Users and Access

Signing In to the LOM Card Interface

  1. Enter your username.

  2. Enter your password.

  3. Click Login.

One of two messages appears for an unsuccessful login attempt.

Message

Explanation

Login Failed

Username or password is incorrect.

User access is denied. Please contact the administrator.

One of these is the case:

Signing Out of the LOM Card Interface

  1. In the top right corner of the Home view, click your username.

    A drop-down menu opens.

  2. In the bottom right corner of the menu, click Sign Out.

Making a New User Account

In the LOM Card interface, you can configure a maximum of nine users.

Note - To have more users, configure the LOM Card to use a RADIUS Server or an LDAP Server. Each user logs in with a username and password.

  1. From the left navigation panel, click LOM (or LOM view) > User Configuration > User List.

  2. Select a white rectangle with a plus sign in it.

    The New User popup window opens.

  3. In the Username field, enter a username that fits these rules:

    • String of 4 to 16 alphanumeric characters

    • Starts with an alphabetical character

    • Is case sensitive

    • Does not include special characters

  4. In the Password field, enter a password.

    Default rules:

    • At least eight characters

    • No spaces

    • Is case sensitive

    • Must not contain all of the user's account name

    • Must contain characters from three of these categories:

      • English uppercase characters ('A' through 'Z')

      • English lowercase characters ('a' through 'z')

      • Base 10 digits (0 through 9)

      • Non-alphanumeric characters (~ ! @ # $ % ^ & *)

    Note - To disable the default password rules, select Skip Complex Password Rules.

  5. Below Confirm Password, enter the new password again.

    Important - For the new user to get access to the LOM Card, you must select Enable User Access.

  6. Select a privilege level for the user:

    • Administrator - Can use all features in the Home view.

    • Operator - Can view all pages and settings in the Home view, but cannot change any settings or perform any actions. Cannot access the Remote KVM page.

    • User - Can view these pages in the Home view- Sensor Reading, Event Log, Date and Time, SSL Certificate, Services, and Audit Log. Cannot change any settings or perform any actions. Cannot access the Remote KVM page.

    • No Access - The user is saved in the system, but is not allowed to access the Home view.

  7. Click Save.

Changing a User's Privilege Level and Disabling a User Account

For a user configured locally on the LOM Card, you can change the user's account privilege level, disable a user account, and configure settings for failed login attempts.

  1. From the left navigation panel, click LOM (or LOM view) > User Configuration > User List.

    Select a user by clicking the three dots in the top right of the box that contains the name of the user.

    Three dots icon:

  2. Select Edit.

  3. Select a privilege level:

    • Administrator - Can use all features in the Home view.

    • Operator - Can view all pages and settings in the Home view, but cannot change any settings or perform any actions. Cannot access the Remote KVM page.

    • User - Can view these pages in the Home view- Sensor Reading, Event Log, Date and Time, SSL Certificate, Services, and Audit Log. Cannot change any settings or perform any actions. Cannot access the Remote KVM page.

    • No Access - The user is saved in the system, but is not allowed to access the Home view.

  4. Select how to apply Login Block Settings to the user (see Login Block Settings (Failed Login Attempts)):

    • Enable - Login block settings always apply to the user.

      • Example: If the Login Block Settings specify 5 Maximum Login Attempts and a Login Block Timeout of 15 minutes, then after 5 failed login attempts the user is blocked for 15 minutes.

    • Disable - Login Block Settings never apply to the user. The user is never blocked as a result of failed login attempts.

    • Blocked - Starting from when you click Save, blocks the user for the duration of the Login Block Timeout time.

      • Example: If the Login Block Timeout time listed in the Login Block Settings is 10 minutes, then starting from when you click Save the user is blocked for 10 minutes.

    • Always Blocked - Always prevents the user from entering.

    Best Practices:

    • To disable a user account for a short period, keep the privilege the same and clear the Enable User Access checkbox.

      Use Case: Setting up an account a week or two before a new employee's start date.

    • To disable a user account for a long period, from the Privilege drop-down menu, select No Access.

      Use Case: Disabling access for an employee going on extended leave.

  5. Click Save.

    The changes to configurations are saved.

Changing a User's Password

You can change a password for a user configured locally on the LOM Card.

  1. From the left navigation panel, click LOM (or LOM view) > User Configuration > User List.

  2. Select a user by clicking the three dots in the top right of the box that contains the name of the user.

    Three dots icon:

  3. Select Edit.

  4. In the Password field, enter a password.

    Default rules:

    • At least eight characters

    • No spaces

    • Is case sensitive

    • Must not contain all of the user's account name

    • Must contain characters from three of these categories:

      • English uppercase characters ('A' through 'Z')

      • English lowercase characters ('a' through 'z')

      • Base 10 digits (0 through 9)

      • Non-alphanumeric characters (~ ! @ # $ % ^ & *)

    Note - To disable the default password rules, select Skip Complex Password Rules.

  5. Click Save.

    The selected user's password is changed.

Deleting a User Account

You can delete an account for a user configured locally on the LOM Card.

  1. From the left navigation panel, click LOM (or LOM view) > User Configuration > User List.

  2. Select a user by clicking the three dots in the top right of the box that contains the name of the user.

    Three dots icon:

  3. Select Delete.

  4. A popup window opens.

  5. Click OK.

    The selected user account is removed permanently.

