features The DRAC 5 provides the following security features: • Advanced Security options for the DRAC administrator: • The Console Redirection disable option allows the local system user to disable console redirection using the DRAC 5 Console Redirection feature.
Security Options for the DRAC Administrator Disabling the DRAC 5 Local Configuration Administrators can disable local configuration through the DRAC 5 graphical user interface (GUI) by selecting Remote Access Configuration Services. When the Disable the DRAC local Configuration using option ROM check box is selected, the Remote Access Configuration Utility— accessed by pressing Ctrl+E during system boot—operates in read-only mode, preventing local users from configuring the device.
Disabling Local Configuration From Local racadm This feature disables the ability of the managed system’s user to configure the DRAC 5 using the local racadm or the Dell OpenManage Server Administrator utilities. racadm config -g cfgRacTune -o cfgRacTuneLocalConfigDisable 1 CAUTION: These features severely limit the ability of the local user to configure the DRAC 5 from the local system, including performing a reset to default of the configuration.
at a time to help avoid losing login privileges altogether. For example, if administrators have disabled all local DRAC 5 users and allow only Microsoft Active Directory directory service users to log in to the DRAC 5, and the Active Directory authentication infrastructure subsequently fails, the administrators may be unable to log in.
Several situations might call for disabling DRAC 5 remote vKVM. For example, administrators may not want a remote DRAC 5 user to view the BIOS settings that they configure on a system, in which case they can disable remote vKVM during the system POST by using the LocalConRedirDisable command.
An SSL-enabled system: • Authenticates itself to an SSL-enabled client • Allows the client to authenticate itself to the server • Allows both systems to establish an encrypted connection This encryption process provides a high level of data protection. The DRAC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The DRAC Web server includes a Dell self-signed SSL digital certificate (Server ID).
Use the SSL Main Menu page options (see Table 12-1) to generate a CSR to send to a CA. The CSR information is stored on the DRAC 5 firmware. Table 12-2 describes the buttons available on the SSL Main Menu page. Table 12-1. SSL Main Menu Options Field Description Generate a New Click Next to open the Certificate Signing Request Certificate Signing Generation page that enables you to generate a CSR to send to Request (CSR) a CA to request a secure Web certificate.
Generating a New Certificate Signing Request NOTE: Each new CSR overwrites any previous CSR on the firmware. Before a certificate authority (CA) can accept your CSR, the CSR in the firmware must match the certificate returned from the CA. Otherwise, the DRAC 5 will not upload the certificate. 1 In the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR) and click Next. 2 In the Generate Certificate Signing Request (CSR) page, type a value for each CSR attribute value.
Table 12-3. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description State Name The state or province where the entity who is applying for a certification is located (for example, Texas). Only alphanumeric characters and spaces are valid. Do not use abbreviations. Country Code The name of the country where the entity applying for certification is located. Use the drop-down menu to select the country. Email The e-mail address associated with the CSR.
Viewing a Server Certificate 1 In the SSL Main Menu page, select View Server Certificate and click Next. Table 12-5 describes the fields and associated descriptions listed in the Certificate window. 2 Click the appropriate View Server Certificate page button to continue. Table 12-5.
Table 12-6. Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST specification Symmetric Cryptography • AES256-CBC • RIJNDAEL256-CBC • AES192-CBC • RIJNDAEL192-CBC • AES128-CBC • RIJNDAEL128-CBC • BLOWFISH-128-CBC • 3DES-192-CBC • ARCFOUR-128 Message Integrity • HMAC-SHA1-160 • HMAC-SHA1-96 • HMAC-MD5-128 • HMAC-MD5-96 Authentication • Password NOTE: SSHv1 is not supported.
• Telnet (Table 12-10) • Remote RACADM (Table 12-11) • SNMP agent (Table 12-12) • Automated System Recovery Agent (Table 12-13) Use the Automated Systems Recovery Agent to enable the Last Crash Screen functionality of the DRAC 5. NOTE: Server Administrator must be installed with its Auto Recovery feature activated by setting the Action to either: Reboot System, Power Off System, or Power Cycle System, for the Last Crash Screen to function in the DRAC 5. 4 Click Apply Changes.
Table 12-8. Web Server Settings (continued) Setting Description Timeout The time in seconds that a connection is allowed to remain idle. The session is cancelled when the timeout is reached. Changes to the timeout setting do not affect the current session. When you change the timeout setting, you must log out and log in again to make the new setting effective. Timeout range is 60 to 1920 seconds. HTTP Port Number The port used by the DRAC that listens for a server connection.
Table 12-10. Telnet Settings Setting Description Active Sessions The number of current sessions on the system, less than or equal to the Max Sessions. Timeout The Secure Shell idle timeout, in seconds. Range = 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default setting is 0. Port Number The port used by the DRAC that listens for a server connection. The default setting is 23. Table 12-11.
Table 12-14. Services Page Buttons Button Description Print Prints the Services page. Refresh Refreshes the Services page. Apply Changes Applies the Services page settings. Enabling Additional DRAC 5 Security Options To prevent unauthorized access to your remote system, the DRAC 5 provides the following features: • IP address filtering (IPRange) — Defines a specific range of IP addresses that can access the DRAC 5.
The login proceeds if the following expression equals zero: cfgRacTuneIpRangeMask & ( ^ cfgRacTuneIpRangeAddr) where & is the bitwise AND of the quantities and ^ is the bitwise exclusive-OR. See "DRAC 5 Property Database Group and Object Definitions" on page 345 for a complete list of cfgRacTune properties. Table 12-15. IP Address Filtering (IpRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature.
To restrict the login to a single IP address (for example, 192.168.0.57), use the full mask, as shown below. racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.
IP Blocking IP blocking dynamically determines when excessive login failures occur from a particular IP address and blocks (or prevents) the address from logging into the DRAC 5 for a preselected time span.
Table 12-16. Login Retry Restriction Properties (continued) Property Definition crgRacTuneIpBlkPenaltyTime Defines the timespan in seconds when all login attempts from an IP address with excessive failures are rejected. Enabling IP Blocking The following example prevents a client IP address from establishing a session for five minutes if that client has failed its five login attempts in a one-minute period of time.
Configuring the Network Security Settings Using the DRAC 5 GUI NOTE: You must have Configure DRAC 5 permission to perform the following steps. 1 In the System tree, click Remote Access. 2 Click the Configuration tab and then click Network. 3 In the Network Configuration page, click Advanced Settings. 4 In the Network Security page, configure the attribute values and then click Apply Changes. Table 12-17 describes the Network Security page settings.
Table 12-18. Network Security Page Buttons Button Description Print Prints the Network Security page Refresh Reloads the Network Security page Apply Changes Saves the changes made to the Network Security page. Go Back to Network Configuration Page Returns to the Network Configuration page.
Configuring Security Features
Using the DRAC 5 SM-CLP Command Line Interface 13 This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the DRAC 5. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
During a typical SM-CLP session, the user can perform operations using the verbs listed in Table 13-1 and Table 13-2. Table 13-1. Supported CLI Verbs for System Verb Definition cd Navigates through the MAP using the shell. delete Deletes an object instance. help Displays help for a specific target. reset Resets the target. show Displays the target properties, verbs, and subtargets. start Turns on a target. stop Shuts down a target. exit Exits from the SM-CLP shell session.
SM-CLP Management Operations and Targets Management Operations The DRAC 5 SM-CLP enables users to manage the following: • Server Power Management — Turn on, shutdown, or reboot the system • System Event Log (SEL) Management — Display or clear the SEL records Options Table 13-3 lists the supported SM-CLP options. Table 13-3. Supported SM-CLP Options SM-CLP Option Description -all Instructs the verb to perform all possible functions. -display Displays the user-defined data.
Table 13-4. SM-CLP Targets (continued) Target Definition /system1/pwrmgtsvc1/ pwrmgtcap1 Capabilities of the power management service for the system. /system1/fan1 A fan target on the managed system. /system1/fan1/ tachsensor1 An individual sensor target on the fan target on the managed system. /system1/batteries1 A battery target on the managed system. /system1/batteries1/ sensor1 An individual sensor target on the battery target on the managed system.
