Dell OpenManage Server Administrator Version 7.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012 Dell Inc.
Contents Notes, Cautions, and Warnings...................................................................................................2 1 Introduction..................................................................................................................................7 Installation................................................................................................................................................................7 Updating Individual System Components................
Server Administrator Managed System Login — Using the Desktop Icon......................................................27 Server Administrator Managed System Login — Using The Web Browser....................................................28 Central Web Server Login................................................................................................................................28 Using The Active Directory Login..................................................................................
6 Server Administrator Logs.......................................................................................................65 Integrated Features................................................................................................................................................65 Log Window Task Buttons...............................................................................................................................65 Server Administrator Logs...................................
Introduction 1 Dell OpenManage Server Administrator (OMSA) provides a comprehensive, one-to-one systems management solution in two ways: from an integrated, web browser-based graphical user interface (GUI) and from a command line interface (CLI) through the operating system. Server Administrator enables system administrators to manage systems locally and remotely on a network.
Storage Management Service The Storage Management Service provides storage management information in an integrated graphical view. NOTE: For more information about the Storage Management Service, see the Dell OpenManage Server Administrator Storage Management User's Guide at dell.com/support/manuals.
– Simplified and reduced the number of screens in the Virtual Disk Creation Wizard for better user experience. NOTE: For more information, see the Dell OpenManage Server Administrator Storage Management User’s Guide available at dell.com/support/manuals. • Added support for enhanced messaging, which includes unique system identifiers (system service tag, chassis service tag, and system FQDN) and message identifier (Message ID) for enhanced SNMP trap varbinds.
If your system supports SNMP, you must install and enable the service on your operating system. If SNMP services are available on your operating system, the Server Administrator installation program installs the supporting agents for SNMP. HTTPS is supported on all operating systems. Support for CIM and SNMP is operating system dependent and, in some cases, operating system-version dependent.
Other Documents You May Need In addition to this guide, you can access the following guides available at dell.com/support/manuals → Product Type → Software, Monitors, Electronics & Peripherals → Software → Enterprise System Management . • The Dell Systems Software Support Matrix provides information about the various Dell systems, the operating systems supported by these systems, and the Dell OpenManage components that can be installed on these systems.
Obtaining Technical Assistance If at any time you do not understand a procedure described in this guide or if your product does not perform as expected, help tools are available to assist you. For more information about these help tools, see Getting Help in your system's Hardware Owner’s Manual. Additionally, Dell Enterprise Training and Certification is available; see dell.com/training for more information. This service may not be offered in all locations.
2 Setup And Administration Dell OpenManage Server Administrator provides security through role- based access control (RBAC), authentication, and encryption for both the Web-based and command line interfaces. Role-Based Access Control RBAC manages security by determining the operations that can be executed by persons in particular roles. Each user is assigned one or more roles, and each role is assigned one or more privileges that are permitted to users in that role.
Instrumentation User, Power User, Administrator, Elevated Administrator Power User, Administrator, Elevated Administrator Remote Access User, Power User, Administrator, Elevated Administrator Administrator, Elevated Administrator Storage Management User, Power User, Administrator, Elevated Administrator Administrator, Elevated Administrator Authentication The Server Administrator authentication scheme ensures that the correct access types are assigned to the correct user privileges.
NOTE: On systems running VMware ESXi Server 5.0 operating system, to login to Server Administrator, all users require Administrator privileges. For information on assigning roles, see the VMware documentation. Encryption Server Administrator is accessed over a secure HTTPS connection using secure socket layer (SSL) technology to ensure and protect the identity of the system being managed.
Creating Server Administrator Users For Supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server Operating Systems Administrator access privileges are assigned to the user logged in as root. To create users with User and Power User privileges, perform the following steps. NOTE: You must be logged in as root or an equivalent user to perform the following procedures. NOTE: You must have the useradd utility installed on your system to perform the following procedures.
(+) Group Name Domain User Wildcard (*) Wildcard (*) User [Tab] = \t (tab character) The following table lists the examples for adding the role definition to the omarolemap file. Table 5. Examples for adding the role definition in OpenManage Server Administrator 3. Bob Ahost Poweruser + root Bhost Administrator + root Chost Administrator Bob *.aus.amer.com Poweruser Mike 192.168.2.3 Poweruser Save and close the file.
