Skip to main content

Creating a new user account

Use the information in this topic to create a new local user.

Create user

Click on Create to create a new user account.

Complete the following fields: User name, Password, Confirm Password, and select a Role from drop-down menu. For further details on Role, see the following section.

Role

The following roles are predefined while new custom role can be created according to user’s needs:
Administrator
The Administrator role has no restrictions and can perform all operations.
Read Only
The Read Only role can display server information but cannot perform operation that affects the state of the system, such as save, modify, clear, reboot, update firmware.
Operator
User with Operator role has the following privileges:
  • Configuration - Networking and BMC Security

  • Remote Server Power/Restart

  • Configuration - Basic

  • Ability to Clear Event Logs

  • Configuration - Advanced (Firmware Update, Restart BMC, Restore Configuration)

SNMPv3 Settings

To enable SNMPv3 access for a user, click the Edit button next to the corresponding user, then check SNMP under the drop down list of User Accessible Interface. The following user access options are explained:
Access type
Only GET operations are supported. The XClarity Controller does not support SNMPv3 SET operations. SNMP3 can only perform query operations.
Address for traps
Specify the trap destination for the user. This can be an IP address or hostname. Using traps, the SNMP agent notifies the management station about events, (for example, when a processor temperature exceeds the limit).
Authentication protocol
Only HMAC-SHA is supported as the authentication protocol. This algorithm is used by the SNMPv3 security model for authentication.
Privacy protocol
The data transfer between the SNMP client and the agent can be protected using encryption. The supported methods are CBC-DES and AES.
Note

Even if repetitive strings of a password is used by an SNMPv3 user, access will still be allowed to the XClarity Controller. Two examples are shown for your reference.

  • If the password is set to “11111111” (eight-digit number containing eight 1's), the user can still access the XClarity Controller if the password is accidentally inputted with more than eight 1’s. For example, if the password is inputted as “1111111111 (ten-digit number containing ten 1's), access will still be granted. The repetitive string will be considered having the same key.
  • If the password is set to “bertbert”, the user can still access the XClarity Controller if the password is accidentally inputted as “bertbertbert”. Both passwords are considered to have the same key.

For further details, refer to page 72 in the Internet Standard of RFC 3414 document (https://tools.ietf.org/html/rfc3414).

SSH Key

The XClarity Controller supports SSH Public Key Authentication (RSA key type). To add a SSH key to the local user account, click the Edit button next to the corresponding user, then check SSH Key under the drop down list of User Accessible Interface. The following two options are provided:
Select key file
Select the SSH key file to be imported into the XClarity Controller from your server.
Enter key into a text field
Paste or type the data from your SSH key into the text field.
Note
  • Some of Lenovo’s tools may create a temporary user account for accessing the XClarity Controller when the tool is run on the server operating system. This temporary account is not viewable and does not use any of the 12 local user account positions. The account is created with a random user name (for example, “20luN4SB”) and password. The account can only be used to access the XClarity Controller on the internal Ethernet over USB interface, and only for the Redfish and SFTP interfaces. The creation and removal of this temporary account is recorded in the audit log as well as any actions performed by the tool with these credentials.

  • For the SNMPv3 Engine ID, the XClarity Controller uses a HEX string to denote the ID. This HEX string is converted from the default XClarity Controller host name. See the example below:

    The host name "XCC-7X06-S4AHJ300" is first converted into ASCII format: 88 67 67 45 55 88 48 54 45 83 52 65 72 74 51 48 48

    The HEX string is built using the ASCII format (ignore the spaces in between): 58 43 43 2d 37 58 30 36 2d 53 34 41 48 4a 33 30 30