Home » Dell Manuals » Servers » Dell PowerEdge R830 » Manual Viewer

Dell PowerEdge R830 Integrated Remote Access Controller 8 Version 2.70.70.70 U - Page 48

Enabling Auto Config using RACADM, Using hash passwords for improved security

View all Dell PowerEdge R830 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 48 highlights

Enabling Auto Config using RACADM To enable Auto Config feature using RACADM, use the iDRAC.NIC.AutoConfig object. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. For more information on the Auto Config feature, see the Zero-Touch Bare Metal Server Provisioning using Dell iDRAC with Lifecycle Controller Auto Config white paper available at the delltechcenter.com/idrac. Using hash passwords for improved security You can set user passwords and BIOS passwords using a one-way hash format. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format. With the new password hash feature: • You can generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. This allows you to have the SHA256 values in the server configuration profile, RACADM, and WSMAN. When you provide the SHA256 password values, you cannot authenticate through SNMPv3 and IPMI. • You can set up a template server including all the iDRAC user accounts and BIOS passwords using the current plain text mechanism. After the server is set up, you can export the server configuration profile with the password hash values. The export includes the hash values required for SNMPv3 authentication. Importing this profile results in losing the IPMI authentication for users who have the hashed password values set and the F2 IDRAC interface shows that the user account is disabled. • The other interfaces such as IDRAC GUI will show the user accounts enabled. NOTE: When downgrading a Dell 12th generation PowerEdge server from version 2.xx.xx.xx to 1.xx.xx, if the server is set with hash authentication, then you will not be able to log in to any interface unless the password is set to default. You can generate the hash password with and without Salt using SHA256. You must have Server Control privileges to include and export hash passwords. If access to all accounts is lost, use iDRAC Settings Utility or local RACADM and perform reset iDRAC to default task. If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or MD5v3Key), then authentication through SNMP v3 is not available. Hash password using RACADM To set hash passwords, use the following objects with the set command: • iDRAC.Users.SHA256Password • iDRAC.Users.SHA256PasswordSalt Use the following command to include the hash password in the exported server configuration profile: racadm get -f -l -u -p t --includePH You must set the Salt attribute when the associated hash is set. NOTE: The attributes are not applicable to the INI configuration file. Hash password in server configuration profile The new hash passwords can be optionally exported in the server configuration profile. When importing server configuration profile, you can uncomment the existing password attribute or the new password hash attribute(s). If both are uncommented an error is generated and the password is not set. A commented attribute is not applied during an import. Generating hash password without SNMPv3 and IPMI authentication To generate hash password without SNMPv3 and IPMI authentication: 1. For iDRAC user accounts, you must salt the password using SHA256. When you salt the password, a 16 byte binary string is appended. The Salt is required to be 16 bytes long, if provided. 2. Provide hash value and salt in the imported server configuration profile, RACADM commands, or WSMAN. 48 Setting up managed system and management station