DRAC 5 SM-CLP Examples The following subsections provide sample scenarios for using the SM-CLP to perform the following operations: • Server power management • SEL management • MAP target navigation • Display system properties Server Power Management Table 13-5 provides examples of using SM-CLP to perform power management operations on a managed system. Table 13-5. Server Power Management Operations Operation Syntax Logging into the RAC using the telnet/SSH interface >ssh 192.168.0.
SEL Management Table 13-6 provides examples of using the SM-CLP to perform SEL-related operations on the managed system. Table 13-6.
Table 13-6. SEL Management Operations (continued) Operation Syntax Viewing the SEL record ->show /system1/logs1/log1/record4 /system1/logs1/log1/record4 Properties: LogCreationClassName CreationClassName LogName RecordID MessageTimeStamp 000 Description detected a failure ElementName = = = = = CIM_RecordLog CIM_LogRecord IPMI SEL 1 20050620100512.
Batteries Management Table 13-7 provides example of using the SM-CLP to perform operations on the batteries. Table 13-7.
MAP Target Navigation Table 13-8 provides examples of using the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /. Table 13-8. Map Target Navigation Operations Operation Syntax Navigate to the system target and reboot ->cd system1 ->reset NOTE: The current default target is /. Navigate to the SEL ->cd system1 target and display the ->cd logs1/log1 log records ->show ->cd system1/logs1/log1 ->show Display current target ->cd . Move up one level ->cd ..
Table 13-9. System Properties Object Property CIM_ComputerSystem Name Description Unique identifier of a System instance that exists in the enterprise environment. MaxLen = 256 ElementName User-friendly name for the system. MaxLen = 64 NameFormat Identifies the method by which the Name is generated. Values: Other, IP, Dial, HID, NWA, HWA, X25, ISDN, IPX, DCC, ICD, E.
Table 13-9. Object System Properties (continued) Property Description Dedicated Enumeration indicating whether the system is a special-purpose system or general-purpose system.
Table 13-9. System Properties (continued) Object Property Description 16=File Server 17=Mobile User Device, 18=Repeater 19=Bridge/Extender 20=Gateway 21=Storage Virtualizer 22=Media Library 23=Extender Node 24=NAS Head 25=Self-Contained NAS 26=UPS 27=IP Phone 28=Management Controller 29=Chassis Manager ResetCapability Defines the reset methods available on the system Values: 1=Other 2=Unknown 3=Disabled 4=Enabled 5=Not Implemented CreationClassName The superclass from which this instance is derived.
Table 13-9. Object System Properties (continued) Property Description EnabledState Indicates the enabled/disabled states of the system. Values: 0=Unknown 1=Other 2=Enabled 3=Disabled 4=Shutting Down 5=Not Applicable 6=Enabled but Offline 7=In Test 8=Deferred 9=Quiesce 10=Starting EnabledDefault Indicates the default startup configuration for the enabled state of the system. By default, the system is "Enabled" (value= 2).
Table 13-9. System Properties (continued) Object Property Description RequestedState Indicates the last requested or desired state for the system. Values: 2=Enabled 3=Disabled 4=Shut Down 5=No Change 6=Offline 7=Test 8=Deferred 9=Quiesce 10=Reboot 11=Reset 12=Not Applicable HealthState Indicates the current health of the system.
Table 13-9. Object System Properties (continued) Property Description OperationalStatus Indicates the current status of the system. Values: 0=Unknown 1=Other 2=OK 3=Degraded 4=Stressed 5=Predictive Failure 6=Error 7=Non-Recoverable Error 8=Starting 9=Stopping 10=Stopped 11=In Service 12=No Contact 13=Lost Communication 14=Aborted 15=Dormant 16=Supporting Entity in Error 17=Completed 18=Power Mode Description A text-based description of the system.
Property Names for Fan, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Supported Property Names for Fans, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Table 13-10.
Supported Property Names for Fans, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Table 13-10. Sensors (continued) Object Property Description BaseUnits The units of measurement of the sensor RPM=Tachometer (for tachsensor) C=Temperature (for tempsensor) V=Voltage (for numericsensor) Watts=Power Consumption (for powerconsumption) Amp=Amperage (for amperage) CurrentReading The current reading of the sensor.
Supported Property Names for Fans, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Table 13-10. Sensors (continued) Object Property Description SupportedThreshold The supported threshold for the sensor.
Supported Property Names for Fans, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Table 13-10. Sensors (continued) Object Property Description CurrentState The current state as reported by a sensor ElementName The name of the sensor OtherSensorTypeDesc If the sensortype property ription contains a value of "1" (others), this property gives additional description about that sensor. "Power consumption sensor." for powerconsumption "Amperage sensor.
Table 13-11. Supported Property Names for Power Supply Sensors (continued) Object Property Description TotalOutputPower The total power output as shown on the DRAC user interface ElementName Name of the particular sensor. OperationalStatus Current operational status of the power supply unit. HealthState The health status of the power supply unit.
Table 13-12.
Property Names for Fan and Power Supply Redundancy Set Sensors Table 13-13. Supported Property Names for Fan and Power Supply Redundancy Set Sensors Object Property Description CIM_RedundancySet InstanceID Instance number RedundancyStatus The redundancy status. TypeOfSet 3=Load balanced (for fan redundancy) 4=Sparing (for Power Supply redundancy) MinNumberNeeded 0=Unknown ElementName Name of the sensor Property Names for Chassis Sensors Table 13-14.
Property Names for Power Management Service Table 13-15. Supported Property Names for Power Management Service Object Property Description CIM_PowerManagement CreationClassN The name of the creation class— Service ame CIM_PowerManagementService Name IPMI Power Service ElementName Dell Server Power Management Service powerstate Current power state of the system.
Property Names for Power Capability Table 13-16.
14 Monitoring and Alert Management This section explains how to monitor the DRAC 5 and procedures to configure your system and the DRAC 5 to receive alerts. Configuring the Managed System to Capture the Last Crash Screen Before the DRAC 5 can capture the last crash screen, you must configure the managed system with the following prerequisites. 1 Install the managed system software. For more information about installing the managed system software, see the Server Administrator User's Guide.
Disabling the Windows Automatic Reboot Option To ensure that the DRAC 5 Web-based interface last crash screen feature works properly, disable the Automatic Reboot option on managed systems running the Microsoft Windows Server 2003 and Windows 2000 Server operating systems. Disabling the Automatic Reboot Option in Windows Server 2003 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings.
• Redundancy Degraded • Redundancy Lost • Processor Warning • Processor Failure • Processor Absent • PS/VRM/D2D Warning • PS/VRM/D2D Failure • Power Supply Absent • Hardware Log Failure • Automatic System Recovery • System Power Probe Warning • System Power Probe Failure When a platform event occurs (for example, a fan probe failure), a system event is generated and recorded in the System Event Log (SEL).
4 Under Platform Events Filters Configuration, select the Enable Platform Event Filter alerts check box and then click Apply Changes. 5 Under Platform Event Filters List, click a filter that you want to configure. 6 In the Set Platform Events page, make the appropriate selections and then click Apply Changes. NOTE: Generate Alert must be enabled for an alert to be sent to any valid, configured destination (PET or e-mail). Configuring PEF Using the RACADM CLI 1 Enable PEF.
• value bit 3 – 1 = power cycle; 0 = no power cycle • value bit 4 – 1 = power reduction; 0 = no power reduction For example, to enable PEF to reboot the system, type the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i 1 2 where 1 is the PEF index and 2 is the PEF action to reboot. Configuring PET Configuring PET Using the Web User Interface 1 Login to the remote system using a supported Web browser. See "Accessing the Web-Based Interface" on page 48.
Configuring PET Using RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable PET. At the command prompt, type the following commands and press after each command: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 1 1 where 1 and 1 are the PET destination index and the enable/disable selection, respectively. The PET destination index can be a value from 1 through 4.