5. To allow a user to access the ESX/ESXi host through a command shell, select Grant shell access to this user. Users that access the host only through the vSphere Client do not need shell access. 6. To add the user to a group, select the group name from the Group drop-down menu and click Add . 7. Click OK . Disabling Guest And Anonymous Accounts In Supported Windows Operating Systems NOTE: You must be logged in with Administrator privileges to perform this procedure. 1.
• Configuring the SNMP Agent On Systems Running Supported VMware ESXi 4.X and ESXi 5.X Operating Systems Configuring The SNMP Agent On Systems Running Supported Windows Operating Systems Server Administrator uses the SNMP services provided by the Windows SNMP agent. You can configure the SNMP agent to change the community name, enable Set operations, and send traps to a management station.
6. Click OK to save the changes. Enabling SNMP Set Operations SNMP Set operations must be enabled on the Server Administrator system to change Server Administrator attributes using IT Assistant. 1. Open the Computer Management window. 2. Expand the Computer Management icon in the window, if necessary. 3. Expand the Services and Applications icon, and then click Services. 4. Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and click Properties.
SNMP Agent Access Control Configuration The management information base (MIB) branch implemented by Server Administrator is identified by the Object Identifier (OID) 1.3.6.1.4.1.674. Management applications must have access to this branch of the MIB tree to manage systems running Server Administrator. For Red Hat Enterprise Linux and VMware ESXi 4.0 operating systems, the default SNMP agent configuration gives readonly access for the public community only to the MIB-II system branch (identified by the 1.3.
Enabling SNMP Set Operations SNMP Set operations must be enabled on the system running Server Administrator in order to change Server Administrator attributes using IT Assistant. To enable SNMP Set operations on the system running Server Administrator, edit the SNMP agent configuration file, /etc/snmp/snmpd.conf, and perform the following steps: 1. Find the line that reads: access publicgroup "" any noauth exact all none none or access notConfigGroup "" any noauth exact all none none. 2.
To enable SNMP access from a specific remote host to a system running Server Administrator, edit the SNMP agent configuration file, /etc/snmp/snmpd.conf, and perform the following steps: 1. Find the line that reads: rocommunity public 127.0.0.1. 2. Edit or copy this line, replacing 127.0.0.1 with the remote host IP address. When edited, the new line should read: rocommunity public IP_address.
167. Any SNMP request on the VMware MIB branch is rerouted to the vmware-hostd using the proxy feature of the snmpd daemon. The VMWware SNMP configuration file can be modified manually on the ESX server or by running the VMware Remote Command-Line Interface (RCLI) command, vicfg-snmp, from a remote system (Windows or Linux). The RCLI tools can be downloaded from the VMware website at vmware.com/download/vi/drivers_tools.html. To configure the SNMP agent: 1.
8. Run the following command to ensure that the SNMP ports are open before sending traps to the management station: esxcfg-firewall -e snmpd. Configuring The SNMP Agent On Systems Running Supported VMware ESXi 4.X And ESXi 5.X Operating Systems Server Administrator supports SNMP traps on VMware ESXi 4.X and ESXi 5.X. If a stand-alone license is only present, SNMP configuration fails on VMware ESXi operating systems. Server Administrator does not support SNMP Get and Set operations on VMWare ESXi 4.
NOTE: This command is available only if you have performed a default installation of the operating system. The Choose a Tool menu appears. 2. Select Firewall Configuration using the down arrow and press . The Firewall Configuration screen appears. 3. Press to select Security Level and then press the spacebar to select the security level you want to set. The selected Security Level is indicated by an asterisk. NOTE: For more information about the firewall security levels, press .
Using Server Administrator 3 To start a Server Administrator session, double-click the Dell OpenManage Server Administrator icon on your desktop. The Server Administrator Log in screen is displayed. The default port for Dell OpenManage Server Administrator is 1311. You can change the port, if required. For instructions on setting up your system preferences, see Dell Systems Management Server Administration. NOTE: Servers running on XenServer 6.
