Unsolved
1 Rookie
•
13 Posts
0
45
Racadm questions
Hi Folks
I have an R730 with idrac8 and I'm trying to run some commands to remove local user 3 from the idrac interface. Below are the configuration items I need to update to blank, if someone could please point me in the right direction?
racadm get idrac.Users.3
[Key=idrac.Embedded.1#Users.3]
Enable=Disabled
IpmiLanPrivilege=15
IpmiSerialPrivilege=15
MD5v3Key=[hidden] (I want change this to blank)
!!Password=******** (Write-Only)
Privilege=0x0
SHA1v3Key=[hidden] (I want change this to blank)
SHA256Password=[hidden] (I want change this to blank)
SHA256PasswordSalt=[hidden] (I want change this to blank)
SNMPv3AuthenticationType=SHA
SNMPv3Enable=Disabled
SNMPv3PrivacyType=AES
SolEnable=Disabled
UserName= (I want change this to blank)
DELL-Charles R
Moderator
Moderator
•
3.7K Posts
0
July 15th, 2024 15:04
Hello,
The command to delete an iDRAC user is:
racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i <user_id> ""
Replace <user_id> with the ID of the user you want to delete. You can retrieve the user ID by running the racadm getconfig -g cfgUserAdmin command and looking for the user you want to delete.
After executing the command, the iDRAC user will be deleted. You can verify the deletion by listing the iDRAC users using the racadm getconfig -g cfgUserAdmin command.
spdouts
1 Rookie
1 Rookie
•
13 Posts
0
July 17th, 2024 10:44
@Dell -Charles R Thank you for your assistance.
I have tried running the two commands below in this order and I have received the below error, can you please further assist me?
1.
racadm getconfig -g cfgUserAdmin
/admin1-> racadm getconfig -g cfgUserAdmin
ERROR: The indexed group specified requires -i <index>.
RAC1168: The RACADM "getconfig" command will be deprecated in a future version of iDRAC firmware. Run the RACADM
"racadm get" command to retrieve the iDRAC configuration parameters.
2.
racadm getconfig -g cfgUserAdmin
/admin1-> racadm getconfig -g cfgUserAdmin -i
ERROR: The syntax of the command specified is not correct.
RAC1168: The RACADM "getconfig" command will be deprecated in a
future version of iDRAC firmware. Run the RACADM
"racadm get" command to retrieve the iDRAC configuration parameters.
DELL-Charles R
Moderator
Moderator
•
3.7K Posts
0
July 17th, 2024 12:39
Hello,
Try dropping the "racadm" at the beginning of the command line and use just the remainder:
getconfig -g cfgUserAdmin
config -g cfgUserAdmin -o cfgUserAdminUserName -i <user_id> ""
You replace <user_id> with the user ID. Be sure to have spaces where the ^ is
Example:
-i^3^""
spdouts
1 Rookie
1 Rookie
•
13 Posts
0
July 21st, 2024 05:23
@DELL-Charles R Thank you for your assistance.
I have tried running the command below and I have received the below error, can you please further assist me?
racadm>>getconfig -g cfgUserAdmin -i
racadm getconfig -g cfgUserAdmin -i
ERROR: The syntax of the command specified is not correct.
RAC1168: The RACADM "getconfig" command will be deprecated in a
future version of iDRAC firmware. Run the RACADM
"racadm get" command to retrieve the iDRAC configuration parameters.
For more information on the get command, run the RACADM command
"racadm help get".
DELL-Charles R
Moderator
Moderator
•
3.7K Posts
0
July 22nd, 2024 12:06
Hello spdouts,
Are you SSH in to the DRAC?
If so I was recommending to try dropping the 'racadm' at the beginning of the command line:
Instead of this:
racadm getconfig -g cfgUserAdmin
Type:
getconfig -g cfgUserAdmin
Another method you may try is to edit the Server Configuration Profile.
Try export a Server Configuration Profiles (SCP), then blank out all the User attributes for the user you are editing with double empty quote "" and then import it
Server Configuration Profiles: Reference Guide
SCP Export page 15
SCP Import page 21
https://dell.to/4bVqlr9
You can use LifeCycle controller to export/import SCP from USB Key. Refer below link for details
https://dell.to/3A3pjM8
Time mark :59 seconds you can Export and Import from there
*Be sure to keep a copy of the original SCP in case you need to restore that.
spdouts
1 Rookie
1 Rookie
•
13 Posts
0
July 23rd, 2024 11:16
@DELL-Charles R
Yes I'm in SSH via putty
Right after I have authenticated, I am in at the prompt as below
/admin1->
When I run this command
getconfig -g cfgUserAdmin
I get the below error
"
/admin1-> getconfig -g cfgUserAdmin
cmdstat
status : 2
status_tag : COMMAND PROCESSING FAILED
error : 253
error_tag : COMMAND NOT RECOGNIZED
/admin1->
"
Method 2
I tried the SCP option one however I dont understand what blanking out means with ""
(edited)
DELL-Charles R
Moderator
Moderator
•
3.7K Posts
0
July 23rd, 2024 15:07
Hello,
Thank you for trying without the racadm. There are some racadm commands that are understood and you can drop the racadm but it seems it is not those commands.
