No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionServer Pro E9000 Server iBMC (V250 to V259) User Guide 19

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Local Users

Local Users

Function Description

The Local Users page allows you to view and manage the users of the iBMC.

The iBMC supports a maximum of 16 users. You can add, modify, and delete users on the Local Users page.

GUI

Choose Configuration from the main menu, and select Local Users from the navigation tree.

The Local Users page is displayed. The page consists of three areas.

  • Local user list: lists iBMC users.
  • User rights: lists the rights assigned to Administrator, Operator, Common User, and four custom roles.
  • SSH public key management: lists the SSH users configured with public keys. The SSH public keys can be added or deleted.
Figure 3-17 Local Users page

Parameter Description

Table 3-35 Parameters related to local users

Parameter

Description

Adds a local user.

Changes information about a local user.

Deletes a local user.

NOTE:
  • All local users, including the administrators, operators, common users, and custom users, can be deleted.
  • You can restore the administrator by restoring the iBMC default settings. For details, see Common Operations > Restoring Default iBMC Settings in the iBMC user guide.
  • If User Management is enabled under OS User Management on the Configuration > System page, you can also add iBMC users by sending standard IPMI commands from the OS.

Saves the configuration of a local user.

User Name

User name for logging in to the iBMC.

By default, the user name is root for V3 servers and Administrator for V5 servers, and the password is on the product nameplate. For security purposes, change the default password upon the first login, and periodically change the password.

Role

Role assigned to the user. The user role specifies the operations that can be performed by the user.

Password Validity (Days)

Validity period of the user password.

Rule

Login rules that apply to the user.

Login Interface

Interfaces through which the user can log in to the iBMC.

Table 3-36 Parameters related to privilege

Parameter

Description

Administrator

User who can perform all operations.

The permissions of Administrator cannot be changed.

Operator

User who can perform basic management, KVM management, VMM management, and power control, query information, and configure their own passwords.

The permissions of Operator cannot be changed.

Common User

User who can query information and configure their own passwords.

The permissions of Common User cannot be changed.

Custom Role 1 to 4

User who can perform the specified operations.

User Mgmt

Perform user and password configuration.

User Mgmt includes the following:

  • Configuration of local, online, and LDAP users
  • Configuration of two-factor authentication
  • Restoration of factory settings

Basic Mgmt

Perform basic configuration of server out-of-band management.

Basic Mgmt includes the following:

  • Network configuration
  • Alarm report configuration
  • Server identification
  • Firmware upgrade
  • SEL download and deletion
  • Setting of the boot device
  • Configuration of storage devices
  • Language update

On the Alarm Settings, Network, System, System Info, and Language Update pages, unauthorized users can only query data.

KVM

Perform remote management using the Java or HTML5 integrated remote console or independent remote console, and perform VNC configuration (only available to V5 servers) and serial port redirection.

VMM

Use the virtual media function.

Security Mgmt

Perform configuration and query of security features.

Security Mgmt includes the following:

  • Query of operation logs and security logs
  • Selection of algorithms and protocols
  • SSL certificate management
  • Service configuration
  • One-click data collection
  • Import and export of configuration files
  • Configuration of login security banner

On the Services, SSL Certificate, and Import/Export pages, unauthorized users can only query data.

Power Control

Perform power-on/off and restart operations, and power and energy-saving configuration.

On the Power Control, Power Capping, and Energy Saving Settings pages, unauthorized users can only query data.

Diagnostics

Perform field fault locating and commissioning operations.

Diagnostics includes the following:

  • Access to the maintenance and commissioning interface
  • Sensor simulation
  • Configuration of automatic video recording
  • Manual and automatic screenshot
  • Serial port data
  • Black box

Query

Query information excepting security settings, user settings, and system information.

Own password & SSH

Configure their own passwords and manage the SSH public key.

System default users have this permission by default. Custom users can be assigned with this permission.

Table 3-37 SSH Public Key Management

Parameter

Description

User Name

User with an SSH public key.

Public Key Hash

String converted from an SSH public key through hash algorithms.

Deletes the public key of an SSH user.

Imports a public key for an SSH user.

