![Aten CC2000 4.0 [343/371] Example 2](/img/pdf.png)
Aten CC2000 4.0 [343/371] Example 2
![Aten CC2000 4.0 [343/371] Example 2](/views2/1977512/page343/bg157.png)
Appendix D
329
3. You can check the group definition with LDAP Browser. You should see a
screen similar to the one below:
4. The above example has added a member – cc2000 – to the groups1 group.
To add additional members to the group, edit the file to include them. For
example:
member: cn=cc2000-1,ou=software,dc=aten,dc=com
member: cn=cc2000-2,ou=software,dc=aten,dc=com
Once these procedures are completed, CC2000 users who are authenticated
through the LDAP/LDAPS server, are authorized according to the permissions
assigned to the group.
Example 2
By default, OpenLDAP only supports the Group has Member attribute setting
for the group related schema – this was the setting used in Example 1.
An alternative setting used by other LDAP servers – User has Member Of
attribute – is also supported under OpenLDAP by extending the schema.
In this example, the external server is OpenLDAP on Windows Server 2003,
as shown in the LDAP/LDAPS Settings Example on page 319.
1. Under the CC2000 User Manager tab, select Authentication Services
→
Authentication Servers.
2. Select the OpenLDAP server; then click Group Authorization.
3. Click the User has Member Of attribute radio button.
Содержание
- Cc2000 p.1
- User notice p.2
- User information p.2
- Telephone support p.2
- Online registration p.2
- Package contents p.3
- Important note about software version p.3
- Product information p.3
- Server installation and utilities p.4
- Introduction p.4
- Contents p.4
- Chapter 2 p.4
- Chapter 1 p.4
- Device management p.5
- Dashboard and basic operation p.5
- Chapter 5 p.5
- Chapter 4 p.5
- Chapter 3 p.5
- Browser operation p.5
- User accounts p.7
- Chapter 6 p.7
- System p.8
- Chapter 7 p.8
- Chapter 8 p.9
- The cc2000 utility p.10
- Technical information p.10
- External authentication services p.11
- Authentication key utility p.11
- Sso html sample codes p.12
- About this manual p.13
- This manual uses the following conventions p.14
- Read this manual thoroughly and follow the installation and operation procedures carefully to prevent any damage to the unit or connected devices p.14
- Http www aten com global en p.14
- Conventions p.14
- Aten regularly updates its product documentation for new features and fixes for an up to date cc2000 documentation visit p.14
- Appendix e sso html sample codes provides sample codes for the single sign on function p.14
- Appendix d external authentication services discusses the use of authentication via external third party services it also provides examples of configuring openldap for cc2000 authentication and configuring radius for cc2000 authentication in a linux environment p.14
- Introduction p.15
- Chapter 1 p.15
- Overview p.15
- Features p.17
- Systems that the cc2000 server will be installed on should meet the following requirements p.19
- Server requirements p.19
- Requirements p.19
- Operating system requirements p.19
- Hardware requirements p.19
- Operating systems p.20
- Hardware requirements p.20
- Client requirements p.20
- Supported browsers for users logging into the cc2000 include the following p.21
- Note 1 devices must be configured to communicate on the same port that as the cc2000 s device port see device port page 15 p.21
- For a list of supported devices refer to the aten website p.21
- Device requirements p.21
- Browsers p.21
- All aten altusen ip products must be at a firmware level that contains the cc management function and the cc management function must be enabled download and install the latest version of the relevant firmware from our website if necessary for details on upgrading the firmware see update restore on page 134 p.21
- Licensing policy p.22
- Licenses p.22
- Secondaries p.23
- This page intentionally left blank p.24
- Windows version installation p.25
- Server installation and utilities p.25
- Overview p.25
- Chapter 2 p.25
- Before you begin p.25
- Starting the installation p.26
- In the configuration dialog box fill in the fields according to the information provided in the table below p.29
- Post installation check p.32
- Linux version installation p.33
- Before you begin p.33
- Installing p.34
- Post installation check p.35
- Post installation setup p.36
- Uninstalling the cc2000 p.37
- Uninstalling from a windows system p.37
- Uninstalling from a linux system p.37
- Updating the cc2000 p.38
- Preliminary steps p.38
- Cc2000 secondary servers p.39
- Cc2000 redundant secondary servers p.39
- Database migration utility p.40
- Before you begin p.40
- Migrating the database p.41
- Notes about the migration p.43
- This page intentionally left blank p.44
- Logging in p.45
- Chapter 3 p.45
- Browser operation p.45
- Motp authentication p.47
- Logging in using motp or dual authentication p.47
- Dual authentication p.47