Section	Page
Integrated Dell Remote Access Controller 8 Version 2.70.70.70 User’s Guide	3
Overview	14
Benefits of using iDRAC with Lifecycle Controller	14
Key features	15
New in this release	17
How to use this user guide	17
Supported web browsers	17
Supported OS, Hypervisors	17
Managing licenses	18
Types of licenses	18
Methods for acquiring licenses	18
License operations	18
Importing license after replacing motherboard	19
Managing licenses using iDRAC web interface	19
Managing licenses using RACADM	19
Licensed features in iDRAC7 and iDRAC8	19
Interfaces and protocols to access iDRAC	23
iDRAC port information	25
Other documents you may need	26
Social media reference	27
Contacting Dell	27
Accessing documents from the Dell EMC support site	27
Logging in to iDRAC	29
Logging in to iDRAC as local user, Active Directory user, or LDAP user	29
Logging in to iDRAC using a smart card	30
Logging in to iDRAC as a local user using a smart card	30
Logging in to iDRAC as an Active Directory user using a smart card	31
Logging in to iDRAC using Single Sign-On	31
Logging in to iDRAC SSO using iDRAC web interface	32
Logging in to iDRAC SSO using CMC web interface	32
Accessing iDRAC using remote RACADM	32
Validating CA certificate to use remote RACADM on Linux	32
Accessing iDRAC using local RACADM	33
Accessing iDRAC using firmware RACADM	33
Accessing iDRAC using SMCLP	33
Logging in to iDRAC using public key authentication	33
Multiple iDRAC sessions	33
Changing default login password	34
Changing default login password using web interface	34
Changing default login password using RACADM	34
Changing default login password using iDRAC settings utility	35
Enabling or disabling default password warning message	35
Enabling or disabling default password warning message using web interface	35
Enabling or disabling warning message to change default login password using RACADM	35
IP Blocking	35
Invalid password credentials	36
Setting up managed system and management station	38
Setting up iDRAC IP address	38
Setting up iDRAC IP using iDRAC settings utility	39
Network settings	39
Common settings	41
IPv4 settings	41
IPv6 settings	41
IPMI settings	41
VLAN settings	42
Setting up iDRAC IP using CMC web interface	42
Enabling provisioning server	42
Configuring servers and server components using Auto Config	43
Auto Config sequence	44
DHCP options	44
Configuring option 43 on Windows	45
Configuring option 60 on Windows	45
Configuring option 43 and option 60 on Linux	46
Prerequisites before enabling Auto Config	47
Enabling Auto Config using iDRAC web interface	47
Enabling Auto Config using RACADM	48
Using hash passwords for improved security	48
Hash password using RACADM	48
Hash password in server configuration profile	48
Generating hash password without SNMPv3 and IPMI authentication	48
Setting up management station	49
Accessing iDRAC remotely	49
Setting up managed system	49
Modifying local administrator account settings	50
Setting up managed system location	50
Setting up managed system location using web interface	50
Setting up managed system location using RACADM	50
Setting up managed system location using iDRAC settings utility	50
Optimizing system performance and power consumption	50
Modifying thermal settings using iDRAC web interface	50
Modifying thermal settings using RACADM	52
Modifying thermal settings using iDRAC settings utility	55
Configuring supported web browsers	56
Configuring Internet Explorer	56
Resetting Internet Explorer security settings	56
Adding iDRAC IP to the trusted-sites list	56
Configuring Internet Explorer to enable Active Directory SSO	56
Configuring Mozilla Firefox	57
Disabling whitelist feature in Firefox	57
Configuring Firefox to enable Active Directory SSO	57
Configuring web browsers to use virtual console	57
Configuring Internet Explorer to use HTML5-based plug-in	58
Configuring the web browser to use Java plug-in	58
Configuring IE to use ActiveX plug-in	58
Additional settings for Windows Vista or newer Microsoft operating systems	59
Clearing browser cache	59
Clearing earlier Java versions	60
Importing CA certificates to management station	60
Importing CA certificate to Java trusted certificate store	60
Importing CA certificate to ActiveX trusted certificate store	60
Viewing localized versions of web interface	60
Updating device firmware	61
Updating firmware using iDRAC web interface	63
Updating single device firmware	63
Updating firmware using repository	63
Updating firmware using FTP, TFTP, or HTTP	64
Updating device firmware using RACADM	65
Scheduling automatic firmware updates	65
