Manage User Accounts Using SNMP
|
Topics
|
|
Description
|
Links
|
Review the prerequisites
|
|
Configure user accounts
|
|
Configure Active Directory settings
|
|
Configure LDAP settings
|
|
Configure LDAP/SSL settings
|
|
Configure RADIUS settings
|
|
Related Topics
|
|
|
For ILOM
|
Section
|
Guide
|
|
|
Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide (820-6410)
|
|
|
Oracle Integrated Lights Out Manager (ILOM) 3.0 Web Interface Procedures Guide (820-6411)
|
|
|
Oracle Integrated Lights Out Manager (ILOM) 3.0 CLI Procedures Guide (820-6412)
|
The ILOM 3.0 Documentation Collection is available at: http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic
|
Before You Begin
Prior to performing the procedures in this chapter, you must ensure that the following requirements are met:
- To view user account information, you need the Read Only (o) role enabled.
- To configure user account information, you need the User Management (u) role enabled.
- To execute the snmpset command, you need to use an SNMP v1 or v2c community or an SNMP v3 user account with read/write (rw) privileges.
- For examples of SNMP commands, see SNMP Command Examples.
Note - The example SNMP commands presented in this section are based on the Net-SNMP sample applications and, therefore, will only work as presented if you have Net-SNMP and the Net-SNMP sample applications installed.
|
Configuring User Accounts
Topics
|
|
Description
|
Links
|
Configure user accounts
|
|
Configure User Accounts
|
Note - You can use get and set commands to configure user account MIB object settings. For a description of the MIB objects used in this procedure, see User Account MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. To create a new user account with a user role of Operator, type:
% snmpset -v2c -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLocalUserRowStatus.'user1' i 4 ilomCtrlLocalUserRoles.'user1' s "operator" ilomCtrlLocalUserPassword.'user1' s "password"
|
3. To delete a user account, type:
% snmpset -v2c -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLocalUserRowStatus.'user1' i 6
|
User Account MIB Objects
The following MIB objects, properties, values, and types are valid for local user accounts.
TABLE 4-1 Valid MIB Objects, Properties, Values, and Types for Local User Accounts
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlLocal
UserUsername
|
A local user use rname. It must start with an alphabetical letter and may contain alphabetical letters, digits, hyphens and underscores, but cannot contain spaces. It cannot be the same as the password.
|
username
|
String
|
None
|
ilomCtrlLocal
UserPassword
|
A local user password.
|
password
|
String
|
None
|
ilomCtrlLocal
UserRoles
|
Specifies the role that is associated with a user. The roles can be assigned for the legacy roles of ’Administrator’ or ’Operator’, or any of the individual role IDs of ’a’, ’u’, ’c’, ’r’, ’o’ and ’s’. The role IDs can be joined together. For example, ’aucros’, where a=admin, u=user, c=console, r=reset, o=read-only, s=service.
|
administrator,
operator,
admin(a),
user(u),
console(c),
reset(r),
read-only(o),
service(s)
|
String
|
None
|
ilomCtrlLocal
UserRowStatus
|
This object is used to create a new row or to delete an existing row in the table. This property can be set to either createAndWait(5) or destroy(6), to create and remove a user respectively.
|
active(1),
notInService(2),
notReady(3),
createAndGo(4),
createAndWait(5),
destroy(6)
|
Integer
|
None
|
ilomCtrlLocal
UserCLIMode
|
An enumerated value that describes the possible CLI modes. The default mode corresponds to the ILOM DMTF CLP. The alom mode corresponds to the ALOM CMT.
|
default(1),
alom(2)
|
Integer
|
None
|
Configure Single Sign On
|
Single Sign On is a convenient authentication service that reduces the number of times you need to enter a password to gain access to ILOM. Single Sign On is enabled by default. As with any authentication service, authentication credentials are passed over the network. If this is not desirable, consider disabling the Single Sign On authentication service.
Note - You can use the set command to configure single sign on MIB object settings. For a description of the MIB object used in this procedure, see Single Sign On MIB Object.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. To enable Single Sign On, type:
% snmpset -v2c -cprivate -mALL SNMP_agent_ipaddress ilomCtrlSingleSignonEnabled.0 i 1
|
Single Sign On MIB Object
The following MIB object, value, and type are valid for Single Sign On.
TABLE 4-2 Valid MIB Object, Value, and Type for Single Sign On
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlSingl
SignonEnabled
|
Specifies whether Single Sign On (SSO) authentication should be enabled on the device. SSO allows tokens to be passed so that it is not necessary to re-enter passwords between different applications. This allows SSO between the system controller (SC) web interface and the service processor (SP) web interface, between the SC command-line interface and the SP command-line interface, and between the SC and SP interfaces and the Java Remote Console application.