- The screen components are described in the table below p.48
- The interface p.48
- The general interface of cc2000 and its components sections and items are shown below p.48
- Screen components p.48
- My favorites p.50
- Add favorites p.50
- Remove favorites p.51
- Recent p.52
- Message box p.53
- System dashboard p.57
- Overview p.57
- Dashboard and basic operation p.57
- Chapter 4 p.57
- Device status p.58
- Events p.59
- License p.60
- Monitoring dashboard p.61
- Warning events p.62
- Viewing analysis chart p.63
- Re arranging cards p.63
- Basic operations p.64
- Overview p.67
- Device management p.67
- Chapter 5 p.67
- Using vpn p.69
- Preliminary procedures p.69
- Device table column headings p.70
- By devices general operations p.70
- An explanation of the column headings is provided in the table below p.70
- Introduction p.70
- The device types and an explanation of their purposes are described in the following table p.71
- Device types that can be added and configured are found under the add drop down menu at the top of the main panel p.71
- Refer to editing devices on page 99 for details on how to edit a device p.73
- Refer to adding device on page 63 for details on how to add a device p.73
- If you wish to edit a device check the device and click edit for the drop down menu p.73
- Navigating the device list p.75
- The view switches to the selected folder p.76
- Click the return icon p.76
- Click the device tree drop down menu and select a level folder p.76
- Adding device p.77
- Adding folder p.78
- Fill in the fields according to the information provided in the table below p.81
- When you have finished click add to complete the procedure p.82
- If you have difficulty adding arm based pe series pdu refer to adding arm based pe series pdu on page 284 for more details p.82
- For cat5 kvm switches only the ports that have a kvm adapter cable attached and are online can be recognized and added to the device list this is because each adapter cable has its own independent identity and if it is not online there is no way for it to be recognized once a port has been added it will appear in the list even if it is off line p.82
- This item refers to adding aten pdu s into the cc2000 management system p.83
- Fill in the fields according to the information provided in the table below p.83
- Adding aten pdu p.83
- When you have finished click next the properties page appears p.84
- When you have finished with this page click add p.85
- Note after adding a device its ports are locked see locking unlocking p.85
- Fill in the fields according to the information provided in the table below p.85
- Devices page 112 p.85
- Fill in the fields according to the information provided in the table below p.87
- When you have finished with this page click next the connectivity page appears p.88
- Fill in the fields according to the information in the table below p.88
- When you have finished with this page click save the system will display a list for you to select which devices are to be added to the aten eco dc check and select the device s port s you wish to be associated with the aten eco dc p.89
- To add an apc pdu do the following p.90
- This item refers to adding apc pdu into the cc2000 management system p.90
- Fill in the fields according to the information provided in the table below p.90
- Adding an apc pdu p.90
- When you have finished with this page click next the properties page appears p.91
- Fill in the fields according to the information provided in the table below p.91
- When you have finished with this page click next the connectivity page appears check to enable web ssh telnet sessions p.92
- When you have finished click add to complete the procedure p.92
- This item refers to adding virtual host into the cc2000 management system p.93
- Fill in the fields according to the information provided in the table below p.93
- Adding a virtual host p.93
- When you have finished with this page click next the properties page appears p.94
- Fill in the fields according to the information provided in the table below p.94
- When you have finished with this page click next the connectivity page appears p.95
- Fill in the fields according to the information in the table below p.95
- This item refers to adding blade chassis into the cc2000 management system p.97
- Fill in the fields according to the information provided in the table below p.97
- Adding a blade chassis p.97
- When you have finished with this page click next the properties page appears p.98
- Fill in the fields according to the information provided in the table below p.98
- When you have finished with this page click next the connectivity page appears p.99
- When you have finished with this page click next the blade page appears p.100
- When you have finished click save to complete the procedure p.100