Scheduling automatic firmware update using web interface	65
Scheduling automatic firmware update using RACADM	66
Updating firmware using CMC web interface	67
Updating firmware using DUP	67
Updating firmware using remote RACADM	67
Updating firmware using Lifecycle Controller Remote Services	68
Updating CMC firmware from iDRAC	68
CMC settings to update CMC firmware from iDRAC	68
iDRAC settings to update CMC firmware	68
Viewing and managing staged updates	68
Viewing and managing staged updates using iDRAC web interface	68
Viewing and managing staged updates using RACADM	69
Rolling back device firmware	69
Rollback firmware using iDRAC web interface	70
Rollback firmware using CMC web interface	70
Rollback firmware using RACADM	70
Rollback firmware using Lifecycle Controller	70
Rollback firmware using Lifecycle Controller-Remote Services	70
Recovering iDRAC	71
Using TFTP server	71
Backing up server profile	71
Backing up server profile using iDRAC web interface	72
Backing up server profile using RACADM	72
Scheduling automatic backup server profile	72
Scheduling automatic backup server profile using web interface	72
Scheduling automatic backup server profile using RACADM	73
Importing server profile	73
Importing server profile using iDRAC web interface	74
Importing server profile using RACADM	74
Restore operation sequence	74
Monitoring iDRAC using other Systems Management tools	75
Configuring iDRAC	76
Viewing iDRAC information	77
Viewing iDRAC information using web interface	77
Viewing iDRAC information using RACADM	77
Modifying network settings	77
Modifying network settings using web interface	78
Modifying network settings using local RACADM	78
Configuring IP filtering	78
Configure IP filtering using iDRAC web interface	78
Configuring IP filtering using RACADM	79
Cipher suite selection	79
Configuring cipher suite selection using iDRAC web interface	79
Configuring cipher suite selection using RACADM	80
FIPS mode	80
Enabling FIPS Mode	80
Enabling FIPS mode using web interface	80
Enabling FIPS mode using RACADM	81
Disabling FIPS mode	81
Configuring services	81
Configuring services using web interface	81
Configuring services using RACADM	81
Enabling or disabling HTTPs redirection	82
Configuring TLS	82
Configuring TLS using web interface	82
Configuring TLS using RACADM	82
Using VNC client to manage remote server	82
Configuring VNC server using iDRAC web interface	83
Configuring VNC server using RACADM	83
Setting up VNC viewer with SSL encryption	83
Setting up VNC viewer without SSL encryption	84
Configuring front panel display	84
Configuring LCD setting	84
Configuring LCD setting using web interface	84
Configuring LCD setting using RACADM	84
Configuring LCD setting using iDRAC settings utility	85
Configuring system ID LED setting	85
Configuring system ID LED setting using web interface	85
Configuring system ID LED setting using RACADM	85
Configuring time zone and NTP	85
Configuring time zone and NTP using iDRAC web interface	85
Configuring time zone and NTP using RACADM	86
Setting first boot device	86
Setting first boot device using web interface	86
Setting first boot device using RACADM	86
Setting first boot device using virtual console	86
Enabling last crash screen	87
Enabling or disabling OS to iDRAC Pass-through	87
Supported cards for OS to iDRAC Pass-through	88
Supported operating systems for USB NIC	88
Installing VIB file	90
Enabling or disabling OS to iDRAC Pass-through using web interface	90
Enabling or disabling OS to iDRAC Pass-through using RACADM	90
Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility	91
Obtaining certificates	91
SSL server certificates	92
Generating a new certificate signing request	93
Generating CSR using web interface	93
Generating CSR using RACADM	93
Uploading server certificate	93
Uploading server certificate using web interface	93
Uploading server certificate using RACADM	94
Viewing server certificate	94
Viewing server certificate using web interface	94
Viewing server certificate using RACADM	94
Uploading custom signing certificate	94
Uploading custom signing certificate using web interface	94
Uploading custom SSL certificate signing certificate using RACADM	95
Downloading custom SSL certificate signing certificate	95
Downloading custom signing certificate	95
Downloading custom SSL certificate signing certificate using RACADM	95
Deleting custom SSL certificate signing certificate	95
Deleting custom signing certificate using iDRAC web interface	95
Deleting custom SSL certificate signing certificate using RACADM	95
Configuring multiple iDRACs using RACADM	95
Creating an iDRAC configuration file	96