|
true(1),
false(2)
|
Integer
|
None
|
Configuring Active Directory Settings
Topics
|
|
Description
|
Links
|
Configure Active Directory Settings
|
|
View and Configure Active Directory Settings
|
Note - You can use the get and set commands to view and configure Active Directory settings. For a description some of the MIB objects used in this procedure, see Active Directory MIB Objects. For descriptions of the other MIB objects, see the SUN-ILOM-CONTROL-MIB.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view the Active Directory state, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryEnabled.0
|
- To enable the Active Directory, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryEnabled.0 i 1
|
- To view the Active Directory port number, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryPortNumber.0
|
- To set the Active Directory port number, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryPortNumber.0 i portnumber
|
- To view the Active Directory default user roles, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryDefaultRoles.0
|
- To set the Active Directory default user roles, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryDefaultRoles.0 s acro
|
- To view the Active Directory certificate file URI, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertFileURI.0
|
- To set the Active Directory certificate file URI, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertFileURI.0 s URI
|
- To view the Active Directory time out, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryTimeout.0
|
- To set the Active Directory time out, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryTimeout.0 i 6
|
- To view the Active Directory certificate validation mode, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryStrictCertEnabled.0
|
- To set the Active Directory certificate validation mode, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryStrictCertEnabled.0 i 1
|
- To view the Active Directory certificate file status, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertFileStatus.0
|
- To view the event log setting for the amount of messages sent to the event log, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryLogDetail.0
|
- To configure the event log setting so that only the highest priority messages are sent to the event log, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryLogDetail.0 i 2
|
- To view the role that user1 is to have when authenticated via Active Directory, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryDefaultRoles.’user1’
|
- To specify the Admin (a) role for user1 when authenticated via Active Directory, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryDefaultRoles.’user1’ s a
|
- To view and clear the certificate information associated with the server when it is set to true, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertClear.0
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertClear.0 i 0
|
- To view the version of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertVersion.0
|
- To view the serial number of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertserialNo.0
|
- To view the issuer of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertIssuer.0
|
- To view the subject of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertSubject.0
|
- To view the valid start date of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertValidBegin.0
|
- To view the valid end date of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirectoryCertValidEnd.0
|
Active Directory MIB Objects
The following MIB objects, values, and types are valid for the Active Directory
TABLE 4-3 Valid MIB Objects, Values, and Types for Active Directory
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlActive
Directory
Enabled
|
Specifies whether the Active Directory client is enabled.
|
true(1),
false(2)
|
Integer
|
true
|
ilomCtrlActive
DirectoryIP
|
The IP address of the Active Directory server used as a name service for user accounts.
|
ipaddress
|
String
|
None
|
ilomCtrlActive
Directory
PortNumbe
|
Specifies the port number for the Active Directory client. Specifying zero as the port means auto-select while specifying 1 to 65535 configures the actual port.
|
portnumber
Range: 0 to 65535
|
Integer
|
None
|
ilomCtrl
Active
Directory
DefaultRoles
|
Specifies the role that a user authenticated via Active Directory should have. Setting this property to legacy roles of ’Administrator’ or ’Operator’, or any of the individual role IDs of ’a’, ’u’, ’c’, ’r’, ’o’ and ’s’ will cause the Active Directory client to ignore the schema stored on the Active Directory server. Setting this to ’none’ clears the value and indicates that the native Active Directory schema should be used. The role IDs can be joined together. For example, ’aucros,’ where a=admin, u=user, c=console, r=reset, o=read-only, and s=service.
|
administrator,
operator,
admin(a),
user(u),
console(c),
reset(r),
read-only(o),
service(s),
none
|
String
|
None
|
ilomCtrlActive
Directory
CertFileURI
|
This is the URI of a certificate file needed when Strict Certificate Mode is enabled. Setting the URI causes the transfer of the file, making the certificate available immediately for certificate authentication.
|
URI
|
String
|
None
|
ilomCtrlActive
Directory
Timeout
|
Specifies the number of seconds to wait before timing out if the Active Directory server is not responding.
|
Range: 1 to 20 seconds
|
Integer
|
4
|
ilomCtrlActive
Directory
StrictCert
Enabled
|
Specifies whether the Strict Certificate Mode is enabled for the Active Directory client. If enabled, the Active Directory certificate must be uploaded to the SP so that certificate validation can be performed when communicating with the Active Directory server.
|
true(1), false(2)
|
Integer
|
true
|
ilomCtrlActive
DirectoryCert
FileStatus
|
A string indicating the status of the certificate file. This is useful in determining whether a certificate file is present or not.
|
status
|
String
|
None
|
View and Configure Active Directory Administrator Groups Settings
|
Note - If you were using the Net-SNMP sample applications, you could use the snmpget and snmpset commands to configure the Active Directory Administrator Groups settings. For a description of the MIB objects used in this procedure, see Active Directory Administrator Groups MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. To view the name of Active Directory administrator group ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAdminGroupName.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAdminGroupName.2 = STRING: CN=spAdmins,DC=spc,DC=north,DC=sun,DC=com
|
3. To set the name of Active Directory administrator group ID number 2 to CN=spAdmins,DC=spc,DC=south,DC=sun,DC=com, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAdminGroupName.2 s CN=spAdmins,DC=spc,DC=south,DC=sun,DC=com
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAdminGroupName.2 = STRING: CN=spAdmins,DC=spc,DC=south,DC=sun,DC=com
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAdminGroupName.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAdminGroupName.2 = STRING: CN=spAdmins,DC=spc,DC=south,DC=sun,DC=com
|
Active Directory Administrator Groups MIB Objects
The following MIB objects, values, and types are valid for Active Directory Administrator Groups settings.
TABLE 4-4 Valid MIB Objects, Values, and Types for Active Directory Administrator Groups Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlActive
DirAdminGroupId
|
An integer identifier of the Active Directory Administrator Groups entry.
|
1 to 5
Note - This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlActive
DirAdminGroup
Name
|
This string should contain a Distinguished Name that exactly matches one of the group names on the Active Directory server. Any user belonging to one of these groups in this table will be assigned the ILOM role of Administrator.
|
name (maximum of 255 characters)
|
String
|
None
|
View and Configure Active Directory Operator Groups Settings
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. To view the name of Active Directory operator group ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirOperatorGroupName.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirOperatorGroupName.2 = STRING: ad-oper-group-ent-2
|
3. To set the name of Active Directory operator group ID number 2 to new-name-2, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirOperatorGroupName.2 s new-name-2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirOperatorGroupName.2 = STRING: new-name-2
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirOperatorGroupName.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirOperatorGroupName.2 = STRING: new-name-2
|
Active Directory Operator Groups MIB Objects
The following MIB objects, values, and types are valid Active Directory Operator Groups settings.