Configuring E-Mail Alerts Configuring E-mail Alerts Using the Web User Interface 1 Login to the remote system using a supported Web browser. See "Accessing the Web-Based Interface" on page 48. 2 Ensure that you followed the procedures in "Configuring PEF Using the Web User Interface" on page 259. 3 Configure your e-mail alert settings. a In the Alert Management tab, click Email Alert Settings.
Configuring E-Mail Alerts Using RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable e-mail alerts. At the command prompt, type the following commands and press after each command: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i 1 1 where 1 and 1 are the e-mail destination index and the enable/disable selection, respectively.
Testing e-mail Alerting The RAC e-mail alerting feature allows users to receive e-mail alerts when a critical event occurs on the managed system. The following example shows how to test the e-mail alerting feature to ensure that the RAC can properly send out e-mail alerts across the network. racadm testemail -i 2 NOTE: Ensure that the SMTP and Email Alert settings are configured before testing the e-mail alerting feature. See "Configuring E-Mail Alerts" on page 263 for more information.
You can change the DRAC 5 community name using RACADM. To see the DRAC 5 community name, use the following command: racadm getconfig -g cfgOobSnmp To set the DRAC 5 community name, use the following command: racadm config -g cfgOobSnmp -o cfgOobSnmpAgentCommunity To prevent SNMP authentication traps from being generated, you must enter community names that will be accepted by the agent.
15 Configuring Intelligent Platform Management Interface (IPMI) Configuring IPMI This section provides information about configuring and using the DRAC 5 IPMI interface. The interface includes the following: • IPMI over LAN • IPMI over Serial • Serial over LAN The DRAC 5 is fully IPMI 2.0 compliant.
c In the Network Configuration page under IPMI LAN Settings, select Enable IPMI Over LAN and click Apply Changes. d Update the IPMI LAN channel privileges, if required. NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. Under IPMI LAN Settings, click the Channel Privilege Level Limit drop-down menu, select Administrator, Operator, or User and click Apply Changes.
4 Configure IPMI Serial. a In the Configuration tab, click Serial. b In the Serial Configuration menu, change the IPMI serial connection mode to the appropriate setting. Under IPMI Serial, click the Connection Mode Setting drop-down menu, select the appropriate mode. c Set the IPMI Serial baud rate. Click the Baud Rate drop-down menu, select the appropriate baud rate, and click Apply Changes. d Set the Channel Privilege Level Limit.
Configuring IPMI Using the RACADM CLI 1 Login to the remote system using any of the RACADM interfaces. See "Using RACADM Remotely" on page 78. 2 Configure IPMI over LAN. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. a Update the IPMI channel privileges.
3 Configure IPMI Serial over LAN (SOL). At the command prompt, type the following command and press : racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 a Update the IPMI SOL minimum privilege level. CAUTION: The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL. For more information, see the IPMI 2.0 specification.
c Enable SOL. NOTE: SOL can be enabled or disabled for each individual user. At the command prompt, type the following command and press : racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i 2 where is the user’s unique ID. 4 Configure IPMI Serial. a Change the IPMI serial connection mode to the appropriate setting. At the command prompt, type the following command and press : racadm config -g cfgSerial -o cfgSerialConsoleEnable 0 b Set the IPMI Serial baud rate.
d Set the IPMI serial channel minimum privilege level.
• New line sequences • Input new line sequences For more information about these properties, see the IPMI 2.0 specification. Using the IPMI Remote Access Serial Interface In the IPMI serial interface, the following modes are available: • IPMI terminal mode — Supports ASCII commands that are submitted from a serial terminal. The command set has a limited number of commands (including power control) and supports raw IPMI commands that are entered as hexadecimal ASCII characters.
Configuring Serial Over LAN NOTE: For complete Serial Over LAN information, see the Dell OpenManage Baseboard Management Controller User’s Guide. 1 Expand the System tree and click Remote Access. 2 Click the Configuration tab and then click Serial Over LAN. 3 Configure the Serial Over LAN settings. Table 15-1 provides information about the Serial Over LAN Configuration page settings. 4 Click Apply Changes. 5 Configure the advanced settings, if required.
Table 15-2. Serial Over LAN Configuration Page Buttons Button Description Print Prints the Serial Over LAN Configuration page. Refresh Refreshes the Serial Over LAN Configuration page. Advanced Settings Opens the Serial Over LAN Configuration Advanced Settings page. Apply Changes Applies the Serial Over LAN Configuration page settings. Table 15-3.
16 Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to recovering and troubleshooting a crashed remote system using the DRAC 5 Web-based interface.
• View the system’s current Power Status—either ON or OFF. To access the Power Management page from the System tree, click System and then click the Power Management tab. NOTE: You must have Execute Server Action Commands permission to perform power management actions. Selecting Power Control Actions from the DRAC 5 GUI 1 Select one of the following Power Control Actions. • Power On System— Turns on the system power (equivalent to pressing the power button when the system power is off).
• powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system. • powerstatus — Displays the current power status of the server ("ON", or "OFF") • hardreset — Performs a reset (reboot) operation on the managed system.
Table 16-3. Auto Recovery Fields Field Description Recovery Action When a "system hang" is detected, the DRAC can be configured to do one of the following actions: No Action, Hard Reset, Power Down, or Power Cycle. Initial Countdown The number of seconds after a "system hang" is detected at which the DRAC will perform a Recovery Action. Present Countdown The current value, in seconds, of the countdown timer. Table 16-4.
Baseboard Management Controller Table 16-6 describes the Baseboard Management Controller properties. Table 16-6. BMC Information Fields Field Description Name "Baseboard Management Controller". IPMI Version Intelligent Platform Management Interface (IPMI) version. Number of Possible Active Sessions Maximum number of session that can be active at the same time. Number of Current Active Sessions Total number of current active sessions. Firmware Version Version of the BMC firmware.
Table 16-7. Status Indicator Icons (continued) Icon/Category Description A question mark icon indicates that the status is unknown. Date/Time The date and time that the event occurred. If the date is blank, then the event occurred at System Boot. The format is mm/dd/yyyy hh:mm:ss, based on a 24-hour clock. Description A brief description of the event Table 16-8. SEL Page Buttons Button Action Print Prints the SEL in the sort order that it appears in the window. Clear Log Clears the SEL.
Using the POST and Operating System Boot Capture Logs This feature of the DRAC 5 allows you to play back a stop motion video of the last three instances of the BIOS POST and operating system boot. To view the POST and operating system Boot Capture logs: 1 In the System tree, click System. 2 Click the Logs tab and then click Boot Capture tab. 3 Select the log number of the POST or operating system Boot Capture log. The video of the logs is played on a new screen. 4 Click Stop to stop the video.
The Last Crash Screen page provides the following buttons (see Table 16-9) in the top-right corner of the screen: Table 16-9. Last Crash Screen Page Buttons Button Action Print Prints the Last Crash Screen page. Save Opens a pop-up window that enables you to save the Last Crash Screen to a directory of your choice. Delete Deletes the Last Crash Screen page. Refresh Reloads the Last Crash Screen page.
17 Recovering and Troubleshooting the DRAC 5 This section explains how to perform tasks related to recovering and troubleshooting a crashed DRAC 5. You can use one of the following tools to troubleshoot your DRAC 5: • RAC Log • Diagnostic Console • Trace Log • racdump • coredump Using the RAC Log The RAC Log is a persistent log maintained in the DRAC 5 firmware. The log contains a list of user actions (such as log in, log out, and security policy changes) and alerts issued by the DRAC 5.
Table 17-1. RAC Log Page Information Field Description Date/ Time The date and time (for example, Dec 19 16:55:47). When the DRAC 5 initially starts and is unable to communicate with the managed system, the time will be displayed as System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged into the DRAC 5. Using the RAC Log Page Buttons The RAC Log page provides the buttons listed in Table 17-2. Table 17-2.
Using the Command Line Use the getraclog command to view the RAC log entries. racadm getraclog -i The getraclog -i command displays the number of entries in the DRAC 5 log. racadm getraclog [options] NOTE: For more information, see "getraclog" on page 321. You can use the clrraclog command to clear all entries from the RAC log.
