Users Guide
Table Of Contents
- Integrated Dell Remote Access Controller 9 用户指南
- 目录
- iDRAC 概览
- 登录 iDRAC
- 强制更改密码 (FCP)
- 使用 OpenID Connect 登录 iDRAC
- Logging in to iDRAC as local user, Active Directory user, or LDAP user
- 使用智能卡作为本地用户登录 iDRAC
- 使用单一登录登录 iDRAC
- 使用远程 RACADM 访问 iDRAC
- 使用本地 RACADM 访问 iDRAC
- 使用固件 RACADM 访问 iDRAC
- 简单的双重身份验证(简单 2FA)
- RSA SecurID 2FA
- 查看系统运行状况
- 使用公共密钥验证登录 iDRAC
- 多个 iDRAC 会话
- 安全默认密码
- 更改默认登录密码
- 启用或禁用默认密码警告消息
- 密码强度策略
- IP 阻止
- 使用 Web 界面启用或禁用 OS 到 iDRAC 直通
- 使用 RACADM 启用或禁用警报
- 设置受管系统
- 设置 iDRAC IP 地址
- 修改本地管理员帐户设置
- 设置受管系统位置
- 优化系统性能和功耗
- 设置管理站
- 配置支持的 Web 浏览器
- Updating device firmware
- 查看和管理分阶段更新
- 回滚设备固件
- 轻松还原
- 使用其他系统管理工具监测 iDRAC
- 支持服务器配置配置文件 — 导入和导出
- BIOS 设置或 F2 中的安全引导配置
- BIOS 恢复
- Plugin Management
- 配置 iDRAC
- 使用 OAuth 2.0 的委派授权
- 查看 iDRAC 和受管系统信息
- 设置 iDRAC 通信
- 配置用户帐户和权限
- 系统配置锁定模式
- 配置 iDRAC 以进行单一登录或智能卡登录
- 配置 iDRAC 以发送警报
- iDRAC 9 Group Manager
- 管理日志
- 在 iDRAC 中监测和管理电源
- iDRAC Direct Updates
- 对网络设备执行资源清册、监测和配置操作
- Managing storage devices
- BIOS 设置
- 配置并使用虚拟控制台
- 使用 iDRAC 服务模块
- 使用 USB 端口进行服务器管理
- 使用 Quick Sync 2
- 管理虚拟介质
- 管理 vFlash SD 卡
- 使用 SMCLP
- 部署操作系统
- 使用 iDRAC 排除受管系统故障
- iDRAC 中的 SupportAssist 集成
- 常见问题
- 使用案例场景
RSA SecurID 2FA
iDRAC can be configured to authenticate with a single RSA AM server at a time. The global settings on RSA AM server apply to all iDRAC
local users, AD, and LDAP users.
NOTE: RSA SecurID 2FA feature is available only on Datacenter license.
Following are the pre-requisites before you configure iDRAC to enable RSA SecurID:
● Configure Microsoft Active Directory server.
● If you try to enable RSA SecurID on all AD users, add the AD server to the RSA AM server as an Identity Source.
● Ensure you have a generic LDAP server.
● For all LDAP users, the Identity Source to the LDAP server must be added in RSA AM server.
To enable RSA SecurID on iDRAC, the following attributes from the RSA AM server are required:
1. RSA Authentication API URL — The URL syntax is: https://<rsa-am-server-hostname>:<port>/mfa/v1_1, and by
default the port is 5555.
2. RSA Client-ID — By default, the RSA client ID is the same as the RSA AM server hostname. Find the RSA client ID at RSA AM
server's authentication agent configuration page.
3. RSA Access Key — The Access Key can be retreived on RSA AM by navigating to Setup > System Settings > RSA SecurID >
Authentication APIsection, which is usually displayed as
l98cv5x195fdi86u43jw0q069byt0x37umlfwxc2gnp4s0xk11ve2lffum4s8302. To configure the settings through iDRAC
GUI:
● Go to iDRAC Settings > Users.
● From Local Users section, select an existing local user and click Edit.
● Scroll down to the bottom of the Configuration page.
● In RSA SecurID section, Click the link RSA SecurID Configuration to view or edit these settings.
You can also configure the settings as follows:
● Go to iDRAC Settings > Users.
● From Directory Services section, select Microsoft Active Service or Generic LDAP Directory Service, and click Edit.
● In RSA SecurID section, Click the link RSA SecurID Configuration to view or edit these settings.
4. RSA AM server certificate (chain)
You can login to iDRAC using RSA SecurID token via iDRAC GUI and SSH.
RSA SecurID Token App
You need to install RSA SecurID Token app on you system or on smart phone. When you try to log in to iDRAC, you are asked to input the
passcode shown in the app.
If a wrong passcode is entered, the RSA AM server challenges the user to provide the "Next Token." This may happen even though the
user may have entered the correct passcode. This entry proves that the user owns the right Token that generates the right passcode.
You get the Next Token from RSA SecurID Token app by clicking on Options. Check Next Token, and the next passcode is available.
Time is critical in this step. Otherwise, iDRAC may fail the verification of the next token. If the iDRAC user login session times out, it
requires another attempt to log in
If a wrong passcode is entered, the RSA AM server will challenge the user to provide the "Next Token." This challenge happens even
though the user may have later entered the correct passcode. This entry proves that the user owns the right Token that generates the
right passcodes.
To get the next token from RSA SecurID Token app, click on Options and check Next Token. A new token is generated. Time is critical in
this step. Otherwise, iDRAC may fail the verification of the next token. If the iDRAC user login session times out, it requires another
attempt to log in.
查看系统运行状况
在执行任务或触发事件之前,您可以使用 RACADM 以检查系统是否处于适当的状态。要从 RACADM 查看远程服务状态,请使用
getremoteservicesstatus 命令。
38 登录 iDRAC