Note - You cannot remove a user account while you are logged in with it.

Login Block Settings (Failed Login Attempts)

You can prevent users from accessing the LOM Card for a set time period after a specified number of failed login attempts.

Login Block Settings apply to all users that have Login Block User Management set to Enable. See Changing a User's Privilege Level and Disabling a User Account.

  1. From the left navigation panel, click LOM (or LOM view) > User Configuration > .

  2. Below Maximum Login Attempts, enter a number:

    • Minimum: 1

    • Maximum: 99

    • Default Maximum: 5

  3. Below Login Block Timeout, enter a number of minutes:

    • Minimum: 1

    • Maximum: 180

    • Default Maximum: 15

  4. Click Save.

    The login block settings are updated.

Note - After a firmware update, all login block settings return to default values. See Maintenance.

Connecting the LOM Card to a RADIUS Server

You can configure a RADIUS server to authenticate LOM Card users.

  1. From the left navigation panel, click LOM (or LOM view) > User Configuration > RADIUS Setup.

  2. Select Enable RADIUS authentication.

  3. Configure these settings:

    • Server address: must be IPv4 or IPv6 address

    • Port:

      • Default port: 1812

      • Port value range: 1 - 65535

    • Secret:

      • At least 4 characters

      • No spaces

      • Maximum: 32 characters

    • Timeout:

      • Default: 3 seconds

      • Range: 3 - 50 seconds

  4. Optional: To connect a second RADIUS server as a backup:

    1. Select Enable 2nd Radius Authentication.

    2. Configure the settings.

  5. Click Save.

    The RADIUS server is configured to authenticate LOM Card users.

 

Connecting the LOM Card to an LDAP Server

You can configure an LDAP server to authenticate LOM Card users.

Note - If you enabled a feature and then disabled it, fields stay populated but the field background changes from white to gray. This means the settings are saved but not active.

  1. Select an encryption type:

    • No Encryption

    • SSL

    • StartTLS: If you select this option, FQDN shows as an option below Common Name Type.

  2. Common Name Type:

    • If you selected No Encryption or SSL, then IP Address is the only available option and is selected by default.

    • If you selected StartTLS, then an option shows for FQDN. IP Address is selected by default. Select FQDN to configure an FQDN as an alternative to an IP address.

  3. Below Server Address, enter an IPv4 address, an IPv6 address, or an FQDN.

  4. Enter these:

    • Port

    • Bind DN

    • Password (the LDAP bind password)

    • Search Base

  5. Under Attribute of User Login, select one of these:

    • cn

    • uid

  6. If you selected StartTLS encryption, select the folder icon.

    Upload these required files from your computer:

    • CA certificate file

    • Certificate File

    • Private Key

  7. Click Save.

    The LDAP server is configured to authenticate LOM Card users.

Adding an LDAP Group

You can use the LOM Card interface to add groups to a configured LDAP server and to assign privilege levels to each group.

  1. From the left navigation panel, click LOM (or LOM view) > User Configuration > LDAP Groups.

  2. Select a white rectangle with a plus sign in it.

  3. A popup window opens called New Group.

  4. Enter a Group Name.

  5. Enter a Group Domain.

  6. From the drop-down menu, select a Group Privilege. This privilege level applies to all members of the group.

    • Administrator - Can use all features in the Home view.

    • Operator - Can view all pages and settings in the Home view, but cannot change any settings or perform any actions. Cannot access the Remote KVM page.

    • User - Can view these pages in the Home view- Sensor Reading, Event Log, Date and Time, SSL Certificate, Services, and Audit Log. Cannot change any settings or perform any actions. Cannot access the Remote KVM page.

    • No Access - The user is saved in the system, but is not allowed to access the Home view.

  7. Click Save.

    The LOM Card recognizes the LDAP group.

Changing the Privilege Level of an LDAP Group

You can change the privilege level of an LDAP group.

  1. From the left navigation panel, click LOM (or LOM view) > User Configuration > LDAP Groups.

  2. Select the LDAP group by clicking the three dots in the top right of the box that contains the name of the LDAP group.

    Three dots icon:

  3. Select Edit.

  4. From the drop-down menu, select a Group Privilege. This privilege level to apply to all members of the group.

    • Administrator - Can use all features in the Home view.

    • Operator - Can view all pages and settings in the Home view, but cannot change any settings or perform any actions. Cannot access the Remote KVM page.

    • User - Can view these pages in the Home view- Sensor Reading, Event Log, Date and Time, SSL Certificate, Services, and Audit Log. Cannot change any settings or perform any actions. Cannot access the Remote KVM page.

    • No Access - The user is saved in the system, but is not allowed to access the Home view.

  5. Click Save.

    The new privilege level applies to the LDAP group.

Renaming an LDAP Group

You can rename an LDAP group in the LOM Card WebUI.

  1. From the left navigation panel, click the LOM (or LOM view) > User Configuration > LDAP Groups.

  2. Click the three dots in the top right corner of the rectangle that contains the name of the LDAP group.

    Three dots icon:

  3. Select Edit.

  4. Below Group Name, enter a new name.

  5. Click Save.

    The new name appears for the LDAP group in the LOM Card WebUI.