Table 17-3. Diagnostic Commands (continued) Command Description netstat Prints the content of the routing table. If the optional interface number is provided in the text field to the right of the netstat option, then netstat prints additional information regarding the traffic across the interface, buffer usage, and other network interface information. ping Verifies that the destination IP address is reachable from the DRAC 5 with the current routing-table contents.
Using the racdump The racadm racdump command provides a single command to get dump, status, and general DRAC 5 board information. NOTE: This command is available only on Telnet and SSH interfaces. For more inform, see the "racdump" on page 317 command. Using the coredump The racadm coredump command displays detailed information related to any recent critical issues that have occurred with the RAC. The coredump information can be used to diagnose these critical issues.
Recovering and Troubleshooting the DRAC 5
Sensors 18 Hardware sensors or probes help you to monitor the systems on your network in a more efficient way by enabling you to take appropriate actions to prevent disasters, such as system instability or damage. You can use the DRAC 5 to monitor hardware sensor for batteries, fan probes, chassis intrusion, power supplies, power consumed, temperature, and voltages. Battery Probes The Battery probes provide information about the system board CMOS and storage RAM on motherboard (ROMB) batteries.
Power Supplies Probes The power supplies probes provides information on: • status of the power supplies, whether within the normal threshold value or has crossed threshold value. NOTE: You can set threshold values only from the Dell OpenManage Server Administrator. See the Dell OpenManage Server Administrator User’s Guide for more information. • power supply redundancy, that is, the ability of the redundant power supply to replace the primary power supply if the primary power supply fails.
Graph Information The Graph Information page displays the graphs for the system power level in Watts and power supplies in Amperes over a time period. The page auto refreshes every minute. NOTE: The data is obtained by the DRAC 5 every five minutes and is lost after a DRAC reset, AC power cycle, or a firmware update. NOTE: The graphs may display gaps either when the system is powered down or when the BMC resets. This is because the power sensors are unavailable during this period.
Power Statistics The Power Statistics page displays the average power consumption and the maximum and the minimum power consumption statistics for the system in Watts and BTU/Hr (British Thermal Unit per Hour) over the last 1 hour, 1 day, or 1 week from the current DRAC time. The data is obtained by the DRAC 5 and is reset if the DRAC undergoes a reset for any reason. Temperature Probes The temperature sensor provides information about the system board ambient temperature.
A RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. help NOTE: To use this command, you must have Log In DRAC 5 permission. Table A-1 describes the help command. Table A-1. Help Command Command Definition help Lists all of the subcommands available to use with racadm and provides a short description for each.
arp NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-2 describes the arp command. Table A-2. arp Command Command Definition arp Displays the contents of the ARP table. ARP table entries may not be added or deleted. Synopsis racadm arp Supported Interfaces • Remote RACADM • Telnet/SSH/Serial RACADM clearasrscreen NOTE: To use this command, you must have Clear Logs permission. Table A-3 describes the clearasrscreen subcommand. Table A-3.
config NOTE: To use the getconfig command, you must have Log In DRAC 5 permission. Table A-4 describes the config and getconfig subcommands. Table A-4. config/getconfig Subcommand Definition config Configures the DRAC 5. getconfig Gets the DRAC 5 configuration data.
Table A-5. config Subcommand Options and Descriptions Option Description -f The -f option causes config to read the contents of the file specified by and configure the DRAC 5. The file must contain data in the format specified in "Parsing Rules" on page 87. -p The -p, or password option, directs config to delete the password entries contained in the config file -f after the configuration is complete.
Examples • racadm config -g cfgLanNetworking -o cfgNicIpAddress 10.35.10.100 Sets the cfgNicIpAddress configuration parameter (object) to the value 10.35.10.110. This IP address object is contained in the group cfgLanNetworking. • racadm config -f myrac.cfg Configures or reconfigures the DRAC 5. The myrac.cfg file may be created from the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.
Table A-6. getconfig Subcommand Options Option Description -f The -f option directs getconfig to write the entire RAC configuration to a configuration file. This file can be used for batch configuration operations using the config subcommand. NOTE: The -f option does not create entries for the cfgIpmiPet and cfgIpmiPef groups. You must set at least one trap destination to capture the cfgIpmiPet group to the file.
If errors are not encountered, this subcommand displays the contents of the specified configuration. Examples • racadm getconfig -g cfgLanNetworking Displays all of the configuration properties (objects) that are contained in the group cfgLanNetworking. • racadm getconfig -f myrac.cfg Saves all group configuration objects from the RAC to myrac.cfg. • racadm getconfig -h Displays a list of the available configuration groups on the DRAC 5.
coredump NOTE: To use this command, you must have Execute Debug Commands permission. Table A-7 describes the coredump subcommand. Table A-7. coredump Subcommand Definition coredump Displays the last DRAC 5 core dump. Synopsis racadm coredump Description The coredump subcommand displays detailed information related to any recent critical issues that have occurred with the RAC. The coredump information can be used to diagnose these critical issues.
coredumpdelete NOTE: To use this command, you must have Clear Logs or Execute Debug Commands permission. Table A-8 describes the coredumpdelete subcommand. Table A-8. coredumpdelete Subcommand Definition coredumpdelete Deletes the core dump stored in the DRAC 5. Synopsis racadm coredumpdelete Description The coredumpdelete subcommand can be used to clear any currently resident coredump data stored in the RAC.
Table A-9 describes the fwupdate subcommand. Table A-9. fwupdate Subcommand Definition fwupdate Updates the firmware on the DRAC 5. Synopsis racadm fwupdate -s racadm fwupdate -g -u -a -d racadm fwupdate -p -u -d Description The fwupdate subcommand allows users to update the firmware on the DRAC 5.
Table A-10. fwupdate Subcommand Options Option Description -u The update option performs a checksum of the firmware update file and starts the actual update process. This option may be used along with the -g or -p options. At the end of the update, the DRAC 5 performs a soft reset. -s The status option returns the current status of where you are in the update process. This option is always used by itself. -g The get option instructs the firmware to get the firmware update file from the TFTP server.
• racadm fwupdate -p -u -d c:\ In this example, the firmware image for the update is provided by the host’s file system. • racadm -r 192.168.0.120 -u root -p racpassword fwupdate -g -u -a 192.168.0.120 -d In this example, RACADM is used to remotely update the firmware of a specified DRAC using the provided DRAC username and password. The image is retrieved from a TFTP server.
Supported Interfaces • Local RACADM • Remote RACADM • Telnet/SSH/Serial RACADM Input Table A-12 describes the getssninfo subcommand options. Table A-12. getssninfo Subcommand Options Option Description -A The -A option eliminates the printing of data headers. -u The -u user name option limits the printed output to only the detail session records for the given user name. If an "*" symbol is given as the user name, all users are listed.
getsysinfo NOTE: To use this command, you must have Log In To DRAC 5 permission. Table A-14 describes the racadm getsysinfo subcommand. Table A-14. getsysinfo Command Definition getsysinfo Displays DRAC 5 information, system information, and watchdog status information. Synopsis racadm getsysinfo [-d] [-s] [-w] [-A] Description The getsysinfo subcommand displays information related to the RAC, managed system, and watchdog configuration.
Output The getsysinfo subcommand displays information related to the RAC, managed system, and watchdog configuration. Sample Output RAC Information: RAC Date/Time = Mon Oct 26 19:05:33 2009 Firmware Version = 1.50 Firmware Build = 09.10.21 Last Firmware Update = Wed Oct 21 21:57:33 2009 Hardware Version = A00 Current IP Address = 192.168.1.21 Current IP Gateway = 0.0.0.0 Current IP Netmask = 255.255.255.0 DHCP Enabled = 1 MAC Address = 00:1c:23:d7:1a:d9 Current DNS Server 1 = 0.0.0.
OS Name = Power Status = ON Watchdog Information: Recovery Action = None Present countdown value = 15 seconds Initial countdown value = 15 seconds Embedded NIC MAC Addresses: NIC1 Ethernet = 00:1A:A0:11:93:68 NIC2 Ethernet = 00:1A:A0:11:93:6A Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge 2900" "A08" "1.0" "EF23VQ-0023" "Hostname" "Microsoft Windows 2000 version 5.