TABLE 4-5 Valid MIB Objects, Values, and Types for Active Directory Operator Groups Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlActive
DirOperator
GroupId
|
An integer identifier of the Active Directory Operator Groups entry.
|
1 to 5
Note - This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlActive
DirOperator
GroupName
|
This string should contain a Distinguished Name that exactly matches one of the group names on the Active Directory server. Any user belonging to one of these groups in this table will be assigned the ILOM role of Operator.
|
name (maximum of 255 characters)
|
String
|
None
|
View and Configure Active Directory Custom Groups Settings
|
Note - You can use the get and set commands to configure the Active Directory Custom Groups settings. For a description of the MIB objects used in this procedure, see Active Directory Custom Groups MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. To view the name of Active Directory custom group ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirCustomGroupName.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirCustomGroupName.2 = STRING: CN=SpSuperCust,OU=Groups,DC=johns,DC=sun,DC=com
|
3. To set the name of Active Directory custom group ID number 2 to CN=SpSuperCust,OU=Groups,DC=bills,DC=sun,DC=com, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirCustomGroupName.2 s CN=SpSuperCust,OU=Groups,DC=bills,DC=sun,DC=com
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirCustomGroupName.2 = STRING: CN=SpSuperCust,OU=Groups,DC=bills,DC=sun,DC=com
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirCustomGroupName.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirCustomGroupName.2 = STRING: CN=SpSuperCust,OU=Groups,DC=bills,DC=sun,DC=com
|
4. To view the roles of Active Directory custom group ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirCustomGroupRoles.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirCustomGroupRoles.2 = STRING: "aucro"
|
5. To set the roles of Active Directory custom group ID number 2 to User Management and Read Only (u,o), type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirCustomGroupRoles.2 s “uo"
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirCustomGroupRoles.2 = STRING: "uo"
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirCustomGroupRole.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirCustomGroupRoles.2 = STRING: "uo"
|
Active Directory Custom Groups MIB Objects
The following MIB objects, values, and types are valid for Active Directory Custom Groups settings.
TABLE 4-6 Valid MIB Objects, Values, and Types for Active Directory Custom Groups Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlActive
DirCustomGroup
Id
|
An integer identifier of the Active Directory Custom Groups entry.
|
1 to 5
This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlActive
DirCustomGroup
Name
|
This string should contain a Distinguished Name that exactly matches one of the group names on the Active Directory server. Any user belonging to one of these groups in this table will be assigned the ILOM role based on the entry’s configuration for roles.
|
name (maximum of 255 characters)
|
String
|
None
|
ilomCtrlActiveDirCustom
GroupRoles
|
Specifies the role that a user authenticated via Active Directory should have. Setting this property to legacy roles of ’Administrator’ or ’Operator’, or any of the individual role IDs of ’a’, ’u’, ’c’, ’r’, ’o’ and ’s’ will cause the Active Directory client to ignore the schema stored on the Active Directory server. Setting this object to ’none’ clears the value and indicates that the native Active Directory schema should be used. The role IDs can be joined together. For example, ’aucros,’ where a=admin, u=user, c=console, r=reset, o=read-only, and s=service.
|
administrator,
operator,
admin(a),
user(u),
console(c),
reset(r),
read-only(o),
service(s),
none
|
String
|
None
|
View and Configure Active Directory User Domain Settings
|
Note - You can use the get and set commands to configure the Active Directory User Domain settings. For a description of the MIB objects used in this procedure, see Active Directory User Domain MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. To view the name of Active Directory user domain ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirUserDomain.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirUserDomain.2 = STRING: <USERNAME>@davidc.example.sun.com
|
3. To set the name of Active Directory user domain ID number 2 to <USERNAME>@johns.example.sun.com, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirUserDomain.2 s “<USERNAME>@johns.example.sun.com”
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirUserDomain.2 = STRING: <USERNAME>@johns.example.sun.com
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirUserDomain.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirUserDomain.2 = STRING: <USERNAME>@johns.example.sun.com
|
Active Directory User Domain MIB Objects
The following MIB objects, values, and types are valid for Active Directory User Domain settings.
TABLE 4-7 Valid MIB Objects, Values, and Types for Active Directory User Domain Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlActive
DirUserDomain
Id
|
An integer identifier of the Active Directory domain.
|
1 to 5
This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlActive
DirUserDomain
|
This string should match exactly with an authentication domain on the Active Directory server. This string should contain a substitution string (<USERNAME>), which will be replaced with the user’s login name during authentication. Either the principle or Distinguished Name format is allowed.
|
name (maximum of 255 characters)
|
String
|
None
|
View and Configure Active Directory Alternate Server Settings
|
Note - You can use the get and set commands to set the values of MIB object properties to configure the Active Directory Alternate Server settings. For a description of the MIB objects used in this procedure, see Active Directory Alternate Server MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view the IP address of Active Directory alternate server ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerIp.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAlternateServerIp.2 = IpAddress: 10.7.143.236
|
- To set the IP address of Active Directory alternate server ID number 2 to 10.7.143.246, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerIp.2 a 10.7.143.246
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAlternateServerIp.2 = IpAddress: 10.7.143.246
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerIp.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAlternateServerIp.2 = IpAddress: 10.7.143.246
|
- To view the port number of Active Directory alternate server ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerPort.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAlternateServerPort.2 = INTEGER: 636
|
- To set the port number of Active Directory alternate server ID number 2 to 639, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerPort.2 i 639
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAlternateServerPort.2 = INTEGER: 639
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerIp.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAlternateServerPort.2 = INTEGER: 639
|
- To view the certificate status of Active Directory alternate server ID number 2, type:
% snmpget -v2c -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertStatus.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAlternateServerCertStatus.2 = STRING: certificate not present
|
- To view the certificate URI of Active Directory alternate server ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertURI.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirAlternateServerCertURI.2 = STRING: none
|
- To clear the certificate information associated with the server when it is set to true, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertClear.0 i 1
|
- To view the certificate version of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertVersion.0
|
- To view the serial number of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertSerialNo.0
|
- To view the issuer of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertIssuer.0
|
- To view the subject of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertSubject.0
|
- To view the valid start date of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertValidBegin.0
|
- To view the valid end date of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlActiveDirAlternateServerCertValidEnd.0
|
Active Directory Alternate Server MIB Objects
The following MIB objects, values, and types are valid for Active Directory Alternate Server settings.