- The maximum number of slots field is for information purposes and can t be configured on supported chassis it can only be set on generic chassis p.100
- For the blade switching hotkey this information is filled in automatically with the details of the assigned model p.100
- For each blade you can specify its department location and type and provide a brief description p.100
- Fill in the fields according to the information in the table below p.100
- When finished click next for the properties page p.102
- Fill in the fields according to the information provided in the table below p.103
- When finished click next for the connectivity page p.104
- Fill in the fields according to the information in the table below p.104
- When finished click save to complete the procedure p.105
- For operations in the drop down menu of the operation column refer to operation on page 114 p.105
- Note see generic device page 58 for an explanation of generic devices p.106
- Fill in the fields according to the information provided in the table below p.106
- Adding a generic device p.106
- This item refers to adding generic device into the cc2000 management system p.106
- When you have finished click add to complete the procedure p.107
- This item refers to adding group device into the cc2000 management system p.107
- Adding a group device p.107
- When you have finished click add to complete the procedure p.108
- Note 1 refer back to group device page 59 for an explanation of the differences between aggregate and group devices p.108
- Fill in the fields according to the information provided in the table below p.108
- A port can belong to any number of group devices when a port is made part of a group device it retains the locked unlocked status of the original physical port if you lock or unlock any of these ports all the ports including the original physical port change to the new locked unlocked statu p.108
- This item refers to adding devices into the cc2000 management system using the search by ip option p.110
- The search by ip window is shown below p.110
- Search by ip p.110
- Fill in the fields according to the information provided in the table below p.110
- Click next and a table will appear with the results use the radio buttons to select the types of devices to be displayed in the table aten devices aten pdus or other servers or devices p.110
- The description column reveals one of three results p.111
- Check the check box of the device or server you would like to add and click add p.111
- Editing devices p.113
- Virtual host p.117
- The options for virtual host is shown below p.117
- Primary nic specify the network protocol s for this nic p.117
- Kvm settings select the access rights refer to the table below p.117
- Check to set the access rights for the user or group p.117
- Additional nic3 specify the network protocol s for this nic p.117
- Additional nic2 specify the network protocol s for this nic p.117
- Additional nic1 specify the network protocol s for this nic p.117
- Primary nic specify the network protocol s for this nic p.118
- Power via pdu check uncheck to enable disable p.118
- Kvm settings select the access rights refer to the table below p.118
- Check to set the access rights for the user or group p.118
- Blade chassis aggregate device p.118
- Additional nic3 specify the network protocol s for this nic p.118
- Additional nic2 specify the network protocol s for this nic p.118
- Additional nic1 specify the network protocol s for this nic p.118
- The options for blade chassis aggregate device is shown below p.118
- Serial settings select the network protocol s and the access rights full access and broadcast full access and view only p.118
- Web the user or group can access the device via a web session p.119
- The options for generic device is shown below p.119
- Telnet the user or group can access the device via a telnet session p.119
- Ssh the user or group can access the device via a ssh session p.119
- Serial settings select the network protocol s and the access rights full access and broadcast full access and view only p.119
- Power via pdu check uncheck to enable disable p.119
- Generic device p.119
- Check to set the access rights for the user or group p.119
- Deleting devices p.121
- Operation p.128
- The control panel functions are described in the table below p.131
- Control panel functions p.131
- Snviewer p.134
- Control panel functions p.134
- The snviewer provides a control panel that is hidden at the center top of the screen and becomes visible when your mouse moves over it the panel consists of three rows an icon row at the top and two text rows below it p.134
- The control panel functions are described below and in the following sections p.134
- Webclient viewer p.136
- The webclient viewer provides access to the devices ports directly on the browser without requiring windows or java client app installation its control panel is explained below p.136
- Page 146 p.136