Restrictions The Hostname and OS Name fields in the getsysinfo output display accurate information only if Dell OpenManage is installed on the managed system. If OpenManage is not installed on the managed system, these fields may be blank or inaccurate. getractime NOTE: To use this command, you must have Log In DRAC 5 permission. Table A-16 describes the getractime subcommand. Table A-16. getractime Subcommand Definition getractime Displays the current time from the remote access controller.
Supported Interfaces • Local RACADM • Remote RACADM • Telnet/SSH/Serial RACADM ifconfig NOTE: To use this command, you must have Execute Diagnostic Commands or Configure DRAC 5 permission. Table A-17 describes the ifconfig subcommand. Table A-17. ifconfig Subcommand Definition ifconfig Displays the contents of the network interface table. Synopsis racadm ifconfig netstat NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-18 describes the netstat subcommand.
Supported Interfaces • Remote RACADM • Telnet/SSH/Serial RACADM ping NOTE: To use this command, you must have Execute Diagnostic Commands or Configure DRAC 5 permission. Table A-19 describes the ping subcommand. Table A-19. ping Subcommand Definition ping Verifies that the destination IP address is reachable from the DRAC 5 with the current routing-table contents. A destination IP address is required.
setniccfg NOTE: To use the setniccfg command, you must have Configure DRAC 5 permission. Table A-20 describes the setniccfg subcommand. Table A-20. setniccfg Subcommand Definition setniccfg Sets the IP configuration for the controller. NOTE: The terms NIC and Ethernet management port may be used interchangeably.
Output The setniccfg subcommand displays an appropriate error message if the operation is not successful. If successful, a message is displayed. Supported Interfaces • Local RACADM • Remote RACADM • Telnet/SSH/Serial RACADM getniccfg NOTE: To use the getniccfg command, you must have Log In To DRAC 5 permission. Table A-21 describes the setniccfg and getniccfg subcommands. Table A-21. setniccfg/getniccfg Subcommand Definition getniccfg Displays the current IP configuration for the controller.
Gateway = 192.168.0.1 Supported Interfaces • Local RACADM • Remote RACADM • Telnet/SSH/Serial RACADM getsvctag NOTE: To use this command, you must have Log In To DRAC 5 permission. Table A-22 describes the getsvctag subcommand. Table A-22. getsvctag Subcommand Definition getsvctag Displays a service tag. Synopsis racadm getsvctag Description The getsvctag subcommand displays the service tag of the host system. Example Type getsvctag at the command prompt.
racdump NOTE: To use this command, you must have Debug permission. Table A-23 describes the racdump subcommand. Table A-23. racdump Subcommand Definition racdump Displays status and general DRAC 5 information. Synopsis racadm racdump Description The racdump subcommand provides a single command to get dump, status, and general DRAC 5 board information.
racreset NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-24 describes the racreset subcommand. Table A-24. racreset Subcommand Definition racreset Resets the DRAC 5. CAUTION: When you issue a racreset subcommand, the DRAC may require up to one minute to return to a usable state. Synopsis racadm racreset [hard | soft] Description The racreset subcommand issues a reset to the DRAC 5. The reset event is written into the DRAC 5 log.
Examples • racadm racreset Start the DRAC 5 soft reset sequence. • racadm racreset hard Start the DRAC 5 hard reset sequence. Supported Interfaces • Local RACADM • Remote RACADM • Telnet/SSH/Serial RACADM racresetcfg NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-26 describes the racresetcfg subcommand. Table A-26. racresetcfg Subcommand Definition racresetcfg Resets the entire RAC configuration to factory default values.
Description The racresetcfg command removes all database property entries that have been configured by the user. The database has default properties for all entries that are used to restore the card back to its original default settings. After resetting the database properties, the DRAC 5 resets automatically. CAUTION: This command deletes your current RAC configuration and resets the RAC and serial configuration to the original default settings.
Table A-28. serveraction Subcommand Options String Definition Specifies the action. The options for the string are: • powerdown — Powers down the managed system. • powerup — Powers up the managed system. • powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system.
Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s start-record] [-m] Description The getraclog -i command displays the number of entries in the DRAC 5 log. The following options allow the getraclog command to read entries: • -A — Displays the output with no headers or labels. • -c — Provides the maximum count of entries to be returned. • -m — Displays one screen of information at a time and prompts the user to continue (similar to the UNIX more command).
clrraclog NOTE: To use this command, you must have Clear Logs permission. Synopsis racadm clrraclog Description The clrraclog subcommand removes all existing records from the RAC log. A new single record is created to record the date and time when the log was cleared. getsel NOTE: To use this command, you must have Log In To DRAC 5 permission. Table A-30 describes the getsel command. Table A-30. getsel Command Definition getsel -i Displays the number of entries in the System Event Log.
-s — Specifies the starting record used for the display -E — Places the 16 bytes of raw SEL at the end of each line of output as a sequence of hex values. -R — Only the raw data is printed. -m — Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). NOTE: If no arguments are specified, the entire log is displayed. Output The default output display shows the record number, timestamp, severity, and description.
Supported Interfaces • Local RACADM • Remote RACADM • Telnet/SSH/Serial RACADM gettracelog NOTE: To use this command, you must have Log In To DRAC 5 permission. Table A-31 describes the gettracelog subcommand. Table A-31. gettracelog Command Definition gettracelog -i Displays the number of entries in the DRAC 5 trace log. gettracelog Displays the DRAC 5 trace log.
Output The default output display shows the record number, timestamp, source, and description. The timestamp begins at midnight, January 1 and increases until the system boots. After the system boots, the system’s timestamp is used. For example: Record: 1 Date/Time: Dec Source: ssnmgrd[175] 8 08:21:30 Description: root from 143.166.157.
Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system. The CSR can be used for creating a custom SSL certificate that can be used for SSL transactions on the RAC. Options NOTE: The -f option is not supported for the serial/telnet/ssh console. Table A-33 describes the sslcsrgen subcommand options. Table A-33. sslcsrgen Subcommand Options Option Description -g Generates a new CSR.
Examples racadm sslcsrgen -s or racadm sslcsrgen -g -f c:\csr\csrtest.txt Supported Interfaces • Local RACADM • Remote RACADM • Telnet/SSH/Serial RACADM sslcertupload NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-34 describes the sslcertupload subcommand. Table A-34. sslcertupload Subcommand Description sslcertupload Uploads a custom SSL server or CA certificate from the client to the RAC.
The sslcertupload command returns 0 when successful and returns a nonzero number when unsuccessful. Restrictions The sslcertupload subcommand can only be executed from a local or remote RACADM client. The sslcsrgen subcommand cannot be used in the serial, telnet, or SSH interface. Example racadm sslcertupload -t 1 -f c:\cert\cert.txt Supported Interfaces • Local RACADM • Remote RACADM sslcertdownload NOTE: To use this command, you must have Configure DRAC 5 permission.
Options Table A-37 describes the sslcertdownload subcommand options. Table A-37. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the Microsoft Active Directory certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -f Specifies the file name of the certificate to be uploaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
sslcertview NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-38 describes the sslcertview subcommand. Table A-38. sslcertview Subcommand Description sslcertview Displays the SSL server or CA certificate that exists on the RAC. Synopsis racadm sslcertview -t [-A] Options Table A-39 describes the sslcertview subcommand options. Table A-39.
Organizational Unit (OU) Common Name (CN) : Remote Access Group : DRAC5 default certificate Issuer Information: Country Code (CC) State (S) Locality (L) Organization (O) Organizational Unit (OU) Common Name (CN) : : : : : : Valid From Valid To : Jul : Jul racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group DRAC5 default certificate US Texas Round Rock Dell Inc.
sslkeyupload NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-40 describes the sslkeyupload subcommand. Table A-40. sslkeyupload Subcommand Description sslkeyupload Uploads SSL key from the client to the DRAC 5. Synopsis racadm sslkeyupload -t [-f ] Options Table A-41 describes the sslkeyupload subcommand options. Table A-41. sslkeyupload Subcommand Options Option Description -t Specifies the key to upload.