TABLE 4-8 Valid MIB Objects, Values, and Types for Active Directory Alternate Server Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlActive
DirAlternate
ServerId
|
An integer identifier of the Active Directory alternate server table.
|
1 to 5
This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlActive
DirAlternate
ServerIP
|
The IP address of the Active Directory alternate server used as a name service for user accounts.
|
ipaddress
|
String
|
None
|
ilomCtrlActiveDirAlternate
ServerPort
|
Specifies the port number for the Active Directory alternate server. Specifying 0 as the port indicates that auto-select will use the well known port number. Specifying 1-65535 is used to explicitly set the port number.
|
portnumber (range: 0 to 65535)
|
Integer
|
None
|
ilomCtrlActive
DirAlternate
ServerCert
Status
|
A string indicating the status of the certificate file. This is useful in determining whether a certificate file is present or not.
|
status (maximum size: 255 characters)
|
String
|
None
|
ilomCtrlActiveDirAlternate
ServerCertURI
|
This is the URI of a certificate file needed when Strict Certificate Mode is enabled. Setting the URI causes the transfer of the file, making the certificate available immediately for certificate authentication. Additionally, either remove or restore are supported for direct certificate manipulation.
|
URI
|
String
|
None
|
View and Configure Redundancy Settings
|
Note - You can use the get and set commands to view and configure redundancy settings. For a description of the MIB objects used in these commands, see the SUN-ILOM-CONTROL-MIB.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view the status of the server in a redundant configuration, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRedundancyStatus.0
|
- To view the property that controls whether the server is to be promoted or demoted from active or standby status, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRedundancyAction.0
|
- To promote a redundant server from standby to active status, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRedundancyAction.0 i 2
|
- To view the FRU name of the chassis monitoring module (CMM) on which this agent is running, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRedundancyFRUName.0
|
View and Configure Active Directory DNS Locator Settings
|
Note - You can use the get and set commands to configure the Active Directory DNS Locator settings. For a description of the MIB objects used in this procedure, see Active Directory DNS Locator MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. To view the state of Active Directory DNS Locator, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirDnsLocatorEnabled.0
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirDnsLocatorEnabled.0 = INTEGER: false(2)
|
3. To set the state of Active Directory DNS Locator ID number 2 to enabled, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirDnsLocatorEnabled.0 i 1
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirDnsLocatorEnabled.0 = INTEGER: true(1)
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirDnsLocatorEnabled.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirDnsLocatorEnabled.2 = INTEGER: true(1)
|
4. To view the service name of Active Directory DNS Locator ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirDnsLocatorQueryService.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirDnsLocatorQueryService.2 = STRING: _ldap._tcp.dc._msdcs.<DOMAIN>.<PORT:636>
|
5. To set the service name and port number of Active Directory DNS Locator ID number 2, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirDnsLocatorQueryService.2 s “_ldap._tcp.pdc._msdcs.<DOMAIN>.<PORT:936>”
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirDnsLocatorQueryService.2 = STRING: _ldap._tcp.pdc._msdcs.<DOMAIN>.<PORT:936>
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlActiveDirDnsLocatorQueryService.2
SUN-ILOM-CONTROL-MIB::ilomCtrlActiveDirDnsLocatorQueryService.2 = STRING: _ldap._tcp.pdc._msdcs.<DOMAIN>.<PORT:936>
|
Active Directory DNS Locator MIB Objects
The following MIB objects, values, and types are valid for Active Directory DNS Locator settings.
TABLE 4-9 Valid MIB Objects, Values, and Types for Active Directory DNS Locator Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlActive
DirDnsLocator
Enabled
|
Specifies whether or not the Active Directory DNS Locator functionality is enabled.
|
true(1), false(2)
|
Integer
|
false
|
ilomCtrlActive
DirDnsLocator
QueryId
|
An integer identifier of the Active Directory DNS Locator Query entry.
|
1 to 5
This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlActive
DirDnsLocator
QueryService
|
The service name that is used to perform the DNS query. The name may contain ’<DOMAIN>’ as a substitution marker, being replaced by the domain information associated for the user at the time of authentication. The service name may also contain ‘<PORT:> ’, which can be used to override any learned port information, if necessary. For example, <PORT:636> may be specified for the standard LDAP/SSL port 636.