1. Double-click the Dell OpenManage Server Administrator icon on your desktop. 2. Type the managed system's IP Address or system name or Fully Qualified Domain Name (FQDN). NOTE: If you have entered the system name or FQDN, Dell OpenManage Server Administrator Web Server host converts the system name or FQDN to the IP address of the managed system. You can also enter the port number of the managed system. For example, Hostname:Port number, or IP address:Port number.
NOTE: When you launch Server Administrator using either Mozilla Firefox version 3.0 and 3.5 or Microsoft Internet Explorer version 7.0 or 8.0, an intermediate warning page may appear displaying a problem with security certificate. To ensure system security, it is recommended that you generate a new X.509 certificate, reuse an existing X.509 certificate, or import a root certificate or certificate chain from a Certification Authority (CA).
Configuring Security Settings On Systems Running A Supported Microsoft Windows Operating System You must configure the security settings for your browser to log in to Server Administrator from a remote management system that is running a supported Microsoft Windows operating system. The security settings for your browser may prevent the execution of client-side scripts that are used by Server Administrator.
5. Click OK to save the new settings. 6. Close the browser. 7. Log in to Server Administrator. The Server Administrator Home Page NOTE: Do not use your Web browser toolbar buttons (such as Back and Refresh) while using Server Administrator. Use only the Server Administrator navigation tools. With only a few exceptions, the Server Administrator home page has three main areas: • The global navigation bar provides links to general services.
Figure 1. Sample Server Administrator Home Page — Non-Modular System The following figure shows a sample Server Administrator home page layout for a user logged in with administrator privileges on a modular system. Figure 2. Sample Server Administrator Home Page — Modular System Clicking an object in the system tree opens a corresponding action window for that object.
Server Administrator User Interface Differences Across Modular And Non-Modular Systems The following table lists the availability of Server Administrator features across modular and non-modular systems. Table 7.
• Click Support to connect to the Dell Support website. • Click About to display Server Administrator version and copyright information. • Click Log Out to end the current Server Administrator program session. System Tree The system tree appears on the left side of the Server Administrator home page and lists the components of your system that are viewable. The system components are categorized by component type.
Description Icon The component's health status is unknown. Task Buttons Most windows opened from the Server Administrator home page contain at least five task buttons: Print, Export, Email, Help and Refresh. Other task buttons are included on specific Server Administrator windows. The Log window, for example, also contain Save As and Clear Log task buttons. • Clicking Print ( • Clicking Export ( ) generates a text file that lists the values for each data field on the open window.
Using The Online Help Context-sensitive online help is available for every window of the Server Administrator home page. Clicking Help opens an independent help window that contains detailed information about the specific window you are viewing. The online help is designed to guide you through the specific actions required to perform all aspects of the Server Administrator services.
Managed System Preferences When you log in to a remote system, the Preferences home page defaults to the Node Configuration window under the Preferences tab. Click the Server Administrator object to enable or disable access to users with User or Power User privileges. Depending on the user’s group privileges, the Server Administrator object action window may have the Preferences tab.
Secure Port System Perform the following steps to set up your secure port system preferences: 1. Click Preferences on the global navigation bar. The Preferences home page appears. 2. Click General Settings. 3. In the Server Preferences window, set options as necessary. – The Session Timeout (minutes) feature can be used to set a limit on the amount of time that a Server Administrator session can remains active.
TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA NOTE: The 128-bit or Higher option does not allow connections from browsers with lower SSL encryption strength, such as 40 bit and 56 bit. – Key Signing Algorithm (For Self Signed Certificate) — Allows you to select a supported signing algorithm. If you select either SHA 512 or SHA 256, ensure that your operating system/browser supports this algorithm.
Server Administrator Web Server Action Tabs The following are the action tabs that are displayed when you log in to manage the Server Administrator web server: • Properties • Shutdown • Logs • Alert Management • Session Management Using The Server Administrator Command Line Interface The Server Administrator command line interface (CLI) allows users to perform essential systems management tasks from the operating system command prompt of a monitored system.
Server Administrator Services 4 The Dell OpenManage Server Administrator Instrumentation Service monitors the health of a system and provides rapid access to detailed fault and performance information gathered by industry-standard systems management agents. The reporting and viewing features allow retrieval of the overall health status for each chassis that comprises your system.