Procedure

Viewing User Information

  1. On the menu bar, choose Configuration.
  2. In the navigation tree, choose Local Users.

    The Local Users page is displayed.

  3. View information about the local users.

Adding Users

You can add a maximum of 15 users for the iBMC.

  1. Click Add.

    The page for adding a user is displayed, as shown in Figure 3-18. For details about the parameters, see Table 3-38.

    Figure 3-18 Adding a user

    Table 3-38 Parameters for adding a user

    Parameter

    Description

    Exits the page for setting a local user without saving the settings.

    Saves the information.

    Current User Password

    Password of the user for logging in to the iBMC.

    New User ID

    ID of the user to be added. Value range: 3 to 17

    New User Name

    Name of the user to be added.

    Value: a string of 1 to 16 characters

    The user name must meet the following requirements:

    • Allow letters, digits, and special characters (excluding :<>&,'"/\%).
    • Cannot contain spaces or start with #, +, or -.

    New Password

    Password for logging in to the iBMC.

    For security purposes, enable password complexity check and periodically change your password.

    NOTE:

    Only the administrators can enable or disable the password complexity check.

    Value:

    • If password complexity check is disabled, the password cannot be empty or exceed 20 characters.
    • If password complexity check is enabled, the password must meet the following requirements:

      • Contain 8 to 20 characters
      • Contain at least a space or one of the following special characters:

        `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

      • Contain at least two types of the following characters:

        • Uppercase letters A to Z
        • Lowercase letters a to z
        • Digits 0 to 9
      • Cannot be the same as the user name or the user name in reverse order.
      • Have at least two new characters when compared with the previous password.
    • If weak password check is enabled, the password cannot be the same as the passwords contained in the weak password dictionary. (You can run the ipmcset -t user -d weakpwddic -v export command to export the weak passwords from the weak password dictionary.)
      NOTE:
      • Weak password check is not supported by V3 servers.

      • The default password Admin@9000 of the V5 servers is in the weak password dictionary.

    Confirm Password

    Password for logging in to the iBMC. This value must be the same as New Password.

    Login Rules

    Login rules that apply for the user.

    Click View login rules to view the login rules configured.

    Login Interfaces

    Interfaces through which the user can log in to the iBMC.

    Values:
    • Web: The user can use a web browser to log in to the iBMC WebUI.
    • SNMP: The user can use an SNMP tool (such as MIB Browser) to log in to iBMC.
    • IPMI: The user can use an IPMI tool (such as IPMItool) to log in to the iBMC CLI.
    • SSH: The user can use an SSH tool (such as PuTTY) to log in to the iBMC CLI.
    • SFTP: The user can use an SFTP tool (such as Xftp) to log in to the iBMC file system.
    • Local: The user can use the serial port on the server to log in to the iBMC CLI or use an LCD to log in to the iBMC management interface.
    • Redfish: The user can use a Redfish tool to log in to iBMC.
    NOTE:

    By default, all login interfaces are selected for a new user.

    Role

    Role assigned to a user. The user role specifies the operations that can be performed by a user.

    Value:

    • Administrator: Users assigned the Administrator role can perform all operations.
    • Operator: Users with the Operator role can perform basic management, remote control, remote media, power control, query information, and configure their own data.
    • Common User: Users assigned with the Common User role can query information and configure their own data.
    • Custom Role: Users assigned Custom Role 1 to Custom Role 4 can perform the specified operations.
    • No Access: Users assigned No Access role cannot perform any operation.
    NOTE:

    The default role is No Access for new users.

  2. Set user parameters. For details about the parameters, see Table 3-38.
    NOTE:
    • The user with ID 1 is a reserved user defined in the IPMI standard. This user is not allowed to log in to the iBMC.
    • The user with ID 2 is root for V3 servers and Administrator for V5 servers.
  3. Click Save.

    The information about the new user is displayed in the user list.

Modifying User Information

  1. In the local user list, locate the user to be modified and click .

    The page for modifying user information is displayed, as shown in Figure 3-19. For details about the parameters, see Table 3-39.

    Figure 3-19 Modifying user information

    Table 3-39 Parameters related to editing a user

    Parameter

    Description

    Exits the page for setting a local user without saving the settings.