|
name (maximum of 255 characters)
|
String
|
None
|
Configuring DNS Name Server
Topics
|
|
Description
|
Links
|
Configure DNS Name Server
|
|
View and Configure DNS Name Server Settings
|
Note - You can use the get and set commands to view and configure DNS name server settings. For a description of the MIB objects used in these commands, see the SUN-ILOM-CONTROL-MIB.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view and specify the name server for DNS, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSNameServers.0
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSNameServers.0 s ‘nameservername’
|
- To view and specify the search path for DNS, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSSearchPath.0
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSSearchPath.0 s ‘searchpath’
|
- To view state of DHCP autodns for DNS, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSdhcpAutoDns.0
|
- To set the state of DHCP autodns for DNS to enabled, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSdhcpAutoDns.0 i 1
|
- To view the number of seconds to wait before timing out if the server does not respond, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSTimeout.0
|
- To set the number of seconds to wait before timing out if the server does not respond to 5, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSTimeout.0 i 5
|
- To view the number of times a request is attempted again after a timeout, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSRetries.0
|
- To set the number of times a request is attempted again after a timeout to 5, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlDNSRetries.0 i 5
|
Configuring ILOM for LDAP
Topics
|
|
Description
|
Links
|
Configure ILOM for LDAP
|
|
Configure LDAP Settings
|
Note - You can use the get and set commands to configure ILOM for LDAP. For a description of the MIB objects used in this procedure, see ILOM for LDAP MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view whether the LDAP server is enabled to authenticate LDAP users, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapEnabled.0
|
- To set the LDAP server state to enabled to authenticate LDAP users, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapEnabled.0 i 1
|
- To view the LDAP server IP address, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapServerIP.0
|
- To set the LDAP server IP address, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapServerIP.0 a ipaddress
|
- To view the LDAP server port number, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapPortNumber.0
|
- To set the LDAP server port number, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapPortNumber.0 i 389
|
- To view the LDAP server Distinguished Name, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapBindDn.0
|
- To set the LDAP server Distinguished Name, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapBindDn.0 s ou=people,ou=sales,dc=sun,dc=com
|
- To view the LDAP server password, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapBindPassword.0
|
- To set the LDAP server password, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapBindPassword.0 s password
|
- To view the branch of your LDAP server on which user searches are made, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSearchBase.0
|
- To set the branch of your LDAP server on which to search for users, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSearchBase.0 s ldap_server_branch
|
- To view the LDAP server default role, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapDefaultRoles.0
|
- To set the LDAP server default role to Administrator, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapDefaultRoles.0 s administrator
|
ILOM for LDAP MIB Objects
The following MIB objects, values, and types are valid for ILOM for LDAP settings.
TABLE 4-10 Valid MIB Objects, Values, and Types for LDAP Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlLdap
Enabled
|
Specifies whether the LDAP client is enabled.
|
true(1),
false(2)
|
Integer
|
false
|
ilomCtrlLdap
ServerIP
|
The IP address of the LDAP server used as a name service for user accounts.
|
ipaddress
|
String
|
None
|
ilomCtrlLdap
PortNumber
|
Specifies the port number for the LDAP client.
|
Range: 0..65535
|
Integer
|
389
|
ilomCtrlLdap
BindDn
|
The Distinguished Name (DN) for the read-only proxy user used to bind to the LDAP server. For example: cn=proxyuser,ou=people,dc=sun,dc=com"
|
distinguished_name
|
String
|
None
|
ilomCtrlLdap
BindPassword
|
The password of a read-only proxy user which is used to bind to the LDAP server. This property is essentially write-only. The write-only access level is no longer supported as of SNMPv2. This property must return a null value when read.
|
password
|
String
|
None
|
ilomCtrlLdap
SearchBase
|
A search base in the LDAP database below which to find users. For example: “ou=people,dc=sun,dc=com"
|
The branch of your LDAP server on which to search for users
|
String
|
None
|
ilomCtrlLdap
DefaultRoles
|
Specifies the role that a user authenticated via LDAP should have. This property supports the legacy roles of ’Administrator’ or ’Operator’, or any of the individual role ID combinations of ’a’, ’u’, ’c’, ’r’, ’o’ and ’s’. For example, ‘aucros’, where a=admin, u=user, c=console, r=reset, o=read-only, and s=service.
|
administrator,
operator,
admin(a),
user(u),
console(c),
reset(r),
read-only(o),
service(s)
|
String
|
None
|
Configuring ILOM for LDAP/SSL
Topics
|
|
Description
|
Links
|
Configure LDAP/SSL settings
|
|
Configure LDAP/SSL Settings
|
Note - You can use the get and set commands to configure the LDAP/SSL settings. For a description of the MIB objects used in this procedure, see LDAP/SSL MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To set the LDAP/SSL state to Enabled to authenticate LDAP/SSL users, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslEnabled.0 i 1
|
- To set the LDAP/SSL IP address, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslIP.0 a ipaddress
|
- To set the LDAP/SSL port number, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslPortNumber.0 i portnumber
|
- To set the LDAP/SSL default user role, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslDefaultRoles.0 s operator
|
- To set the LDAP/SSL certificate file URI, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileURI.0 s URI
|
- To set the LDAP/SSL timeout, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslTimeout.0 i 6
|
- To set the LDAP/SSL strict certificate enabled value, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslStrictCertEnabled.0 s true
|
- To set the LDAP/SSL certificate file status, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileStatus.0 s status
|
- To set the LDAP/SSL log detail value to medium, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslLogDetail.0 i 3
|
LDAP/SSL MIB Objects
The following MIB objects, values, and types are valid for LDAP/SSL settings.