Supported Interfaces • Local RACADM • Remote RACADM sslresetcfg NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-42 describes the sslresetcfg subcommand. Table A-42. sslresetcfg Subcommand Description sslresetcfg Restores the web-server certificate to factory default and restarts the web-server. The certificate takes effect 30 seconds after the command is entered.
Table A-43. kerbkeytabupload Subcommand Description krbkeytabupload Uploads a Kerberos keytab file. Synopsis racadm krbkeytabupload [-f ] Options Table A-44 describes the krbkeytabupload subcommand options. Table A-44. krbkeytabupload Subcommand Options Option Description -f Specifies the file name of the keytab to be uploaded. If the file is not specified, the keytab file in the current directory is selected.
testemail Table A-45 describes the testemail subcommand. Table A-45. testemail configuration Subcommand Description testemail Tests the RAC’s e-mail alerting feature. Synopsis racadm testemail -i Description Sends a test e-mail from the RAC to a specified destination. Prior to executing the test e-mail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-46 provides a list and associated commands for the cfgEmailAlert group.
Table A-46. testemail Configuration (continued) Action Command View the current e-mail racadm getconfig -g cfgEmailAlert -i alert settings where is a number from 1 to 4 Options Table A-47 describes the testemail subcommand options. Table A-47. testemail Subcommands Option Description -i Specifies the index of the e-mail alert to test. Output None.
Description The testtrap subcommand tests the RAC’s SNMP trap alerting feature by sending a test trap from the RAC to a specified destination trap listener on the network. Before you execute the testtrap subcommand, ensure that the specified index in the RACADM cfgIpmiPet group is configured properly. Table A-49 provides a list and associated commands for the cfgIpmiPet group. Table A-49.
vmdisconnect NOTE: To use this command, you must have Access Virtual Media permission. Table A-51 describes the vmdisconnect subcommand. Table A-51. vmdisconnect Subcommand Description vmdisconnect Closes all open RAC virtual media connections from remote clients. Synopsis racadm vmdisconnect Description The vmdisconnect subcommand allows a user to disconnect another user's virtual media session. Once disconnected, the web-based interface will reflect the correct connection status.
vmkey NOTE: To use this command, you must have Access Virtual Media permission. Table A-52 describes the vmkey subcommand. Table A-52. vmkey Subcommand Description vmkey Performs virtual media key-related operations. Synopsis racadm vmkey If is configured as reset, the virtual flash memory is reset to the default size of 16 MB. Description When a custom virtual media key image is uploaded to the RAC, the key size becomes the image size.
Synopsis racadm usercertupload -t [-f ] -i Options Table A-54 describes the usercertupload subcommand options. Table A-54. usercertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = user certificate 2 = user CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
usercertview NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-55 describes the usercertview subcommand. Table A-55. usercertview Subcommand Description usercertview Displays the user certificate or user CA certificate that exists on the DRAC. Synopsis racadm sslcertview -t [-A] -i Options Table A-56 describes the sslcertview subcommand options. Table A-56.
localConRedirDisable NOTE: Only a local racadm user can execute this command. Table A-57 describes the localConRedirDisable subcommand. Table A-57. localConRedirDisable Subcommand Description localConRedirDisable Disables console redirection to the management station. Synopsis racadm localConRedirDisable
RACADM Subcommand Overview
B DRAC 5 Property Database Group and Object Definitions The DRAC 5 property database contains the configuration information for the DRAC 5. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the racadm utility to configure the DRAC 5. The following sections describe each object and indicate whether the object is readable, writable, or both.
Default "Dell Remote Access Controller 5" Description Uses a text string to identify the product. idRacDescriptionInfo (Read Only) Legal Values String of up to 255 ASCII characters. Default "This system component provides a complete set of remote management functions for Dell PowerEdge servers." Description A text description of the RAC type. idRacVersionInfo (Read Only) Legal Values String of up to 63 ASCII characters. Default "1.
Default The current RAC firmware build version. For example, "05.12.06". Description A string containing the current product build version. idRacName (Read Only) Legal Values String of up to 15 ASCII characters. Default DRAC 5 Description A user assigned name to identify this controller. idRacType (Read Only) Default 6 Description Identifies the remote access controller type as the DRAC 5. cfgLanNetworking This group contains parameters to configure the DRAC 5 NIC.
cfgDNSDomainNameFromDHCP (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Specifies that the RAC DNS Domain Name should be assigned from the network DHCP server. cfgDNSDomainName (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String of up to 254 ASCII characters. Characters are restricted to alphanumeric, '-' and '.
Legal Values String of up to 63 ASCII characters. NOTE: Some DNS servers only register names of 31 characters or fewer. Default rac-service tag Description Displays the RAC name, which is rac-service tag (by default). This parameter is only valid if cfgDNSRegisterRac is set to 1 (TRUE). cfgDNSRegisterRac (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers the DRAC 5 name on the DNS server.
Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network. cfgDNSServer1 (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values A string representing a valid IP address. For example: "192.168.0.20". Description Specifies the IP address for DNS server 1. This property is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE).
Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the RAC network interface controller. If the NIC is disabled, the remote network interfaces to the RAC will no longer be accessible, and the RAC will only be available through the serial or local RACADM interfaces. cfgNicIpAddress (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE).
Description The subnet mask used for static assignment of the RAC IP address. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE). cfgNicGateway (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid gateway IP address. For example: "192.168.0.1". Default 192.168.0.
cfgNicSelection (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (shared) 1 (shared with failover) 2 (dedicated) Default 2 Description Specifies the current mode of operation for the RAC network interface controller (NIC). Table B-1 describes the supported modes. Table B-1. cfgNicSelection Supported Modes Mode Description Shared Used if the host server integrated NIC is shared with the RAC on the host server.
Description The RAC NIC MAC address. cfgNicVLanEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the VLAN capabilities of the RAC/BMC. cfgNicVLanId (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 – 4094 Default 0 Description Specifies the VLAN ID for the network VLAN configuration.
Default 0 Description Specifies the VLAN Priority for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled). cfgRemoteHosts This group provides properties that allow configuration of various remote components, which include the SMTP server for e-mail alerts and TFTP server IP addresses for firmware updates. cfgRhostsSmtpServerIpAddr (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Default 1 Description Enables or disables the RAC firmware update from a network TFTP server. cfgRhostsFwUpdateIpAddr (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values A string representing a valid TFTP server IP address. For example, 192.168.0.61. Default 0.0.0.0 Description Specifies the network TFTP server IP address that is used for TFTP RAC firmware update operations.
cfgUserAdmin This group provides configuration information about the users who are allowed to access the RAC through the available remote interfaces. Up to 16 instances of the user group are allowed. Each instance represents the configuration for an individual user. cfgUserAdminIpmiLanPrivilege (Read/Write) NOTE: To modify this property, you must have Configure Users permission.
15 (All others) Description The maximum privilege on the IPMI serial channel. cfgUserAdminPrivilege (Read/Write) NOTE: To modify this property, you must have Configure Users permission. Legal Values 0x0000000 to 0x00001ff, and 0x0 Default 0x0000000 Description This property specifies the allowed role-based authority privileges allowed for the user. The value is represented as a bitmask that allows for any combination of privilege values. Table B-2 describes the allowed user privileges’ bit masks.
Examples Table B-3 provides sample privilege bit masks for users with one or more privileges. Table B-3. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user is not allowed to access 0x00000000 the RAC. The user may only login to RAC 0x00000001 and view RAC and server configuration information. The user may login to RAC and change configuration.
cfgUserAdminPassword (Write Only) NOTE: To modify this property, you must have Configure Users permission. Legal Values A string of up to 20 ASCII characters. Default "" Description The password for this user. The user passwords are encrypted and cannot be seen or displayed after this property is written. cfgUserAdminEnable NOTE: To modify this property, you must have Config Users permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables an individual user.
Default 0 Description Enables or disables Serial Over LAN (SOL) user access. cfgEmailAlert This group contains parameters to configure the RAC e-mail alerting capabilities. The following subsections describe the objects in this group. Up to four instances of this group are allowed. cfgEmailAlertIndex (Read Only) Legal Values 1–4 Default This parameter is populated based on the existing instances. Description The unique index of an alert instance.