Disabling access to modify iDRAC configuration settings on host system	96
Viewing iDRAC and managed system information	98
Viewing managed system health and properties	98
Viewing system inventory	98
Viewing sensor information	99
Monitoring performance index of CPU, memory, and IO modules	101
Monitoring performance index for of CPU, memory, and IO modules using web interface	101
Monitoring performance index for of CPU, memory, and IO modules using RACADM	102
Checking the system for fresh air compliance	102
Viewing historical temperature data	102
Viewing historical temperature data using iDRAC web interface	103
Viewing historical temperature data using RACADM	103
Configuring warning threshold for inlet temperature	103
Configuring warning threshold for inlet temperature using web interface	103
Viewing network interfaces available on host OS	103
Viewing network interfaces available on host OS using web interface	104
Viewing network interfaces available on host OS using RACADM	104
Viewing FlexAddress mezzanine card fabric connections	104
Viewing or terminating iDRAC sessions	105
Terminating iDRAC sessions using web interface	105
Terminating iDRAC sessions using RACADM	105
Setting up iDRAC communication	106
Communicating with iDRAC through serial connection using DB9 cable	107
Configuring BIOS for serial connection	107
Enabling RAC serial connection	108
Enabling RAC serial connection using web interface	108
Enabling RAC serial connection using RACADM	108
Enabling IPMI serial connection basic and terminal modes	108
Enabling serial connection using web interface	108
Enabling serial connection IPMI mode using RACADM	109
Enabling serial connection IPMI serial settings using RACADM	109
Additional settings for ipmi serial terminal mode	109
Configuring additional settings for IPMI serial terminal mode using web interface	109
Configuring additional settings for IPMI serial terminal mode using RACADM	110
Switching between RAC serial and serial console while using DB9 cable	110
Switching from serial console to RAC serial	110
Switching from RAC serial to serial console	110
Communicating with iDRAC using IPMI SOL	110
Configuring BIOS for serial connection	110
Configuring iDRAC to use SOL	111
Configuring iDRAC to use SOL using iDRAC web interface	111
Configuring iDRAC to use SOL using RACADM	111
Enabling supported protocol	112
Enabling supported protocol using web interface	112
Enabling supported protocol using RACADM	112
SOL using IPMI protocol	113
SOL using SSH or Telnet protocol	113
Using SOL from PuTTY on Windows	114
Using SOL from OpenSSH or Telnet on Linux	114
Using Telnet virtual console	115
Configuring backspace key for your Telnet session	115
Disconnecting SOL session in iDRAC command line console	115
Communicating with iDRAC using IPMI over LAN	115
Configuring IPMI over LAN using web interface	116
Configuring IPMI over LAN using iDRAC settings utility	116
Configuring IPMI over LAN using RACADM	116
Enabling or disabling remote RACADM	116
Enabling or disabling remote RACADM using web interface	117
Enabling or disabling remote RACADM using RACADM	117
Disabling local RACADM	117
Enabling IPMI on managed system	117
Configuring Linux for serial console during boot	117
Enabling login to the virtual console after boot	118
Supported SSH cryptography schemes	119
Using public key authentication for SSH	120
Generating public keys for Windows	120
Generating public keys for Linux	121
Uploading SSH keys	121
Uploading SSH keys using web interface	121
Uploading SSH keys using RACADM	121
Viewing SSH keys	122
Viewing SSH keys using web interface	122
Viewing SSH keys using RACADM	122
Deleting SSH keys	122
Deleting SSH keys using web interface	122
Deleting SSH keys using RACADM	122
Configuring user accounts and privileges	123
Recommended characters in user names and passwords	123
Configuring local users	124
Configuring local users using iDRAC web interface	124
Configuring local users using RACADM	124
Adding iDRAC user using RACADM	125
Enabling iDRAC user with permissions	125
Configuring Active Directory users	125
Prerequisites for using Active Directory authentication for iDRAC	126
Enabling SSL on domain controller	127
Installing SSL certificate for each domain controller	127
Exporting domain controller root CA certificate to iDRAC	127
Importing iDRAC firmware SSL certificate	127
Supported Active Directory authentication mechanisms	128
Standard schema Active Directory overview	128
Single domain versus multiple domain scenarios	129
Configuring Standard schema Active Directory	129
Configuring Active Directory with Standard schema using iDRAC web interface	129