TABLE 4-11 Valid MIB Objects, Values, and Types (Global Variables) for LDAP/SSL Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlLdapSslEnabled
|
Specifies whether or not the LDAP/SSL client is enabled.
|
true(1),
false(2)
|
Integer
|
true
|
ilomCtrlLdapSslIP
|
The IP address of the LDAP/SSL server used as a directory service for user accounts.
|
ipaddress
|
String
|
None
|
ilomCtrlLdapSslPort
Number
|
Specifies the port number for the LDAP/SSL client. Specifying 0 as the port means auto-select while specifying 1-65535 configures the actual port value.
|
portnumber (range: 0 to 65535)
|
Integer
|
389
|
ilomCtrlLdapSslDefault
Roles
|
Specifies the role that a user authenticated via LDAP/SSL should have. Setting this property to legacy roles of ’Administrator’ or ’Operator’, or any of the individual role IDs of ’a’, ’u’, ’c’, ’r’, ’o’ and ’s’ will cause the LDAP/SSL client to ignore the schema stored on the LDAP server. Setting this object to ’none’ clears the value and indicates that the native LDAP/SSL schema should be used. The individual role IDs can be joined together in any combination of two or more roles. For example, this object can be set to ’aucros’, where a=admin, u=user, c=console, r=reset, o=read-only, and s=service.
|
administrator,
operator,
admin(a),
user(u),
console(c),
reset(r),
read-only(o),
service(s),
none
|
String
|
None
|
ilomCtrlLdapSslCertFile
URI
|
The TFTP URI of the LDAP/SSL server’s certificate file that should be uploaded in order to perform certificate validation. Setting the URI causes the transfer of the specified file, making the certificate available immediately for certificate authentication. The server certificate file is needed when Strict Certificate Mode is enabled. Additionally, either remove or restore are supported for direct certificate manipulation.
|
URI
|
String
|
None
|
ilomCtrlLdapSsl
Timeout
|
Specifies the number of seconds to wait before timing out if the LDAP/SSL server is not responding.
|
Range: 1 to 20
|
Integer
|
4
|
ilomCtrlLdapSslStrict
CertEnabled
|
Specifies whether or not the Strict Certificate Mode is enabled for the LDAP/SSL Client. If enabled, the LDAP/SSL server’s certificate must be uploaded to the SP so that certificate validation can be performed when communicating with the LDAP/SSL server.
|
true(1),
false(2)
|
Integer
|
true
|
ilomCtrlLdapSslCertFile
Status
|
A string indicating the status of the certificate file. This is useful in determining whether a certificate file is present or not.
|
status (maximum size: 255 characters)
|
String
|
None
|
ilomCtrlLdapSsl
LogDetail
|
Controls the amount of messages sent to the event log. The high priority has the least number of messages going to the log, while the lowest priority ’trace’ has the most messages logged. When this object is set to none, no messages are logged.
|
none(1),
high(2),
medium(3),
low(4),
trace(5)
|
Integer
|
None
|
View and Configure LDAP/SSL Certificate Settings
|
Note - You can use the get and set commands to view and configure LDAP/SSL certificate settings. For a description of the MIB objects used in these commands, see the SUN-ILOM-CONTROL-MIB.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To clear the certificate information associated with the server when it is set to true, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileClear.0 i 0
|
- To view the certificate version of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileVersion.0
|
- To view the serial number of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileSerialNo.0
|
- To view the issuer of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileIssuer.0
|
- To view the subject of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileSubject.0
|
- To view the valid start date of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileValidBegin.0
|
- To view the valid end date of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslCertFileValidEnd.0
|
View and Configure LDAP/SSL Administrator Groups Settings
|
Note - You can use the get and set commands to configure the LDAP/SSL Administrator Groups settings. For a description of the MIB objects used in this procedure, see LDAP/SSL Administrator Groups MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view the name of LDAP/SSL administrator group ID number 3, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslAdminGroupName.3
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslAdminGroupName.3 = STRING: CN=SpSuperAdmin,OU=Groups,DC=davidc,DC=example,DC=sun,DC=com
|
- To set the name of LDAP/SSL administrator group ID number 3 to CN=SpSuperAdmin,OU=Groups,DC=tomp,DC=example,DC=sun,DC=com, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslAdminGroupName.3 s CN=SpSuperAdmin,OU=Groups,DC=tomp,DC=example,DC=sun,DC=com
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslAdminGroupName.3 = STRING: CN=SpSuperAdmin,OU=Groups,DC=tomp,DC=example,DC=sun,DC=com
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslAdminGroupName.3
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslAdminGroupName.3 = STRING: CN=SpSuperAdmin,OU=Groups,DC=tomp,DC=example,DC=sun,DC=com
|
LDAP/SSL Administrator Groups MIB Objects
The following MIB objects, values, and types are valid for LDAP/SSL Administrator Groups settings.
TABLE 4-12 Valid MIB Objects, Values, and Types for LDAP/SSL Administrator Groups Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlLdap
SslAdminGroup
Id
|
An integer identifier of the LDAP/SSL AdminGroup entry.
|
1 to 5
Note - This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlLdap
SslAdminGroup
Name
|
This string should contain a Distinguished Name that exactly matches one of the group names on the LDAP/SSL server. Any user belonging to one of these groups in this table will be assigned the ILOM role of Administrator.
|
name (maximum of 255 characters)
|
String
|
None
|
View and Configure LDAP/SSL Operator Groups Settings
|
Note - You can use the get and set commands to configure the LDAP/SSL Operator Groups settings. For a description of the MIB objects used in this procedure, see LDAP/SSL Operator Groups MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view the name of LDAP/SSL operator group ID number 3, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslOperatorGroupName.3
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslOperatorGroupName.3 = STRING: CN=SpSuperOper,OU=Groups,DC=davidc,DC=example,DC=sun,DC=com
|
- To set the name of Active Directory operator group ID number 3 to CN=SpSuperAdmin,OU=Groups,DC=tomp,DC=example,DC=sun,DC=com, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslOperatorGroupName.3 s CN=SpSuperOper,OU=Groups,DC=tomp,DC=example,DC=sun,DC=com
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslOperatorGroupName.3 = STRING: CN=SpSuperOper,OU=Groups,DC=tomp,DC=example,DC=sun,DC=com
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslOperatorGroupName.3
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslOperatorGroupName.3 = STRING: CN=SpSuperOper,OU=Groups,DC=tomp,DC=example,DC=sun,DC=com
|
LDAP/SSL Operator Groups MIB Objects
The following MIB objects, values, and types are valid for LDAP/SSL Operator Groups settings.
