C H A P T E R 3 |
Initial ILOM Setup Procedures Using the ILOM CLI |
To log in to the ILOM CLI for the first time, you use the default root user account and its default password changeme. After you set up your network environment, you can establish an Administrative user account using an assigned user account name and password.
Log In to ILOM Using the root User Account |
To log in to the ILOM CLI for the first time, use SSH and the root user account.
1. To log in to the ILOM CLI using the root user account, type:
$ ssh root@system_ipaddress
If ILOM is operating in a dual-stack network environment, the system_ipaddress can be entered using either an IPv4 or IPv6 address format.
For IPv6 - [fec0:a:8:b7:214:4fff:5eca:5f7e/64]
The ILOM Login prompt appears.
For more information about entering IP addresses in a dual-stack environment, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.
2. Type the default user name and password:
The ILOM CLI prompt appears (->).
The following CLI procedure provides instructions for configuring ILOM to operate in a dual-stack IPv4 and IPv6 network environment. For a detailed description about configuring ILOM in the IPv4 and IPv6 network environment, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.
If you are configuring ILOM to operate in an IPv4-only network environment, as is supported in ILOM 3.0.10 and earlier versions of ILOM, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 CLI Procedures Guide.
By default, ILOM will attempt to obtain the IPv4 address using DHCPv4 and the IPv6 address using IPv6 stateless.
Configure IPv4 and IPv6 Settings Using the CLI |
1. Log in to the ILOM SP CLI or the CMM CLI.
Establish a local serial console connection or SSH connection to the server SP or CMM.
2. Perform the network configuration instructions that apply to your network environment:
3. For IPv4 network configurations, use the cd command to navigate to the /x/network working directory for the device.
4. Type the show command to view the configured IPv4 network settings configured on the device.
5. To set IPv4 network settings for DHCP or static, perform one of the following:
6. For IPv6 network configurations, use the cd command to navigate to the /x/network/ipv6 working directory for the device.
7. Type the show command to view the configured IPv6 network settings configured on the device.
For example, see the following sample output values for the IPv6 properties on a server SP device:.
8. To configure an IPv6 auto-configuration option, use the set command to specify the following auto-configuration property values.
The following information is relevant to the IPv6 autoconfig options:
9. To set a pending static IPv6 address, specify the following property values:
10. To commit the pending IPv6 static network parameters, perform the following steps:
a. Use the cd command to change the directory to the device network target.
b. Type the following command to commit the changed property values for IPv6:
To test the IPv4 or IPv6 network configuration from ILOM use the Network Test Tools (Ping and Ping6). For details, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 CLI Procedures Guide.
After you log in to ILOM using the root user account, you can choose either to create a local user account or to configure a directory service. For detailed information about ILOM user accounts and directory services, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.
Learn how to add a user account and assign user roles (privileges) |
|
Learn how to verify that the new user account or directory service is working properly |
|
Add User Account and Assign Privileges |
2. Type the following command and your password to add a local user account:
--> create /SP/users/username password=password
-> create /SP/users/user5 Creating user... Enter new password: ******** Enter new password again: ******** Created /SP/users/user5
3. Type the following command to assign roles to a user account:
--> set /SP/users/username role=aucr
-> set /SP/users/user5 role=aucr Set ’role’ to ’aucr’
For a description of the user account roles, see Add User Account and Assign Privileges.
Configure ILOM for Active Directory |
1. Log in to the ILOM CLI using the root user account.
2. Use the show command to view the top-level properties. Type:
3. Use the show command to view information in the tables. Type:
-> show /SP/clients/activedirectory/name/n
Where n is 1 through 5, and where name is one of the following:
You can use the show command to retrieve the certificate properties:
You can also use the show command to retrieve the alternate server certificate properties:
4. Use the set command to configure top-level properties.
-> set address=10.5.121.321 Set ’address’ to 10.5.121.321 ->set ...etc. for defaultrole, dnslocator, logdetail, port, state, stricmode, timeout |
5. Use the set command to load a certificate or to modify properties.
-> set /SP/clients/activedirectory/cert load_uri=tftp://10.6.143.192/sales/cert.cert Set ’load_uri’ to ’tftp://10.6.143.192/sales/cert.cert’ |
-> set /SP/clients/activedirectory/alternateservers/1/cert load_uri=tftp://10.6.143.192/sales/cert.cert Set ’load_uri’ to ’tftp://10.6.143.192/sales/cert.cert’ |
-> set /SP/clients/activedirectory/admingroups/1 name=CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com Set 'name' to 'CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com' |
-> set /SP/clients/activedirectory/opergroups/1 name=CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com Set 'name' to 'CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com' |
-> set /SP/clients/activedirectory/userdomains/1 domain=username@sales.oracle.com Set 'domain' to 'username@sales.oracle.com' |
The DNS Locator service query identifies the named DNS service. The port ID is generally part of the record, but it can be overridden by using the format <PORT:636>. Also, named services specific for the domain being authenticated can be specified by using the <DOMAIN> substitution marker.