Managing System/Server Module Tree Objects The Server Administrator system/server module tree displays all visible system objects based on the software and hardware groups that Server Administrator discovers on the managed system and on the user's access privileges. The system components are categorized by component type.
Under the Properties tab, you can: • View the chassis information for the modular system being monitored. • View detailed Chassis Management Controller (CMC) information for the modular system being monitored. Accessing And Using Chassis Management Controller To launch the Chassis Management Controller Log in window from the Server Administrator home page: 1. Click the Modular Enclosure object 2. Click the CMC Information tab, and then click Launch the CMC Web Interface.
NOTE: The functionality of the watchdog timer feature cannot be guaranteed when an uncorrectable memory event occurs in the system DRAM Bank_1. If an uncorrectable memory event occurs in this location, the BIOS code resident in this space may become corrupted. Because the watchdog feature uses a call to BIOS to effect the shutdown or reboot behavior, the feature may not work properly. If this occurs, you must manually reboot the system. The watchdog timer can be set to a maximum of 720 seconds.
NOTE: Server Administrator does not display the scope ID of the IPv6 address in its graphical user interface. • View current SNMP trap alert thresholds and set the alert threshold levels for instrumented system components. The selected traps are triggered if the system generates a corresponding event at the selected severity level. NOTE: Alert actions for all potential system component sensors are listed on the Alert Actions window, even if they are not present on your system.
NOTE: Hardware performance is supported only on Dell PowerEdge xx0x and later systems. The Power Supplies option is not available on Dell PowerEdge 1900. Power management is supported on limited Dell PowerEdge xx0x and later systems. Power Supply Monitoring and Power Monitoring features are available only for systems that have two or more redundant, hot-swappable power supplies installed.
Batteries Click the Batteries object to view information about your system’s installed batteries. Batteries maintain the time and date when your system is turned off. The battery saves the system’s BIOS setup configuration, which allows the system to reboot efficiently. The Batteries object action window can have the following tabs, depending on the user’s group privileges: Properties and Alert Management.
NOTE: The NIC configuration information within the Server Administrator BIOS setup may be inaccurate for embedded NICs. Using the BIOS setup screen to enable or disable NICs might produce unexpected results. It is recommended that you perform all configurations for embedded NICs through the actual System Setup screen that is available by pressing while a system is booting. Fans Click the Fans object to manage your system fans.
Unknown Reason Normal [N/A] • Properties • Subtab: Information Under the Properties tab, you can view the details of system’s performance degradation. Intrusion Click the Intrusion object to manage your system's chassis intrusion status. Server Administrator monitors chassis intrusion status as a security measure to prevent unauthorized access to your system's critical components. Chassis intrusion indicates that someone is opening or has opened the cover of the system's chassis.
• View the current SNMP trap alert thresholds and set the alert threshold levels for memory modules. The selected traps are triggered if the system generates a corresponding event at the selected severity level. Network Click the Network object to manage your system's NICs. Server Administrator monitors the status of each NIC present in your system to ensure continuous remote connection. Dell OpenManage Server Administrator reports FCoE and iSoE capabilities of the NICs.
You can also view the System Instantaneous Headroom and System Peak Headroom. The values are displayed in both Watts and BTU/hr (British Thermal Unit). Power thresholds can be set in Watts and BTU/hr. The Statistics tab allows you to view and reset your system’s Power tracking statistics like energy consumption, system peak power, and system peak amperage.
Processors Click the Processors object to manage your system's microprocessor(s). A processor is the primary computational chip inside a system that controls the interpretation and execution of arithmetic and logic functions. The Processors object action window can have the following tabs, depending on the user's group privileges: Properties and Alert Management.
Under the Additional Configuration tab you can either enable or disable IPv4/IPv6 properties. NOTE: Enabling/disabling IPv4/IPv6 is possible only in a dual stack environment (where both the IPv4 and IPv6 stacks are loaded). Users Subtab: Users Under the Users tab, you can modify the remote access user configuration. You can add, configure, and view information about Remote Access Controller users. NOTE: On Dell PowerEdge x9xx systems: - Ten user IDs are displayed.