TABLE 4-13 Valid MIB Objects, Values, and Types for LDAP/SSL Operator Groups Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlLdapSslOperatorGroupId
|
An integer identifier of the LDAP/SSL Operator Group entry.
|
1 to 5
Note - This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlLdapSslOperatorGroup
Name
|
This string should contain a Distinguished Name that exactly matches one of the group names on the LDAP/SSL server. Any user belonging to one of these groups in this table will be assigned the ILOM role of Operator.
|
name (maximum of 255 characters)
|
String
|
None
|
View and Configure LDAP/SSL Custom Groups Settings
|
Note - You can use the get and set commands to configure the LDAP/SSL Custom Groups settings. For a description of the MIB objects used in this procedure, see LDAP/SSL Custom Groups MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view the name of LDAP/SSL custom group ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslCustomGroupName.2
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslCustomGroupName.2 = STRING: CN=SpSuperCust,OU=Groups,DC=johns,DC=sun,DC=com
|
- To set the name of LDAP/SSL custom group ID number 2 to CN=SpSuperCust,OU=Groups,DC=bills,DC=sun,DC=com, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslCustomGroupName.2 s CN=SpSuperCust,OU=Groups,DC=bills,DC=sun,DC=com
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslCustomGroupName.2 = STRING: CN=SpSuperCust,OU=Groups,DC=bills,DC=sun,DC=com
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslCustomGroupName.2
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslCustomGroupName.2 = STRING: CN=SpSuperCust,OU=Groups,DC=bills,DC=sun,DC=com
|
- To view the roles of LDAP/SSL custom group ID number 2, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslCustomGroupRoles.2
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslCustomGroupRoles.2 = STRING: “aucro"
|
- To set the roles of LDAP/SSL custom group ID number 2 to User Management and Read Only (u,o), type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslCustomGroupRoles.2 s “uo"
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslCustomGroupRoles.2 = STRING: "uo"
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslCustomGroupRoles.2
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslCustomGroupRoles.2 = STRING: "uo"
|
LDAP/SSL Custom Groups MIB Objects
The following MIB objects, values, and types are valid LDAP/SSL Custom Groups settings.
TABLE 4-14 Valid MIB Objects, Values, and Types for LDAP/SSL Custom Groups Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlLdapSslCustomGroupId
|
An integer identifier of the LDAP/SSL custom group entry.
|
1 to 5
Note - This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlLdap
SslCustomGroup
Name
|
This string should contain a Distinguished Name that exactly matches one of the group names on the LDAP/SSL server. Any user belonging to one of these groups in this table will be assigned the ILOM role based on the entry’s configuration for roles.
|
name (maximum of 255 characters)
|
String
|
None
|
ilomCtrlLdap
SslCustomGroup
Roles
|
Specifies the role that a user authenticated via LDAP/SSL should have. Setting this property to legacy roles of ’Administrator’ or ’Operator’, or any of the individual role IDs of ’a’, ’u’, ’c’, ’r’, ’o’ and ’s’ will cause the LDAP/SSL client to ignore the schema stored on the LDAP/SSL server. Setting this object to ’none’ clears the value and indicates that the native LDAP/SSL schema should be used. The role IDs can be joined together. For example, ’aucros,’ where a=admin, u=user, c=console, r=reset, o=read-only, and s=service.
|
administrator,
operator,
admin(a),
user(u),
console(c),
reset(r),
read-only(o),
service(s),
none
|
String
|
None
|
View and Configure LDAP/SSL User Domain Settings
|
Note - You can use the get and set commands to configure the LDAP/SSL User Domain settings. For a description of the MIB objects used in this procedure, see LDAP/SSL User Domain MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view the name of LDAP/SSL user domain ID number 3, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslUserDomain.3
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslUserDomain.3 = STRING: CN=<USERNAME>,CN=Users,DC=davidc,DC=example,DC=sun,DC=com
|
- To set the name of LDAP/SSL user domain ID number 3 to CN=<USERNAME>, CN=Users,DC=tomp,DC=example,DC=sun,DC=com, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslUserDomain.3 s CN=<USERNAME>,CN=Users,DC=tomp,DC=example,DC=sun,DC=com
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslUserDomain.3 = STRING: CN=<USERNAME>,CN=Users,DC=tomp,DC=example,DC=sun,DC=com
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslUserDomain.3
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslUserDomain.3 = STRING: CN=<USERNAME>,CN=Users,DC=tomp,DC=example,DC=sun,DC=com
|
LDAP/SSL User Domain MIB Objects
The following MIB objects, values, and types are valid for LDAP/SSL User Domain settings.