Description Specifies the destination e-mail address for e-mail alerts. For example, user1@company.com. cfgEmailAlertAddress (Read Only) Legal Values E-mail address format, with a maximum length of 64 ASCII characters. Default "" Description The e-mail address of the alert source. cfgEmailAlertCustomMsg (Read Only) Legal Values String. Maximum Length = 32. Default "" Description Specifies a custom message that is sent with the alert.
Legal Values 1–2 Default 2 Description Specifies the maximum number of console redirection sessions allowed on the RAC. cfgSsnMgtRacadmTimeout (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 10 –1920 Default 30 Description Defines the idle time-out in seconds for the Remote RACADM interface. If a remote RACADM session remains inactive for more than the specified time, the session will be closed.
Description Defines the Web server time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session (you must log out and log in again to make the new settings effective). An expired Web server session logs out the current session.
An expired Secure Shell session displays the following error message only after you press : Warning: Session no longer valid, may have timed out After the message appears, the system returns you to the shell that generated the Secure Shell session. cfgSsnMgtTelnetTimeout (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (No timeout) 60 – 1920 Default 0 Description Defines the Telnet idle time-out.
cfgSerialBaudRate (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 9600, 28800, 57600, 115200 Default 57600 Description Sets the baud rate on the DRAC 5 serial port. cfgSerialConsoleEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the RAC serial console interface.
Default ^\ (<\>) NOTE: The "^" is the key. Description This key or key combination terminates text console redirection when using the connect com2 command.
cfgSerialConsoleNoAuth (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (enables serial login authentication) 1 (disables serial login authentication) Default 0 Description Enables or disables the RAC serial console login authentication. cfgSerialConsoleCommand (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Specifies the maximum size of the serial history buffer. cfgSerialSshEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the secure shell (SSH) interface on the DRAC 5. cfgSerialTelnetEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Legal Values 1 (TRUE) 0 (FALSE) Description Enables or disables the console for COM 2 port redirection. cfgNetTuning This group enables users to configure the advanced network interface parameters for the RAC NIC. When configured, the updated settings may take up to a minute to become active. CAUTION: Use extra precaution when modifying properties in this group. Inappropriate modification of the properties in this group can result in your RAC NIC become inoperable.
cfgNetTuningNic100MB (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (10 MBit) 1 (100 MBit) Default 1 Description Specifies the speed to use for the RAC NIC. This property is not used if the cfgNetTuningNicAutoNeg is set to 1 (enabled). cfgNetTuningNicFullDuplex (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Default 1500 Description The size in bytes of the maximum transmission unit used by the DRAC 5 NIC. cfgNetTuningTcpSrttDflt (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 6 – 384 Default 6 Description The smoothed round trip time-out base default value for TCP retransmission round trip time in ½ second units. (Type hexadecimal values.) cfgOobSnmp The group contains parameters to configure the SNMP agent and trap capabilities of the DRAC 5.
Description Specifies the SNMP Community Name used for SNMP Traps. cfgOobSnmpAgentEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the SNMP agent in the RAC. cfgRacTuning This group is used to configure various RAC configuration properties, such as valid ports and security port restrictions.
cfgRacTuneHttpPort (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 10 – 65535 Default 80 Description Specifies the port number to use for HTTP network communication with the RAC. cfgRacTuneHttpsPort (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 10 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with the RAC.
Default 0 Description Enables or disables the IP Address Range validation feature of the RAC. cfgRacTuneIpRangeAddr NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String, IP address formatted. For example, 192.168.0.44. Default 192.168.1.1 Description Specifies the acceptable IP address bit pattern in positions determined by the 1's in the range mask property (cfgRacTuneIpRangeMask).
Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP address blocking feature of the RAC. cfgRacTuneIpBlkFailcount NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 2 – 16 Default 5 Description The maximum number of login failure to occur within the window before the login attempts from the IP address are rejected. cfgRacTuneIpBlkFailWindow NOTE: To modify this property, you must have Configure DRAC 5 permission.
cfgRacTuneIpBlkPenaltyTime NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 2 – 65535 Default 300 Description Defines the timespan in seconds that session requests from an IP address with excessive failures are rejected. cfgRacTuneSshPort (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 – 65535 Default 22 Description Specifies the port number used for the RAC SSH interface.
Description Specifies the port number used for the RAC telnet interface. cfgRacTuneRemoteRacadmEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the Remote RACADM interface in the RAC. cfgRacTuneConRedirEncryptEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Default 5901 Description Specifies the port to be used for keyboard and mouse traffic during Console Redirection activity with the RAC. NOTE: This object requires a DRAC 5 reset before it becomes active. cfgRacTuneConRedirVideoPort (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 – 65535 Default 5901 Description Specifies the port to be used for video traffic during Console Redirection activity with the RAC.
NOTE: This object requires a DRAC 5 reset before it becomes active. cfgRacTuneDaylightOffset (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 – 60 Default 0 Description Specifies the daylight savings offset (in minutes) to use for the RAC Time. cfgRacTuneTimezoneOffset (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables and disables the RAC Web server. If this property is disabled, the RAC will not be accessible using client Web browsers or remote RACADM. This property has no effect on the telnet/ssh/serial or local RACADM interfaces. cfgRacTuneLocalServerVideo (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Enables or disables the ability of a local user to configure the DRAC 5 using local racadm or the Dell OpenManage Server Administrator Utilities. cfgRacTuneCtrlEConfigDisable NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the ability to disable the ability of the local user to configure the DRAC 5 from the BIOS POST option-ROM.
Default 0 Description If a first user is already using the Virtual Console, the value of this object effects the privileges granted to the subsequent user’s shared request after the timeout of 30 seconds. ifcRacManagedNodeOs This group contains properties that describe the Managed Server operating system. One instance of the group is allowed. The following subsections describe the objects in this group.
Description The operating system name of the managed system. cfgRacSecurity This group is used to configure settings related to the RAC SSL certificate signing request (CSR) feature. The properties in this group MUST be configured prior to generating a CSR from the RAC. See the RACADM sslcsrgen subcommand details for more information on generating certificate signing requests. cfgRacSecCsrCommonName (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
cfgRacSecCsrOrganizationUnit (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Organization Unit (OU). cfgRacSecCsrLocalityName (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Locality (L).
cfgRacSecCsrCountryCode (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String. Maximum Length = 2. Default "" Description Specifies the CSR Country Code (CC) cfgRacSecCsrEmailAddr (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR e-mail Address.
Description Specifies the SSL asymmetric key size for the CSR. cfgRacVirtual This group contains parameters to configure the DRAC 5 Virtual Media feature. One instance of the group is allowed. The following subsections describe the objects in this group. cfgVirMediaAttached (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description This object is used to attach your virtual devices to the system via the USB bus.
Default 3669 Description Specifies the port number used for encrypted virtual media connections to the RAC. cfgVirAtapiSvrPortSsl (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values Any unused port number between 0 and 65535 decimal. Default 3669 Description Sets the port used for SSL Virtual Media connections.
cfgVirMediaKeyEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the virtual media key feature of the RAC. cfgVirMediaPluginTypr (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (Java Plug-in) 0 (Native Plug-in) Default 0 Description Sets the virtual media plug-in type.
3 — Virtual CD/DVD/ISO: Boot from Virtual CD/DVD/ISO. 4 — PXE: PXE (network) boot the server. 5 — Hard drive: Boot into the default hard disk. 6 — Utility Partition: Boot into the Utility Partition. A Utility partition should exist. 7 — Default CD/DVD: Default CD/DVD drive of the server. 8 — BIOS Setup: BIOS Setup screen. 9 — Primary Removable Media: Boot from a USB removable media emulated as a bootable floppy. Default 0 Description Sets the boot once device.
Legal Values 1 (True) 0 (False) Default 0 Description When set to 0, the Virtual Floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems. Windows operating systems will assign a drive letter of A: or B:.
Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default "" Description Name of DRAC as recorded in the Active Directory forest. cfgADEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory user authentication on the RAC. If this property is disabled, local RAC authentication is used for user logins instead.
