Skip to main content

Creating a new user account

Use the information in this topic to create a new local user.

Create user

Click Create to create a new user account.

Complete the following fields: User name, Password, Confirm Password, and Authority Level. For further details on the authority level, see the following section.

User authority level

The following user authority levels are available:
Supervisor
The Supervisor user authority level has no restrictions.
Read only
The Read only user authority level has read-only access and cannot perform actions such as file transfers, power and restart actions, or remote presence functions.
Custom
The Custom user authority level allows a more customized profile for user authority with settings for the actions that the user is allowed to perform.
Select one or more of the following Custom user authority levels:
Adapter Configuration - Networking & Security
A user can modify configuration parameters on the Security, Network, and Serial Port pages.
User Account Management
A user can add, modify, or delete users, and change the global login settings.
Remote Console Access
A user can access the remote console.
Remote Console and Remote Disk Access
A user can access the remote console and the virtual media feature.
Remote Server Power/Restart
A user can perform power-on and restart functions for the server.
Adapter Configuration - Basic
A user can modify configuration parameters on the Server Properties and Events pages.
Ability to Clear Event Logs
A user can clear the event logs. Anyone can look at the event logs; but, this authority level is required to clear the logs.
Adapter Configuration - Advanced (Firmware Update, Restart BMC, Restore Configuration)
A user has no restrictions when configuring the XClarity Controller. In addition, the user is said to have administrative access to the XClarity Controller. Administrative access includes the following advanced functions: firmware updates, PXE network boot, restoring XClarity Controller factory defaults, modifying and restoring XClarity Controller settings from a configuration file, and restarting and resetting the XClarity Controller.
When a user sets the authority level of an XClarity Controller login ID, the resulting IPMI privilege level of the corresponding IPMI User ID is set according to the following priorities:
  • If a user sets the XClarity Controller login ID authority level to Supervisor, the IPMI privilege level is set to Administrator.
  • If a user sets the XClarity Controller login ID authority level to Read Only, the IPMI privilege level is set to User.
  • If a user sets the XClarity Controller login ID authority level to any of the following types of access, the IPMI privilege level is set to Administrator:
    • User Account Management Access
    • Remote Console Access
    • Remote Console and Remote Disk Access
    • Adapter Configuration - Networking & Security
    • Adapter Configuration - Advanced
  • If a user sets the XClarity Controller login ID authority level to Remote Server Power/Restart Access or Ability to Clear Event Logs, the IPMI privilege level is set to Operator.
  • If a user sets the XClarity Controller login ID authority level to Adapter Configuration - Basic, the IPMI privilege level is set to User.

SNMPv3 Settings

To enable SNMPv3 access for a user, select the check box next to the SNMPv3 Settings. The following user access options are explained:
Access type
Only GET operations are supported. The XClarity Controller does not support SNMPv3 SET operations. SNMP3 can only perform query operations.
Address for traps
Specify the trap destination for the user. This can be an IP address or hostname. Using traps, the SNMP agent notifies the management station about events, (for example, when a processor temperature exceeds the limit).
Authentication protocol
Only HMAC-SHA is supported as the authentication protocol. This algorithm is used by the SNMPv3 security model for authentication.
Privacy protocol
The data transfer between the SNMP client and the agent can be protected using encryption. The supported methods are CBC-DES and AES.
Note

Even if repetitive strings of a password is used by an SNMPv3 user, access will still be allowed to the XClarity Controller. Two examples are shown for your reference.

  • If the password is set to “11111111” (eight-digit number containing eight 1's), the user can still access the XClarity Controller if the password is accidentally inputted with more than eight 1’s. For example, if the password is inputted as “1111111111 (ten-digit number containing ten 1's), access will still be granted. The repetitive string will be considered having the same key.
  • If the password is set to “bertbert”, the user can still access the XClarity Controller if the password is accidentally inputted as “bertbertbert”. Both passwords are considered to have the same key.

For further details, refer to page 72 in the Internet Standard of RFC 3414 document (https://tools.ietf.org/html/rfc3414).

SSH Key

The XClarity Controller supports SSH Public Key Authentication (RSA key type). To add a SSH key to the local user account, select the check box next to the SSH Key. The following two options are provided:
Select key file
Select the SSH key file to be imported into the XClarity Controller from your server.
Enter key into a text field
Paste or type the data from your SSH key into the text field.
Note

  • Some of Lenovo’s tools may create a temporary user account for accessing the XClarity Controller when the tool is run on the server operating system. This temporary account is not viewable and does not use any of the 12 local user account positions. The account is created with a random user name (for example, “20luN4SB”) and password. The account can only be used to access the XClarity Controller on the internal Ethernet over USB interface, and only for the CIM-XML and SFTP interfaces. The creation and removal of this temporary account is recorded in the audit log as well as any actions performed by the tool with these credentials.

  • For the SNMPv3 Engine ID, the XClarity Controller uses a HEX string to denote the ID. This HEX string is converted from the default XClarity Controller host name. See the example below:

    The host name "XCC-7X06-S4AHJ300" is first converted into ASCII format: 88 67 67 45 55 88 48 54 45 83 52 65 72 74 51 48 48

    The HEX string is built using the ASCII format (ignore the spaces in between): 58 43 43 2d 37 58 30 36 2d 53 34 41 48 4a 33 30 30