Under the Properties tab, you can view the current readings and status of your system's temperature probes and configure minimum and maximum values for temperature probe warning threshold. NOTE: Some temperature probe fields differ according to the type of firmware your system has such as BMC or ESM. Some threshold values are not editable on BMC-based systems. When assigning probe threshold values, Server Administrator sometimes rounds the minimum or maximum values you enter to the closest assignable value.
Properties Subtab: Information Under the Properties tab, you can view basic information about your operating system. Storage Server Administrator provides the Storage Management Service: The Storage Management Service provides features for configuring storage devices. In most cases, the Storage Management Service is installed using Typical Setup. The Storage Management Service is available on Microsoft Windows, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server operating systems.
• Perform X.509 certificate management by generating a new X.509 certificate, reusing an existing X.509 certificate, or importing a root certificate or certificate chain from a Certification Authority (CA). For more information about certificate management, see X.509 Certificate Management. Server Administrator Click the Server Administrator object to enable or disable access to users with User or Power User privileges and to configure the SNMP root password.
Working With Remote Access Controller 5 This chapter provides information about accessing and using the remote access features of BMC/iDRAC and DRAC. The Dell systems baseboard management controller (BMC)/Integrated Dell Remote Access Controller (iDRAC) monitors the system for critical events by communicating with various sensors on the system board and sends alerts and log events when certain parameters exceed their preset thresholds.
Main System Modular system System Non-modular system Main System Chassis Non-modular system For more information on the systems support for remote access devices, see the Dell Systems Software Support Matrix available at dell.com/support/manuals. Server Administrator allows remote, in-band access to event logs, power control, and sensor status information and provides the ability to configure the BMC/iDRAC.
IPv4 Address • IP Address Source • IP Address • IP Subnet • IP Gateway IPv6 Address • IP Address Source • IPv6 Address 1 • Default Gateway • IPv6 Address 2 • Link Local Address • DNS Address Source • Preferred DNS Server • Alternate DNS Server NOTE: You can view IPv4 and IPv6 address details only if you enable the IPv4 and IPv6 address properties under Additional Configuration in the Remote Access tab.
NOTE: The NIC Selection option is available only on yx1x systems and earlier. – Primary and Failover Network options For yx2x systems, the Primary Network options for Remote Management (iDRAC7) NIC are: LOM1, LOM2, LOM3, LOM4, and Dedicated. The Failover Network options are: LOM1, LOM2, LOM3, LOM4, All LOMs, and None. The dedicated option is available when the iDRAC7 Enterprise License is present and valid. NOTE: The number of LOMs varies based on the system or hardware configuration. 5.
1. Click the Modular Enclosure → System/Server Module → Main System Chassis/Main System → Remote Access . 2. Click the Configuration tab. 3. Click Serial Port. The Serial Port Configuration window appears. 4. Configure the following details: – Connection Mode Setting – Baud Rate – Flow Control 5. – Channel Privilege Level Limit Click Apply Changes. 6. Click Terminal Mode Settings. In the Terminal Mode Settings window, you can configure terminal mode settings for the serial port.
8. Click Apply Changes. 9. Click Go Back to Serial Over LAN Configuration to return to the Serial Over LAN Configuration window. Additional Configuration For iDRAC To configure the IPv4 and IPv6 properties using the Additional Configuration tab: 1. Click the Modular Enclosure → System/Server Module → Main System Chassis/Main System→ Remote Access object 2. Click the Configuration tab. 3. Click Additional Configuration. 4. Configure the IPv4 and IPv6 properties as Enabled or Disabled. 5.
Setting Platform Event Filter Alerts To configure the most relevant BMC features, such as Platform Event Filter (PEF) parameters and alert destinations using Server Administrator Instrumentation Service: 1. Click the System object. 2. Click the Alert Management tab. 3. Click Platform Events. The Platform Events window allows you to take individual action on specific platform events. You can select those events for which you want to take shutdown actions and generate alerts for selected actions.
NOTE: To generate an alert, you must select both Generate Alert and the Enable Platform Events Alerts settings. 7. Click Apply. 8. Click Apply to Platform Events Page to go back to the Platform Event Filters window. Setting Platform Event Alert Destinations You can also use the Platform Event Filters window to select a destination where an alert for a platform event is to be sent.