Description 1 (True) enables you to specify an LDAP or a Global Catalog server. 0 (False) disables this option. cfgADDomainController (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values Valid IP address or fully qualified domain name (FQDN) Default No default values Description DRAC 5 uses the value you specify, to search the LDAP server for user names.
Format : Default No default values Description DRAC 5 uses the value you specify, to search the Association Object for user names. cfgADSmartCardLogonEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Smart Card logon on DRAC 5. cfgADCRLEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Enables or disables the Certificate Revocation List (CRL) check for Active Directory-based Smart Card users. cfgADAuthTimeout (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out. cfgADRootDomain (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
2 = Enables Standard Schema with Active Directory. Default 1 = Extended Schema Description Determines the schema type to use with Active Directory. cfgADSSOEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory single sign-on authentication on the RAC. cfgStandardSchema This group contains parameters to configure the Standard Schema settings.
Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Name of the Role Group as recorded in the Active Directory forest. cfgSSADRoleGroupDomain (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Active Directory Domain in which the Role Group resides.
Table B-4. Bit Masks for Role Group Privileges Role Group Privilege Bit Mask Log In To DRAC 5 0x00000001 Configure DRAC 5 0x00000002 Configure Users 0x00000004 Clear Logs 0x00000008 Execute Server Control Commands 0x00000010 Access Console Redirection 0x00000020 Access Virtual Media 0x00000040 Test Alerts 0x00000080 Execute Debug Commands 0x00000100 cfgIpmiSerial This group specifies properties used to configure the IPMI serial interface of the BMC.
In Basic mode, the port uses binary data with the intent of communicating with an application program on the serial client. In Terminal mode, the port assumes that a dumb ASCII terminal is connected and allows very simple commands to be entered. cfgIpmiSerialBaudRate (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 9600, 19200, 57600, 115200 Default 57600 Description Specifies the baud rate for a serial connection over IPMI.
Legal Values 0 (None) 1 (CTS/RTS) 2 (XON/XOFF) Default 1 Description Specifies the flow control setting for the IPMI serial port. cfgIpmiSerialHandshakeControl (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables he IPMI terminal mode handshake control. cfgIpmiSerialLineEdit (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Enables or disables line editing on the IPMI serial interface. cfgIpmiSerialEchoControl (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables echo control on the IPMI serial interface. cfgIpmiSerialDeleteControl (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
1 (CR-LF) 2 (NULL) 3 () 4 () 5 () Default 1 Description Specifies the newline sequence specification for the IPMI serial interface. cfgIpmiSerialInputNewLineSequence (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 () 1 (NULL) Default 1 Description Specifies the input newline sequence specification for the IPMI serial interface. cfgIpmiSol This group is used to configure the Serial-Over-LAN capabilities of the system.
1 (TRUE) Default 1 Description Enables or disables Serial Over LAN (SOL). cfgIpmiSolBaudRate (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 9600, 19200, 57600, 115200 Default 57600 Description The baud rate for serial communication over LAN. cfgIpmiSolMinPrivilege (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
cfgIpmiSolAccumulateInterval (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 – 255. Default 10 Description Specifies the typical amount of time that the BMC waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments. cfgIpmiSolSendThreshold (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 – 255 Default 255 Description The SOL threshold limit value.
Default 1 Description Enables or disables the IPMI-Over-LAN interface. cfgIpmiLanPrivLimit (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 0 Description Specifies the maximum privilege level allowed for IPMI over LAN access. cfgIpmiLanAlertEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
cfgIpmiEncryptionKey (Read/Write) NOTE: To view or modify this property, you must have Configure DRAC 5 permission and administrator privileges. Legal Values A string of hexadecimal digits from 0 to 20 characters with no spaces. Default "00000000000000000000" Description The IPMI encryption key. cfgIpmiPetCommunityName (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values A string up to 18 characters.
cfgIpmiPefName (Read Only) Legal Values String. Maximum Length = 255. Default The name of the index filter. Description Specifies the name of the platform event filter. cfgIpmiPefIndex (Read Only) Legal Values 1 – 17 Default The index value of a platform event filter object. Description Specifies the index of a specific platform event filter. cfgIpmiPefAction (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Specifies the action that is performed on the managed system when the alert is triggered. cfgIpmiPefEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables a specific platform event filter. cfgIpmiPet This group is used to configure platform event traps on the managed system. cfgIpmiPetIndex (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Legal Values String representing a valid IP address. For example, 192.168.0.67. Default 0.0.0.0 Description Specifies the destination IP address for the trap receiver on the network. The trap receiver receives an SNMP trap when an event is triggered on the managed system. cfgIpmiPetAlertEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables a specific trap.
Default 0 Description Enables or disables the SEL Log filtering.
Supported RACADM Interfaces C The following table provides an overview of RACADM subcommands and their corresponding interface support. Table C-1.
Table C-1.
Index A Active Directory adding DRAC 5 users, 124 configuring access to the DRAC 5, 117 extending schemas, 117 logging in to the DRAC 5, 142 objects, 113 schema extensions, 112 using with extended schema, 112 using with standard schema, 106 using with the DRAC 5, 105 B BIOS setup configuring on a managed system, 51 exporting the root CA certificate, 138 SSL and digital, 215 uploading a server certificate, 219 viewing a server certificate, 220 configuration file creating, 85 configuring serial mode, 275 se
using the DRAC 5 with Active Directory, 144 using Virtual Media, 205 enabling serial/telnet/ssh console, 57 securing communications, 215 updating the firmware, 40 H E e-mail alerts configuring, 263 configuring using RACADM CLI, 264 configuring using the web user interface, 263 enabling single sign-on, 151 example see sample extended schema using with Active Directory, 112 F features DRAC 5, 29 DRAC 5 hardware, 26 firmware downloading, 41 updating, 40 frequently asked questions managing and recovering a
L N last crash screen capturing on the managed system, 257 network properties configuring manually, 90 configuring using racadm, 90 Linux XTerm configuring for telnet console redirection, 68 O logs operating system boot, 283 POST, 283 M managed system accessing through the local serial port, 64 capturing the last crash screen, 257 configuring BIOS setup, 51 enabling serial or telnet console, 50 installing software, 38 management station configuring, 162 configuring a Red Hat Enterprise Linux manageme
setting up single sign-on, 151 property database groups cfcRacManagedNodesOs, 383 cfgActiveDirectory, 391 cfgEmailAlert, 361 cfgIpmiLan, 404 cfgIpmiPef, 406 cfgIpmiPet, 408 cfgIpmiSerial, 398 cfgIpmiSol, 402 cfgLanNetworking, 347 cfgNetTuning, 370 cfgOobSnmp, 372 cfgRacSecurity, 384 cfgRacTuning, 373 cfgRacVirtual, 387 cfgRemoteHosts, 355 cfgSerial, 365 cfgSessionManagement, 362 cfgUserAdmin, 357 idRacInfo, 345 R RAC serial configuring, 61 RAC serial interface about, 51 RACADM attaching virtual media, 191
testtrap, 337 usercertupload, 340 userertview, 342 vmdisconnect, 339 vmkey, 340 racadm utility configuring network properties, 90 parsing rules, 87 subcommands, 295 reboot option disabling, 258 Red Hat Enterprise Linux configuring for serial console redirection, 52 serial mode configuring, 61 Serial Over LAN (SOL) configuring, 275 server certificate uploading, 219 viewing, 220 Server Management Command Line Protocol (SM-CLP) about, 233 support, 233 services configuring, 221 Single Sign-On, 143 remote acce
T telnet console using, 70 terminal mode configuring, 61, 63 deploying the operating system, 204 operating system shell options, 201 parameters, 198 using, 196 U W usercertupload, 340 web browser configuring, 43 V video viewer accessing the viewer menu bar, 168 using, 167 virtual flash configuring, 195 disabling, 194 enabling, 194 using, 194 virtual media about, 183 attaching, 190 booting, 192 detaching, 190 installing the operating system, 193 installing the plug-in, 185 running, 186 supported config