Configuring Active Directory with Standard schema using RACADM	130
Extended schema Active Directory overview	131
Active directory schema extensions	131
Overview of iDRAC schema extensions	132
Accumulating privileges using Extended Schema	132
Configuring Extended schema Active Directory	133
Extending Active Directory schema	133
Using Dell Schema Extender	134
Classes and attributes	134
Installing Dell extension to the Active Directory users and computers snap-in	137
Adding iDRAC users and privileges to Active Directory	137
Creating iDRAC device object	137
Creating privilege object	138
Creating association object	138
Providing user access privileges for association objects	138
Adding objects to association object	138
Adding users or user groups	138
Adding privileges	139
Adding iDRAC devices or iDRAC device groups	139
Configuring Active Directory with Extended schema using iDRAC web interface	139
Configuring Active Directory with Extended schema using RACADM	139
Testing Active Directory settings	140
Testing Active Directory settings using iDRAC web interface	140
Testing Active Directory settings using RACADM	141
Configuring generic LDAP users	141
Configuring generic LDAP directory service using iDRAC web-based interface	141
Configuring generic LDAP directory service using RACADM	142
Testing LDAP directory service settings	142
Testing LDAP directory service settings using iDRAC web interface	142
Testing LDAP directory service settings using RACADM	142
Configuring iDRAC for Single Sign-On or smart card login	143
Prerequisites for Active Directory Single Sign-On or smart card login	143
Registering iDRAC as a computer in Active Directory root domain	144
Generating Kerberos keytab file	144
Creating Active Directory objects and providing privileges	144
Configuring iDRAC SSO login for Active Directory users	145
Configuring iDRAC SSO login for Active Directory users using web interface	145
Configuring iDRAC SSO login for Active Directory users using RACADM	145
Configuring iDRAC smart card login for local users	145
Uploading smart card user certificate	146
Uploading smart card user certificate using web interface	146
Uploading smart card user certificate using RACADM	146
Uploading trusted CA certificate for smart card	146
Uploading trusted CA certificate for smart card using web interface	146
Uploading trusted CA certificate for smart card using RACADM	146
Configuring iDRAC smart card login for Active Directory users	146
Enabling or disabling smart card login	147
Enabling or disabling smart card login using web interface	147
Enabling or disabling smart card login using RACADM	147
Enabling or disabling smart card login using iDRAC settings utility	147
Configuring iDRAC to send alerts	149
Enabling or disabling alerts	149
Enabling or disabling alerts using web interface	150
Enabling or disabling alerts using RACADM	150
Enabling or disabling alerts using iDRAC settings utility	150
Filtering alerts	150
Filtering alerts using iDRAC web interface	150
Filtering alerts using RACADM	151
Setting event alerts	151
Setting event alerts using web interface	151
Setting event alerts using RACADM	151
Setting alert recurrence event	151
Setting alert recurrence events using iDRAC web interface	152
Setting alert recurrence events using RACADM	152
Setting event actions	152
Setting event actions using web interface	152
Setting event actions using RACADM	152
Configuring email alert, SNMP trap, or IPMI trap settings	152
Configuring IP alert destinations	153
Configuring IP alert destinations using web interface	153
Configuring IP alert destinations using RACADM	153
Configuring IP alert destinations using iDRAC settings utility	154
Configuring email alert settings	154
Configuring email alert settings using web interface	154
Configuring email alert settings using RACADM	155
Configuring SMTP email server address settings	155
Configuring SMTP email server address settings using iDRAC web interface	155
Configuring SMTP email server address settings using RACADM	156
Configuring WS Eventing	156
Configuring Redfish Eventing	156
Monitoring chassis events	156
Monitoring chassis events using the iDRAC web interface	156
Monitoring chassis events using RACADM	156
Alerts message IDs	157
Managing logs	160
Viewing System Event Log	160
Viewing System Event Log using web interface	160
Viewing System Event Log using RACADM	160
Viewing System Event Log using iDRAC settings utility	161
Viewing Lifecycle log	161
Viewing Lifecycle log using web interface	161
Filtering Lifecycle logs	162
Adding comments to Lifecycle logs	162