Server Administrator Logs 6 Server Administrator allows you to view and manage hardware, alert, and command logs. All users can access logs and print reports from either the Server Administrator home page or from its command line interface. Users must be logged in with Administrator privileges to clear logs or must be logged in with Administrator or Power User privileges to e-mail logs to their designated service contact.
• Command Log Hardware Log On Dell PowerEdge x9xx and xx1x systems, use the hardware log to look for potential problems with your system's hardware components. the hardware log status indicator changes to critical status ( ) when the log file reaches 100 percent capacity. There are two available hardware logs, depending on your system: the Embedded System Management (ESM) log and the System Event Log (SEL).
Information displayed in the Alert log includes: • The severity level of the event • The event ID • The date and time that the event was captured • The category of the event • A description of the event NOTE: The log history may be required for future troubleshooting and diagnostic purposes. Therefore, it is recommended that you save the log files. For detailed information about alert messages, see the Server Administrator Messages Reference Guide at dell.com/ support/manuals.
Setting Alert Actions 7 Setting Alert Actions For Systems Running Supported Red Hat Enterprise Linux And SUSE Linux Enterprise Server Operating Systems When you set alert actions for an event, you can specify the action to display an alert on the server. To perform this action, Server Administrator sends a message to /dev/console. If the Server Administrator system is running an X Window System, the messsage is not displayed.
To resolve this issue, first call the command processor cmd.exe to start your script. For example, the alert action value to execute an application can be set as follows: c:\winnt\system32\cmd.exe /c d:\example\example1.vbs where d:\example\example1.vbs is the full path to the script file. Do not set a path to an interactive application (an application that has a graphical user interface or which requires user input) in the absolute path to the application field.
Table 13. PEF Alert Events Event Description Fan Probe Failure The fan is running too slow or not at all. Voltage Probe Failure The voltage is too low for proper operation. Battery Probe Warning The battery is operating below the recommended charge level. Battery Probe Failure The battery has failed. Discrete Voltage Probe Failure The voltage is too low for proper operation. Temperature Probe Warning The temperature is approaching excessively high or low limits.
Troubleshooting 8 Connection Service Failure On Red Hat Enterprise Linux, whenSELinux is set to enforced mode , the Dell Systems Management Server Administrator (SM SA) Connection service fails to start. Perform one of the following steps and start this service: • Set SELinux to Disabled mode or to Permissive mode. • Change the SELinux allow_execstack property to ON state. Run the following command: a. setsebool allow_execstack on • Change the security context for the SM SA connection service.
Fixing A Faulty Server Administrator Installation On Supported Windows Operating Systems You can fix a faulty installation by forcing a reinstall and then performing an uninstall of Server Administrator. To force a reinstall: 1. Check the version of Server Administrator that was previously installed. 2. Download the installation package for that version from support.dell.com. 3. Locate SysMgmt.msi in the srvadmin\windows\SystemsManagement directory. 4.
Service Name Description Impact of Failure Recovery Mechanism Severity NOTE: If the 32-bit compatibility libraries are not installed on a 64-bit Linux system, the shared services fail to start the inventory collector and display the error message libstdc++.so.5 is required to run the Inventory Collector. The srvadmin-cm.rpm provides the binaries for the inventory collector. For the list of RPMs that srvadmin-cm depends on, see the OpenManage Server Administrator Installation Guide available at dell.
Frequently Asked Questions 9 This section lists the frequently asked questions about OpenManage Server Administrator. NOTE: The following questions are not specific to this release of Server Administrator. 1. Why does ESXi 4.x (4.0 U3) and ESXi 5.x host rebooting functionality fail from OpenManage Server Administrator? This issue is due to VMware stand-alone license (SAL) key. For more information, see the knowledge base article at kb.vmware.com/kb/kb1026060. 2.
9. Can Server Administrator send e-mails when there is a problem? No, Server Administrator is not designed to send e-mails when there is a problem. 10. Is SNMP required for ITA discovery, inventory, and software updates on PowerEdge systems? Can CIM be used by itself for discovery, inventory, and updates or is SNMP required? ITA communicating with Linux systems: SNMP is required on the Linux system for discovery, status polling, and inventory.
auth required pam_stack.so service=system-auth auth required /lib64/ security/pam_nologin.so account required pam_stack.