Configure ILOM for LDAP |
2. Use the set command to enter the proxy user name and password.
--> set /SP/clients/ldap binddn="cn=proxyuser, ou=people, ou=sales, dc=oracle, dc=com" bindpw=password
3. Enter the IP address or DNS name of the LDAP server. Type:
--> set /SP/clients/ldap address=ldap_ipaddress|DNS_name
4. (Optional) Assign the port used to communicate with the LDAP server; the default port is 389. Type:
--> set /SP/clients/ldap port=ldap_port
5. Enter the Distinguished Name of the branch of your LDAP tree that contains users and groups. Type:
--> set /SP/clients/ldap searchbase="ou=people, ou=sales, dc=oracle, dc=com"
This is the location in your LDAP tree that you want to search for user authentication.
6. Set the state of the LDAP service to enabled. Type:
--> set /SP/clients/ldap state=enabled
7. To verify that LDAP authentication works, log in to ILOM using an LDAP user name and password.
Note - ILOM searches local users before LDAP users. If an LDAP user name exists as a local user, ILOM uses the local account for authentication. |
Configure ILOM for LDAP/SSL |
LDAP/SSL offers enhanced security to LDAP users by way of Secure Socket Layer (SSL) technology. Certificates are optional if Strict Certificate Mode is used.
Follow these steps to configure ILOM for LDAP/SSL:
2. Use the show command to view top-level properties. Type:
3. Use the show command to view information in the tables. Type:
-> show /SP/clients/ldapssl/name/n
Where n is 1 through 5, and where name is one of the following:
You can use the show command to retrieve the certificate properties:
You can also use the show command to retrieve the alternate server certificate properties:
4. Use the set command to configure top-level properties.
-> set address=10.5.121.321 Set ’address’ to 10.5.121.321 ->set ...etc. for defaultrole, logdetail, port, state, strictmode, timeout |
5. Use the set command to load a certificate or to modify properties.
-> set /SP/clients/ldapssl/cert load_uri=tftp://10.6.142.192/sales/cert.cert Set ’load_uri’ to ’tftp://10.6.142.192/sales/cert.cert’ |
-> set /SP/clients/ldapssl/alternateservers/1/cert load_uri=tftp://10.6.142.192/sales/cert.cert Set ’load_uri’ to ’tftp://10.6.142.192/sales/cert.cert’ |
-> set /SP/clients/ldapssl/admingroups/1 name=CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com Set 'name' to 'CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com' |
-> set /SP/clients/ldapssl/opergroups/1 name=CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com Set 'name' to 'CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com' |
Note - In the example below, <USERNAME> represents a user’s login name. During authentication, the user’s login name replaces <USERNAME>. |
-> set /SP/clients/ldapssl/userdomains/1 name=<USERNAME>@uid=<USERNAME>,OU=people,DC=oracle,DC=com Set 'domain' to 'uid=<USERNAME>,OU=people,DC=oracle,DC=com’ |
Configure ILOM for RADIUS |
2. To display the properties of RADIUS, type:
-> show /SP/clients/radius /SP/clients/radius Targets: Properties: address = 0.0.0.0 defaultrole = Operator port = 1812 secret = (none) state = disabled |
3. Use the set command to modify properties.
-> set /SP/clients/radius ipaddress=1.2.3.4 port=1812 state=enabled defaultrole=administrator secret=changeme
For a description of the RADIUS settings, see Configure ILOM for RADIUS.
Log In to ILOM Using a New User Account |
Use this procedure to log in to ILOM to verify that the non-root user account is functioning properly.
Follow these steps to log in to ILOM as a non-root account user:
1. Using a Secure Shell (SSH) session, log in to ILOM by specifying your user name and IP address of the server SP or CMM.
$ ssh root@system_ipaddress
$ ssh -l username ipaddress
If ILOM is operating in a dual-stack network environment, the system_ipaddress can be entered using either an IPv4 or IPv6 address format.
For IPv6 - [fec0:a:8:b7:214:4fff:5eca:5f7e/64]
The ILOM Login prompt appears.
For more information about entering IP addresses in a dual-stack environment, and for diagnosing connection issues, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.
2. Type the user name and password for the user account.
<hostname>: <assigned_username>
The ILOM CLI prompt appears (->).
Log Out of ILOM |
-> exit
You can now continue to customize your ILOM configuration for your system and data center environment. Before you configure ILOM for your environment, refer to the Oracle Integrated Lights Out Manager 3.0 Concepts Guide for an overview of the new ILOM 3.0 features and functionality. Knowing how the new ILOM features will affect your environment will help you configure ILOM settings so that you can access all of ILOM’s capabilities in your system and data center.
Also refer to the Oracle ILOM 3.0 Procedures Guides for descriptions of how to perform ILOM tasks using a specific user interface and to your platform ILOM Supplement or platform Administration guide for platform-specific configuration instructions.
The ILOM 3.0 Documentation Collection can be found at:
http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.