Try these steps and check results:
Run the following command to disable a user:
racadm set iDRAC.Users.<username>.Enable 0
Replace <username> with the username of the user you want to disable.
Press Enter to execute the command.
Verify that the user has been disabled by running the following command:
racadm get iDRAC.Users.<username>.Enable
This command will display the current enable status of the user. If the value is "0", it means the user is disabled.
spdouts
1 Rookie
1 Rookie
•
13 Posts
0
July 24th, 2024 08:39
@DELL-Charles R
Thank your reply, however I am not trying to disable this account, I have trying to delete.
DELL-Erman O
Moderator
Moderator
•
2.5K Posts
0
July 24th, 2024 09:50
Hi,
Could you try these below:
racadm set idrac.users.3.enable 0
racadm set idrac.users.3.delete 1
spdouts
1 Rookie
1 Rookie
•
13 Posts
0
July 24th, 2024 11:26
@DELL-Erman O
Thank you for your response, I have executed both of those commands as suggested
The 'enable 0' command worked however the 'delete 1' command provided an error as per below, can you please further assist?
racadm/Users>set idrac.users.3.enable 0
racadm set idrac.users.3.enable 0
[Key=idrac.Embedded.1#Users.3]
Object value modified successfully
racadm/Users>set idrac.users.3.delete 1
racadm set idrac.users.3.delete 1
ERROR: Invalid object specified.
DELL-Erman O
Moderator
Moderator
•
2.5K Posts
0
July 24th, 2024 11:35
Thank you for your feedback. hmm... I'm not sure delete option but I just brainstorming. Can you try the leave blank out method? If that doesn't work, the SCP method Charles mentioned before may work.
racadm set idrac.users.3.md5v3key ""
racadm set idrac.users.3.sha1v3key ""
racadm set idrac.users.3.sha256password ""
racadm set idrac.users.3.sha256passwordsalt ""
racadm set idrac.users.3.username ""
spdouts
1 Rookie
1 Rookie
•
13 Posts
0
July 27th, 2024 07:29
Thank you for your response, I have executed the above commands as suggested
Please see below for further details
racadm set idrac.users.3.md5v3key "" - (didn't work error below)
racadm set idrac.users.3.sha1v3key "" - (didn't work error below)
racadm set idrac.users.3.sha256password "" - (didn't work error below)
racadm set idrac.users.3.sha256passwordsalt "" - (didn't work error below)
racadm set idrac.users.3.username "" - (Worked)
racadm/Users>racadm set idrac.users.3.md5v3key ""
racadm set idrac.users.3.md5v3key ""
ERROR: RAC947: Invalid object value specified.
Make sure to specify the value depending on the type of object.
For more information, see RACADM help.
racadm/Users>racadm set idrac.users.3.sha1v3key ""
racadm set idrac.users.3.sha1v3key ""
ERROR: RAC947: Invalid object value specified.
Make sure to specify the value depending on the type of object.
For more information, see RACADM help.
racadm/Users>racadm set idrac.users.3.sha256password ""
racadm set idrac.users.3.sha256password ""
ERROR: RAC947: Invalid object value specified.
Make sure to specify the value depending on the type of object.
For more information, see RACADM help.
racadm/Users>racadm set idrac.users.3.sha256passwordsalt ""
racadm set idrac.users.3.sha256passwordsalt ""
ERROR: SWC0296: The specified value is not allowed to be configured if the user name
or password is blank
Also, I have a pending question for Charles to answer if he could answer please just with relation to SCP
Method 2
I tried the SCP option one however I dont understand what blanking out means with ""
(edited)
DELL-Charles R
Moderator
Moderator
•
3.7K Posts
0
July 29th, 2024 12:08
Hello,
The blank is a empty double quote
Examples:
"quote" is populated
"" is empty
spdouts
1 Rookie
1 Rookie
•
13 Posts
0
August 1st, 2024 10:40
@DELL-Charles R
Thank you for your response
I have successfully exported the .xml file, can you please confirm if the below is correct?
<!‐‐ <Attribute Name="Users.3#SHA256Password">""</Attribute> ‐‐>
<!‐‐ <Attribute Name="Users.3#SHA1v3Key">""</Attribute> ‐‐>
<!‐‐ <Attribute Name="Users.3#MD5v3Key">""</Attribute> ‐‐>
<!‐‐ <Attribute Name="Users.3#SHA256PasswordSalt">""</Attribute> ‐‐>
Am I supposed to insert the above "Attributes" with the quotation marks under the green line in the xml file?
DELL-Erman O
Moderator
Moderator
•
2.5K Posts
0
August 1st, 2024 11:51
Hi, Could you try with quotation marks, I think that is the hint.