    Saves the information.

    NOTE:

    Changing the user name, password, or user role will forcibly log out the user.

    Current User Password

    Password of the user for logging in to the iBMC.

    User Name

    Name of the user to be modified.

    Change Password

    Specifies whether to change the user password.

    Select the check box and enter the new password in Password and Confirm Password.

    • If password complexity check is disabled, the password cannot be empty or exceed 20 characters.
    • If password complexity check is enabled, the password must meet the following requirements:

      • Contain 8 to 20 characters
      • Contain at least a space or one of the following special characters:

        `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

      • Contain at least two types of the following characters:

        • Uppercase letters A to Z
        • Lowercase letters a to z
        • Digits 0 to 9
      • Cannot be the same as the user name or the user name in reverse order.
      • Have at least two new characters when compared with the previous password.
    • If weak password check is enabled, the password cannot be the same as the passwords contained in the weak password dictionary. (You can run the ipmcset -t user -d weakpwddic -v export command to export the weak passwords from the weak password dictionary.)
      NOTE:
      • Weak password check is not supported by V3 servers.

      • The default password Admin@9000 of the V5 servers is in the weak password dictionary.

    Login Rules

    Login rules that apply for the user.

    Click View login rules to view the login rules configured.

    Login Interfaces

    Interfaces through which the user can log in to the iBMC.

    Values:

    • Web: The user can use a web browser to log in to the iBMC WebUI.
    • SNMP: The user can use an SNMP tool (such as MIB Browser) to log in to iBMC.
    • IPMI: The user can use an IPMI tool (such as IPMItool) to log in to the iBMC CLI.
    • SSH: The user can use an SSH tool (such as PuTTY) to log in to the iBMC CLI.
    • SFTP: The user can use an SFTP tool (such as Xftp) to log in to the iBMC file system.
    • Local: The user can use the serial port on the server to log in to the iBMC CLI or use an LCD to log in to the iBMC management interface.
    • Redfish: The user can use a Redfish tool to log in to iBMC.

    Role

    Role assigned to a user. The user role specifies the operations that can be performed by a user.

  2. Enter the current password of the user, and modify the user information.

    For details about the parameters, see Table 3-39.

  3. Click Save.

    The user information is modified successfully.

Deleting a User

  1. In the local user list, locate the user to be deleted and click .

    A confirmation dialog box is displayed, prompting you to enter the current user password.

  2. Enter the current user password and click OK.

    The user is deleted from the user list.

Configuring Custom Roles

The operation permissions of the default roles (Administrator, Operator, and Common User) cannot be modified, but the administrator can set the operation permissions for custom roles.

  1. In the function list, select modules for the custom roles.

    Table 3-36 describes the permissions.

  2. Click Save.

    A dialog box is displayed, prompting you to enter the current user password.

  3. Enter the current user password and click OK.

Importing an SSH Public Key

NOTE:
  • After a private key is generated on a client, import the corresponding public key into the iBMC to ensure secure access of SSH users to the iBMC.

  • Each user has only one public key. The newly imported public key will replace the old one.

  • Public keys can be in the RFC 4716 or OpenSSH format. The public key type is RSA or DSA. An RSA key contains 2048 or 4096 bits, and a DSA key contains 1024 or 2048 bits.

  1. Under SSH Public Key Management, click Add.

    The related parameters are displayed, as shown in Figure 3-20. Table 3-40 describes the parameters.

    Figure 3-20 Importing an SSH public key

    Table 3-40 Parameters related to importing SSH public keys

    Parameter

    Description

    Current User Password

    Password of the user for logging in to the iBMC.

    User Name

    User for which you want to import an SSH public key.

    Import Public Key

    Mode of importing an SSH public key.

    Value:

    • File: Import an SSH public key file from the local client.
    • Text: Enter SSH public key information in the text box.
  2. Set the parameters. For details about the parameters, see Table 3-40.
  3. Click Save.

    If "Public key imported successfully" is displayed, the SSH public key is imported.

Translation
Download
Updated: 2019-08-01

Document ID: EDOC1000157052

Views: 138243

Downloads: 265

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next