DRAC Authentication

Jason Edgecombe jason at rampaginggeek.com
Sun Feb 22 08:26:54 CST 2009


I definitely understand the reasons for wanting consistent 
authentication on the DRACs, but I would prefer your script that syncs 
passwords as opposed to having the DRACs rely on an external service.

How would you fix a server if the LDAP directory was unavailable, like 
say, the local network was down? What if you're trying to fix a broken 
LDAP server using the DRAC, but the DRAC relies on the LDAP server?

DRAC is the life raft, it should have no dependencies besides power, 
network, and cooling.

I understand that these concerns can be mitigated with redundant LDAP 
servers, but you can run into weird situations where you can't do 
maintenance on servers while the LDAP server is under maintenance. How 
many shops have a defined maintenance window when all/most maintenance 
must occur?

This reminds me of the cartoons where the character is stranded on the 
desert island with canned food, but has no can opener.

All that said, I'm still interested in how to customize the DRAC configs.

Sincerely,
Jason

Jared wrote:
> I'm very interested in this myself (with a similar LDAP situation), so if
> you have any luck with this I'd greatly appreciate it if you could post back
> to the list.
>
> As for what we do now, I've basically written a script to automatically
> reset the password on all of our DRACs during each password cycle.  It's
> obviously not is clean as using a central directory, nor provides the
> accountability that I'd like, but it does at least keep things manageable.
>
> On 02/20/2009 06:13 PM, JAmes Atwill wrote:
>   
>> Hi there,
>>
>> I have a few 2950s and 1950s with DRAC5's (1.40 (08.08.22)). I would like
>> to centrally manage authentication and authorization to the DRACs before
>> we get anymore in.
>>
>> I have an LDAP directory with all the accounts setup as well and can modify
>> the schema as needed; it's not an Active Directory server though.  I can do
>> Kerberos if needed.  I understand that the DRAC is a stripped down Linux instance,
>> is it possible to get at the nsswitch configs? :)
>>
>> Has anyone ever set up anything?
>>     



More information about the Linux-PowerEdge mailing list