Creating a new user account
Use the information in this topic to create a new local user.
Create user
Click on local users tab, and click on Create to create a new user account.
Complete the following fields: User name, Password, Confirm Password, and select a Role from drop-down menu. For further details on Role, see the following section.
Role
- Administrator
- The Administrator role has no restrictions and can perform all operations.
- Read only
- The Read Only role can display server information but cannot perform operation that affects the state of the system, such as save, modify, clear, reboot, and update firmware.
- Operator
- User with Operator role has the following privileges:
Configuration - Networking and BMC Security
Remote Server Power/Restart
Configuration - Basic
Ability to Clear Event Logs
Configuration - Advanced (Firmware Update, Restart BMC, Restore Configuration)
SNMPv3 Settings
- Access type
- Only GET operations are supported. The XClarity Controller does not support SNMPv3 SET operations. SNMP3 can only perform query operations.
- Authentication protocol
- This algorithm is used by the SNMPv3 security model for authentication. The following protocols are supported:
- None
- HMAC-SHA (default)
- HMAC-SHA224
- HMAC-SHA256
- HMAC-SHA384
- HMAC-SHA512
- Privacy protocol
- The data transfer between the SNMP client and the agent can be protected using encryption. The following methods are supported:
- None
- CBC-DES
- AES (default)
- AES192
- AES256
- AES192C
- AES256C
Even if repetitive strings of a password is used by an SNMPv3 user, access will still be allowed to the XClarity Controller. Two examples are shown for your reference.
- If the password is set to “11111111” (eight-digit number containing eight 1's), the user can still access the XClarity Controller if the password is accidentally inputted with more than eight 1’s. For example, if the password is inputted as “1111111111 (ten-digit number containing ten 1's), access will still be granted. The repetitive string will be considered having the same key.
- If the password is set to “bertbert”, the user can still access the XClarity Controller if the password is accidentally inputted as “bertbertbert”. Both passwords are considered to have the same key.
For further details, refer to Security Considerations in the Internet Standard of RFC 3414 document (https://tools.ietf.org/html/rfc3414).
SSH Key
- Select key file
- Select the SSH key file to be imported into the XClarity Controller from your server.
- Enter key into a text field
- Paste or type the data from your SSH key into the text field.
Some of Lenovo’s tools may create a temporary user account for accessing the XClarity Controller when the tool is run on the server operating system. This temporary account is not viewable and does not use any of the 12 local user account positions. The account is created with a random user name (for example, “20luN4SB”) and password. The account can only be used to access the XClarity Controller on the internal Ethernet over USB interface, and only for the Redfish and SFTP interfaces. The creation and removal of this temporary account is recorded in the audit log as well as any actions performed by the tool with these credentials.
For the SNMPv3 Engine ID, the XClarity Controller uses a HEX string to denote the ID. This HEX string is converted from the default XClarity Controller host name. See the example below:
The host name "XCC-7X06-S4AHJ300" is first converted into ASCII format: 88 67 67 45 55 88 48 54 45 83 52 65 72 74 51 48 48
The HEX string is built using the ASCII format (ignore the spaces in between): 58 43 43 2d 37 58 30 36 2d 53 34 41 48 4a 33 30 30