- Note to launch webclient viewer when clicking kvm viewer see p.136
- Control panel functions p.136
- Web access p.137
- Clicking web access opens a browser session for the device server on your desktop just as if you had opened your browser and logged into from the url bar an example is shown below p.137
- Dell idrac 8 example p.141
- Refer to operation on page 114 for more information p.143
- Port column headings p.143
- Launch viewer p.143
- If you want to launch viewers to see the screen of the port check the port and click launch viewer the system will open the viewer in a new window java or winclient p.143
- If you select a device in by device the lower screen will list all the ports of the device p.143
- All the operations are the same as the device by devices general operations on page 56 except that configurations are at the port level and it includes a launch viewer option p.143
- Selecting by port will list all ports in the system p.143
- Properties system macro p.144
- To configure the settings refer to the device s user manual to obtain the necessary information p.145
- The meanings of the attribute headings are described in the table below p.145
- Port settings p.145
- Click edit port settings to edit port attributes an example is shown p.145
- Unsupported devices p.146
- Update restore p.148
- This submenu allows you to manage firmware and back up files p.148
- The table here shows the aten and redfish enabled devices that have recently firmware upgraded p.148
- The status column shows the firmware upgrade status of the device p.148
- Firmware upgrade p.149
- Firmware repository p.152
- Backup configuration p.154
- Restore configuration p.155
- Device port alias p.157
- Preferences p.157
- Serial ports broadcast p.159
- Monitoring settings p.161
- Creating a monitor item p.162
- Editing a monitor p.163
- Adding a folder p.163
- Moving added monitors p.165
- Exporting records of monitors p.166
- Viewing charts of monitored equipment p.167
- General settings for monitors p.168
- Use the search box and filters to quickly locate one or more monitors based on your specified criteria you can access these features from the top right corner of the monitoring settings page the functions of the search box and filter are described below p.169
- Locating monitors using search and filters p.169
- General p.170
- Default access rights p.170
- Advanced p.170
- System broadcast p.171
- Device sync p.173
- This page intentionally left blank p.174
- User accounts p.175
- Overview p.175
- Chapter 6 p.175
- Enter the required information in the appropriate fields a description of each of the fields is given in the table below p.177
- User types p.183
- The supported functions and features for each user type are fixed and they are summarized in the table below p.184
- System user types p.184
- Super administrators are authorized for all roles automatically and includes access to all devices ports and outlets the roles are fixed and cannot be changed p.184
- Password p.184
- Note 1 the differences between super administrators and system administrators are as follows p.184
- For preferences auditors can change his her web options and p.184
- For logs auditors can export and print logs in addition to viewing them but cannot change any settings p.184
- Auditors can access all tabs and pages but is restricted to view only rights p.184
- Auditor p.184
- Groups tab p.187
- Groups p.187
- Domain groups tab p.191
- Authentication services p.193
- Add authentication services p.194
- Server information p.195
- Select the security connection and browse method using the corresponding drop down menu click save p.195
- Enter the server ip domain and click connect to test the connection p.195
- Enter information on the page refer to server information on page 181 for the information fields p.195
- Click next for the connection settings page this page will be different for different server type p.195
- An explanation of the information required for each of the servers is provided below p.195
- Active directory p.195
- Kerberos p.196
- Windows nt domain p.198
- Radius and tacacs p.198
- Get the information for the domain name from the service administrator for example settings see nt domain settings example page 326 p.198
- Motp mobile one time password p.199
- Note the motp server is for one time password otp token authentication only if you want to adopt the otp function you need to install a motp server first p.200
- If you want to purchase a motp server contact changing information technology inc https www changingtec com en p.200
- Dual authentication p.200
- Note 1 the motp server is for one time password otp token authentication only if you want to adopt the otp function you need to install a motp server first p.201
- If you want to purchase a motp server contact changing information technology inc https www changingtec com en p.201