Viewing Lifecycle log using RACADM	162
Exporting Lifecycle Controller logs	162
Exporting Lifecycle Controller logs using web interface	162
Exporting Lifecycle Controller logs using RACADM	162
Adding work notes	163
Configuring remote system logging	163
Configuring remote system logging using web interface	163
Configuring remote system logging using RACADM	163
Monitoring and managing power	164
Monitoring power	164
Monitoring power using web interface	164
Monitoring power using RACADM	165
Setting warning threshold for power consumption	165
Setting warning threshold for power consumption using web interface	165
Executing power control operations	165
Executing power control operations using web interface	165
Executing power control operations using RACADM	166
Power capping	166
Power capping in Blade servers	166
Viewing and configuring power cap policy	166
Configuring power cap policy using web interface	166
Configuring power cap policy using RACADM	167
Configuring power cap policy using iDRAC settings utility	167
Configuring power supply options	167
Configuring power supply options using web interface	167
Configuring power supply options using RACADM	167
Configuring power supply options using iDRAC settings utility	168
Enabling or disabling power button	168
Inventorying, monitoring, and configuring network devices	169
Inventorying and monitoring network devices	169
Monitoring network devices using web interface	169
Monitoring network devices using RACADM	170
Inventorying and monitoring FC HBA devices	170
Monitoring FC HBA devices using web interface	170
Monitoring FC HBA devices using RACADM	170
Dynamic configuration of virtual addresses, initiator, and storage target settings	170
Supported cards for IO Identity Optimization	171
Supported NIC firmware versions for IO Identity Optimization	172
Virtual or Flex Address and Persistence Policy behavior when iDRAC is set to Flex Address mode or Console mode	172
System behavior for FlexAddress and IO Identity	173
Enabling or disabling IO Identity Optimization	174
Enabling or disabling IO Identity Optimization using web interface	174
Enabling or disabling IO Identity Optimization using RACADM	174
Configuring persistence policy settings	174
Configuring persistence policy settings using iDRAC web interface	175
Configuring persistence policy settings using RACADM	175
iSCSI initiator and storage target default values	176
Managing storage devices	178
Understanding RAID concepts	179
RAID	179
Hardware and software RAID	180
RAID concepts	180
RAID levels	180
Organizing data storage for availability and performance	180
Choosing RAID levels	181
RAID level 0 - striping	181
RAID level 1 - mirroring	182
RAID level 5 -striping with distributed parity	182
RAID level 6 - striping with additional distributed parity	183
RAID level 50 - striping over RAID 5 sets	184
RAID level 60 - striping over RAID 6 sets	184
RAID level 10 - striped-mirrors	185
Comparing RAID level performance	186
Supported controllers	187
Supported enclosures	187
Summary of supported features for storage devices	188
Inventorying and monitoring storage devices	190
Monitoring storage devices using web interface	190
Monitoring storage devices using RACADM	190
Monitoring backplane using iDRAC settings utility	190
Viewing storage device topology	191
Managing physical disks	191
Assigning or unassigning physical disk as global hot spare	191
Assigning or unassigning global hot spare using web interface	191
Assigning or unassigning global hot spare using RACADM	192
Converting a physical disk to RAID or non-RAID mode	192
Converting physical disks to RAID capable or non-RAID mode using the iDRAC web interface	192
Converting physical disks to RAID capable or non-RAID mode using RACADM	193
Managing virtual disks	193
Creating virtual disks	193
Considerations before creating virtual disks	194
Creating virtual disks using web interface	194
Creating virtual disks using RACADM	194
Editing virtual disk cache policies	194
Deleting virtual disks	195
Checking virtual disk consistency	196
Initializing virtual disks	196
Encrypting virtual disks	196
Assigning or unassigning dedicated hot spares	197
Managing virtual disks using web interface	197
Managing virtual disks using RACADM	198
Managing controllers	198
Configuring controller properties	199
Configuring controller properties using web interface	200
Configuring controller properties using RACADM	200
Importing or auto importing foreign configuration	201
Importing foreign configuration using web interface	202
Importing foreign configuration using RACADM	202
Clearing foreign configuration	202