TABLE 4-15 Valid MIB Objects, Values, and Types for LDAP/SSL User Domain Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlLdapSslUserDomainId
|
An integer identifier of the LDAP/SSL domain.
|
1 to 5
Note - This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlLdapSslUserDomain
|
This string should match exactly with an authentication domain on the LDAP/SSL server. This string should contain a substitution string (<USERNAME>), which will be replaced with the user’s login name during authentication. Either the principle or Distinguished Name format is allowed.
|
name (maximum of 255 characters)
|
String
|
None
|
View and Configure LDAP/SSL Alternate Server Settings
|
Note - You can use the get and set commands to configure the LDAP/SSL Alternate Server settings. For a description of the MIB objects used in this procedure, see LDAP/SSL Alternate Server MIB Objects and the SUN-ILOM-CONTROL MIB.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view the IP address of LDAP/SSL alternate server ID number 3, type:
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerIp.3
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslAlternateServerIp.3 = IpAddress: 10.7.143.236
|
- To set the IP address of LDAP/SSL alternate server ID number 3 to 10.7.143.246, type:
% snmpset -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerIp.3 a 10.7.143.246
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslAlternateServerIp.3 = IpAddress: 10.7.143.246
% snmpget -v1 -cprivate -mALL SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerIp.3
SUN-ILOM-CONTROL-MIB::ilomCtrlLdapSslAlternateServerIp.3 = IpAddress: 10.7.143.246
|
- To view and clear the certificate information associated with the alternate server when it is set to true, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerCertClear.0
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerCertClear.0 i 0
|
- To view the alternate server certificate version of the certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerCertVersion.0
|
- To view the serial number of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerCertSerialNo.0
|
- To view the issuer of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerCertIssuer.0
|
- To view the subject of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerCertSubject.0
|
- To view the valid start date of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerCertValidBegin.0
|
- To view the valid end date of the alternate server certificate file, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlLdapSslAlternateServerCertValidEnd.0
|
LDAP/SSL Alternate Server MIB Objects
The following MIB objects, values, and types are valid for LDAP/SSL Alternate Server settings.
TABLE 4-16 Valid MIB Objects, Values, and Types for LDAP/SSL Alternate Server Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlLdapSslAlternateServerId
|
An integer identifier of the LDAP/SSL alternate server table.
|
1 to 5
Note - This object is not accessible for reading or writing.
|
Integer
|
None
|
ilomCtrlLdapSslAlternateServerIP
|
The IP address of the LDAP/SSL alternate server used as directory server for user accounts.
|
ipaddress
|
String
|
None
|
ilomCtrlLdapSslAlternateServerPort
|
Specifies the port number for the LDAP/SSL alternate server. Specifying zero as the port indicates that auto-select will use the well known port number. Specifying 1-65535 is used to explicitly set the port number.
|
portnumber (range: 0 to 65535)
|
Integer
|
None
|
ilomCtrlLdapSslAlternateServerCert
Status
|
A string indicating the status of the certificate file. This is useful in determining whether a certificate file is present or not.
|
status (maximum size: 255 characters)
|
Sting
|
None
|
ilomCtrlLdapSslAlternateServerCert
URI
|
This is the URI of a certificate file needed when Strict Certificate Mode is enabled. Setting the URI causes the transfer of the file, making the certificate available immediately for certificate authentication. Additionally, either remove or restore are supported for direct certificate manipulation.
|
URI
|
String
|
None
|
Configuring RADIUS Settings
Topics
|
|
Description
|
Links
|
Configure ILOM for LDAP
|
|
Configure RADIUS Settings
|
Note - Before completing this procedure, collect the appropriate information about your RADIUS environment. You can use the get and set commands to configure RADIUS. For a description of the MIB objects used in this procedure, see RADIUS MIB Objects.
|
1. Log in to a host that has an SNMP tool and the ILOM MIBs installed. For example, type:
ssh username@snmp_manager_ipaddress
Password: password
2. Refer to the following SNMP command examples:
- To view whether the RADIUS server is enabled to authenticate RADIUS users, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusEnabled.0
|
- To set the RADIUS server state to Enabled to authenticate RADIUS users, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusEnabled.0 i 1
|
- To view the RADIUS server IP address, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusServerIP.0
|
- To set the RADIUS server IP address, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusServerIP.0 a ipaddress
|
- To view the RADIUS server port number, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusPortNumber.0
|
- To set the RADIUS server port number, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusPortNumber.0 i portnumber
|
- To view the RADIUS server shared secret, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusSecret.0
|
- To set the RADIUS server shared secret, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusSecret.0 s secret
|
- To view the RADIUS server default user roles, type:
% snmpget -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusDefaultRoles.0
|
- To set the RADIUS server default user roles to console, type:
% snmpset -mALL -v2c -cprivate SNMP_agent_ipaddress ilomCtrlRadiusDefaultRoles.0 s c
|
RADIUS MIB Objects
The following MIB objects, values, and types are valid for RADIUS settings.
TABLE 4-17 Valid MIB Objects, Values, and Types for RADIUS Settings
MIB Object
|
Description
|
Allowed Values
|
Type
|
Default
|
ilomCtrlRadiusEnabled
|
Specifies whether or not the RADIUS client is enabled.
|
true(1),
false(2)
|
Integer
|
false
|
ilomCtrlRadiusServerIP
|
The IP address of the RADIUS server used as a name service for user accounts.
|
ipaddress
|
String
|
None
|
ilomCtrlRadius
PortNumber
|
Specifies the port number for the RADIUS client.
|
portnumber (range: 0 to 65535)
|
Integer
|
1812
|
ilomCtrlRadius
Secret
|
The shared secret encryption key that is used to encypt traffic between the RADIUS client and server.
|
secret (maximum length: 255 characters)
|
Sting
|
None
|
ilomCtrlRadius
DefaultRoles
|
Specifies the role that a user authenticated via RADIUS should have. This property supports the legacy roles of ’Administrator’ or ’Operator’, or any of the individual role ID combinations of ’a’, ’u’, ’c’, ’r’, ’o’ and ’s’. For example, ‘aucro’, where a=admin, u=user, c=console, r=reset, o=read-only, and s=service.
|
administrator,
operator,
admin(a),
user(u),
console(c),
reset(r),
read-only(o),
service(s)
|
String
|
None
|
Oracle Integrated Lights Out Manager (ILOM) 3.0 Management Protocols Reference Guide SNMP, IPMI, WS-Man, CIM
|
820-6413-13
|
|
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.