- Dual authentication requires you to log in by entering the username and password of a user in the cc2000 server followed by the motp authentication p.201
- With regard to the cc2000 s internal authentication services there are some configuration settings you can make to the password policy function all user accounts must follow the requirements you set here to configure the cc2000 s password policy do the following p.202
- Make the configuration choices you desire refer to the table below for an explanation of the fields p.202
- Check the server and click edit p.202
- Cc2000 authentication p.202
- Alternatively you can move your cursor over the server and click the pencil icon p.202
- If a user account has been created on the cc2000 that uses an external p.203
- Delete an authentication server p.203
- Authentication server the server cannot be deleted p.203
- A confirmation message will pop up click yes to delete the user s p.203
- When you have finished click save p.203
- To delete an authentication server check the server s and click delete p.203
- Note 1 you can delete all deleteable servers by checking the box at the top of the column p.203
- This page intentionally left blank p.204
- System p.205
- Overview p.205
- Chapter 7 p.205
- This page allows you to configure the cc2000 server s settings p.206
- The system info submenu offers three tab menu choices general time and server ips the default system info page is general as shown below p.206
- The meanings of each fields are described in the table below p.206
- The default page is general and looks similar to the one above p.206
- System info p.206
- Note changes to other servers on the installation can only be made by logging p.206
- Into them directly p.206
- General p.206
- Server ips p.208
- Notification p.209
- Snmp traps p.211
- Syslog p.212
- Advanced p.213
- Snmp agent p.217
- Snmp manager p.219
- Security p.221
- Access protection p.221
- Certificate p.224
- Check the create a new self signed ssl server certificate checkbox and fill in the fields according to the information in the table below p.225
- Changing a self signed certificate allows you to provide additional information in the certificate that wasn t generated in the installation certificate the way to change a self signed ssl certificate is to create a new one to create a new self signed certificate do the following p.225
- Changing a self signed certificate p.225
- At the bottom left of the page click update for the following page p.225
- When you have finished filling in the fields click apply p.226
- A message appears asking you to wait while the database gets updated with the new information after a moment the web page closes at this point you are brought back to the beginning of the login sequence where you must go through the procedure of accepting the security certificate and logging in p.226
- Disclaimer p.229
- License p.230
- Upgrade license without directly inserting the license key p.231
- Upgrade license by directly inserting the license key into the server p.231
- To update the license contact your dealer to purchase a license key for the number of secondaries and nodes desired after receiving your purchased usb license key you can update the license of the cc2000 through one of the two following methods p.231
- The page items contained are described in the table below p.231
- Upgrade license with usb key p.232
- Upgrade license with license file p.233
- Task manager p.236
- Run now p.251
- Editing a task p.251
- Deleting a task p.251
- Replicate database p.252
- Vmware settings p.253
- Vmrc plugin p.253
- Installing xterm p.253
- Primary secondary servers p.254
- The redundant servers menu offers two tab menu choices primary secondary servers and advanced as displayed below p.254
- The interactive display panel provides a table listing the cc2000 servers along with some corresponding basic information a green online status means that the server is currently accessible a red offline status means that it is currently inaccessible p.254
- The definitions of the server table headings are explained below p.254
- Redundant servers p.254
- View properties p.255
- To view the properties of each server check the checkbox of the server you want to view and click view properties p.255
- Advanced p.259
- Overview p.261
- Chapter 8 p.261
- System logs p.262
- Options p.266
- Device logs p.268
- Options p.270
- Serial console history p.271
- Options p.274
- Snmp traps p.275
- Options p.276
- User access activity p.278
- Reports p.278
- The meanings of each fields are described in the table below p.279
- The meanings of each fields are described in the table below p.280
- The device access page provides statistics for device access p.280
- Fill in the fields from the main panel to build and display either a pie or bar chart or both according to the parameters set when pie is selected for chart the device access page looks similar to the one below p.280