Match case Limit results 1 per page

Enabling Auto Config using RACADM

To enable Auto Config feature using RACADM, use the

iDRAC.NIC.AutoConfig

object.

For more information, see the

iDRAC RACADM Command Line Interface Reference Guide

available at

dell.com/idracmanuals

For more information on the Auto Config feature, see the

Zero-Touch Bare Metal Server Provisioning using Dell iDRAC with Lifecycle

Controller Auto Config

white paper available at the

delltechcenter.com/idrac

Using hash passwords for improved security

You can set user passwords and BIOS passwords using a one-way hash format. The user authentication mechanism is not affected

(except for SNMPv3 and IPMI) and you can provide the password in plain text format.

With the new password hash feature:

•

You can generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. This allows you to have the SHA256

values in the server configuration profile, RACADM, and WSMAN. When you provide the SHA256 password values, you cannot

authenticate through SNMPv3 and IPMI.

•

You can set up a template server including all the iDRAC user accounts and BIOS passwords using the current plain text mechanism.

After the server is set up, you can export the server configuration profile with the password hash values. The export includes the hash

values required for SNMPv3 authentication. Importing this profile results in losing the IPMI authentication for users who have the

hashed password values set and the F2 IDRAC interface shows that the user account is disabled.

•

The other interfaces such as IDRAC GUI will show the user accounts enabled.

NOTE:

When downgrading a Dell 12th generation PowerEdge server from version 2.xx.xx.xx to 1.xx.xx, if the server is set

with hash authentication, then you will not be able to log in to any interface unless the password is set to default.

You can generate the hash password with and without Salt using SHA256.

You must have Server Control privileges to include and export hash passwords.

If access to all accounts is lost, use iDRAC Settings Utility or local RACADM and perform reset iDRAC to default task.

If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or

MD5v3Key), then authentication through SNMP v3 is not available.

Hash password using RACADM

To set hash passwords, use the following objects with the

set

command:

•

iDRAC.Users.SHA256Password

•

iDRAC.Users.SHA256PasswordSalt

Use the following command to include the hash password in the exported server configuration profile:

racadm get -f <file name> -l <NFS / CIFS / HTTP / HTTPS share> -u <username> -p <password>

t <filetype> --includePH

You must set the Salt attribute when the associated hash is set.

NOTE:

The attributes are not applicable to the INI configuration file.

Hash password in server configuration profile

The new hash passwords can be optionally exported in the server configuration profile.

When importing server configuration profile, you can uncomment the existing password attribute or the new password hash attribute(s).

If both are uncommented an error is generated and the password is not set. A commented attribute is not applied during an import.

Generating hash password without SNMPv3 and IPMI authentication

To generate hash password without SNMPv3 and IPMI authentication:

For iDRAC user accounts, you must salt the password using SHA256.

When you salt the password, a 16 byte binary string is appended. The Salt is required to be 16 bytes long, if provided.

Provide hash value and salt in the imported server configuration profile, RACADM commands, or WSMAN.

Setting up managed system and management station