- Device access p.280
- The port access page provides the statistics for port access p.281
- The meanings of each fields are described in the table below p.281
- Port access p.281
- Fill in the fields from the main panel to build and display either a pie or bar chart or both according to the parameters set the port access page looks similar to the one below p.281
- Asset statistics p.283
- Options p.284
- Definitions p.285
- Appendix a p.285
- Technical information p.285
- License agreement p.285
- Grant of rights p.285
- Limited warranty p.286
- Limitation of liability p.287
- Export regulations p.287
- Termination p.288
- Miscellaneous p.288
- Technical support p.289
- Product model number serial number and date of purchase p.289
- North america p.289
- International p.289
- For telephone support see telephone support page ii p.289
- For online technical support including troubleshooting documentation and software updates http eservice aten com p.289
- Any other information you feel may be of help p.289
- Any error messages displayed at the time the error occurred p.289
- Your computer configuration including operating system revision level expansion cards and software p.289
- When you contact us please have the following information ready beforehand p.289
- Usb authentication key specifications p.289
- The sequence of operations that led up to the error p.289
- Supported aten altusen products p.290
- Device anms settings p.290
- Firewalls p.292
- Cc2000 proxy function p.293
- The following table lists the parameters and defaults for names descriptions and ranges found in the cc2000 management system p.294
- Note unless otherwise specified all field entries can be inputted in any p.294
- Name description and range parameters p.294
- Language supported p.294
- Trusted certificates p.297
- Overview p.297
- Adding arm based pe series pdu p.298
- Troubleshooting p.300
- Windows p.305
- Installing openjdk 8 p.305
- Self signed private certificates p.308
- Openssl req new newkey rsa 1024 days 3653 nodes x509 keyout ca key out ca cer config openssl cnf subj c yourcountry st yourstateorprovince l yourlocationorcity o yourorganiztion ou yourorganizationalunit cn yourcommonname emailaddress name yourcompany com p.308
- Openssl req new newkey rsa 1024 days 3653 nodes x509 keyout ca key out ca cer config openssl cnf subj c ca st bc l richmond o aten international ou aten cn aten emailaddress eservice aten com tw p.308
- Openssl req new newkey rsa 1024 days 3653 nodes x509 keyout ca key out ca cer config openssl cnf p.308
- Importing the files p.308
- Examples p.308
- The cc2000 utility p.309
- Overview p.309
- Appendix b p.309
- System settings p.310
- The dialog box is divided into three panels as described in the table below p.311
- Restore p.311
- Clicking the restore tab brings up a dialog box that looks similar to the one below p.311
- The view licenses tab lets you view the licenses that are related to the cc2000 package to view a license click its radio button p.312
- View license p.312
- Overview p.313
- Key utilities p.313
- Key status information p.313
- Authentication key utility p.313
- Appendix c p.313
- Starting the upgrade p.314
- Key firmware upgrade p.314
- Upgrade succeeded p.317
- Overview p.318
- Key license upgrade p.318
- Online upgrade p.319
- Upgrade succeeded p.322
- Offline upgrade p.323
- Offline upgrade failure p.329
- Order expiration p.330
- This page intentionally left blank p.331
- Overview p.333
- Ldap ldaps openldap setting example p.333
- External authentication services p.333
- Approved services p.333
- Appendix d p.333
- Active directory settings example p.335
- Radius settings example p.336
- Tacacs settings example p.338
- Nt domain settings example p.340
- Ldap group authorization setting examples p.341
- Example 1 p.341
- Example 2 p.343
- Active directory group authorization setting example p.346
- Motp vm server setup p.348
- Motp settings p.348
- Motp server initialization p.350
- Step 1 ip setting p.351
- Enter the account name admin and password admin p.351
- Motp server setting p.354
- Setting up motp authentication service p.364
- Motp authentication services on cc2000 p.364
- Creating user account s for motp authentication service p.366
- Logging into cc2000 p.367
- Sso html sample codes p.369
- Overview p.369
- Appendix e p.369
Похожие устройства
-
Aten RBS ConfiguratorРуководство пользователя -
Aten RBS ConfiguratorИнтерфейс командной строки -
Aten CCVSRРуководство пользователя -
Aten CCVSRКраткое руководство по установке -
Aten CCKMКраткое руководство по установке -
Aten CCKMРуководство пользователя -
Aten RCMMSРуководство пользователя -
Aten CC2000 3.0Краткое руководство по установке -
Aten CC2000 3.0Руководство пользователя -
Aten CC2000 4.0Краткое руководство по установке
-
M-Audio JamlabРуководство по эксплуатации -
M-Audio Torq 2.0Руководство по эксплуатации