users command

This command displays and configures user accounts, also called user profiles, of the primary management module.

Important: Command authority definitions might change between firmware versions. Make sure that the command authority level set for each user is correct after updating management-module firmware.
Table 1. users (management-module users) command
Function What it does Command Valid targets
Display all user profiles Displays all 12 management-module user profiles. Returned values are:
  • User name
  • Authority level
  • Current log in or log out state
  • Password compliance
  • State of account (active or inactive)
  • Number of SSH public keys installed for user
 users 
                           -T system:mm[x]

where x is the primary management-module bay number.
Display active users Displays all users that are currently logged in to the management module. Returned values include:
  • User name
  • User IP address
  • Connection type (SNMPv1, SNMPv3, SSH, TCP command mode, Telnet, Web)
  • Session ID
 users -curr 
                           -T system:mm[x]

where x is the primary management-module bay number.
Terminate user session Terminates the specified user login session.
Note: The session ID is found by running the users -curr command.
 users -ts sessionID

where sessionID is a number that corresponds to the user session ID.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Display single user profile Displays the specified management-module user profile. Returned values are:
  • User name
  • Authority level
  • Context name
  • Authentication protocol
  • Privacy protocol
  • Access type
  • Hostname/IP address
  • Maximum simultaneous sessions allowed
  • Number of active sessions
  • Password compliance
  • Password expiration date
  • Account state
  • Number of SSH public keys installed for this user
  • Last time this user logged in
 users - user_number

where user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.

 
                           -T system:mm[x]

where x is the primary management-module bay number.
Delete user profile Delete the specified management-module user profile. users - user_number -clear

where user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list. It is possible to delete an empty user profile.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Disable user account Disable the specified management-module user account. users - user_number -disable

where user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
  • Chassis administration
  • Chassis configuration
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Enable user profile Enable a disabled management-module user account. users - user_number -enable

where user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
  • Chassis administration
  • Chassis configuration
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Unlock user profile Unlock a locked management-module user account. users - user_number -unlock

where user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
  • Chassis administration
  • Chassis configuration
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.

Create user profile

Create the specified management-module user profile.

All fields must be specified when creating a user profile for the BladeCenter T management module.

For management modules other than those installed in a BladeCenter T unit, only the following user-profile fields are required:

  • -user_number
  • -n user_name
  • -a user_authority
  • -p user_password
users - user_number

-n user_name

-p user_password -a user_authority -cn context_name -ap auth_protocol -pp privacy_protocol -ppw privacy_pwd -at access_type -i ip_addr/hostname -ms max_sessions

where:

  • user_number is a number from 1 to 12 that corresponds to an unused user number in the "Display all user profiles" list.
  • user_name is an alphanumeric string up to 15 characters in length that can include periods ( . ) and underscores ( _ ). Each of the 12 user names must be unique.
  • user_password can be blank or an alphanumeric string up to 15 characters in length that can include periods ( . ) and underscores ( _ ), and must include at least one alphabetic and one non-alphabetic character.
  • user_authority is one of the following:

(continued on next page) 

                           -T system:mm[x]

where x is the primary management-module bay number.

Create user profile

(continued)

 
  • context_name is an alphanumeric string up to 31 characters in length that can include periods ( . ) and underscores ( _ ).
  • auth_protocol choices are:
    • md5
    • sha
    • none
  • privacy_protocol choices are:
    • des
    • aes
    • none
  • privacy_pwd is an alphanumeric string up to 31 characters in length that can include periods ( . ) and underscores ( _ ).
  • access_type choices are:
    • get
    • set
    • trap
  • ip_addr/hostname is up to 63 characters in length.
  • max_sessions is a number from 0 to 20.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
  
Set user name Sets a user name in the specified management-module user profile. users - user_number -n user_name

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • user_name is a alphanumeric string up to 15 characters in length that can include periods ( . ) and underscores ( _ ). Each of the 12 user names must be unique.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set user password Sets a user password in the specified management-module user profile. users - user_number -p user_password

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • user_password can be blank or an alphanumeric string up to 15 characters in length that can include periods ( . ) and underscores ( _ ), and must include at least one alphabetic and one non-alphabetic character.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Change user password Changes the user password in the specified management-module user profile.
Note: Users can change their own password even if they do not have authority to manage accounts. The -op option is only used when changing your own password
 users - user_number -op old_password -p new_password

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • old_password is the current password for the specified user.
  • new_password can be blank or an alphanumeric string up to 15 characters in length that can include periods ( . ) and underscores ( _ ), and must include at least one alphabetic and one non-alphabetic character.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.

Set user authority level

Sets a user authority level in the specified management-module user profile. users - user_number -a user_authority

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • user_authority is one of the following:
    • operator (read-only)
    • rbs (custom)

The custom authority level parameter is specified using the following syntax:

                           rbs:levels:devices
where the levels are one or more of the following authority levels, separated by a vertical bar ( | ):
  • super (Supervisor)
  • cam (Chassis User Account Management)
  • clm (Chassis Log Management)
  • co (Chassis Operator)
  • cc (Chassis Configuration)
  • ca (Chassis Administration)
  • bo (Blade Operator)
  • brp (Blade Remote Present)
  • bc (Blade Configuration)
  • ba (Blade Administration)
  • so (I/O Module Operator)
  • sc (I/O Module Configuration)
  • sa (I/O Module Administration)
(continued on next page) 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set user authority level

(continued)

Notes:
  • The LDAP authority levels are not supported by the management-module web interface.
  • To use the LDAP authority levels, make sure that the version of LDAP security used by the management module is set to v2 (enhanced role-based security model). See ldapcfg command for information.

The levels can also include one or more of the following authority levels when using LDAP.

  • brpv (Blade Remote Presence View Video)
  • brpk (Blade Remote Presence KVM)
  • brpr (Blade Remote Presence Remote Drive Read)
  • crpru (Blade Remote Presence Remote Drive Read or Write)
  • rps (Remote Presence Supervisor)

where the devices are one or more of the following devices, separated by a vertical bar ( | ). Ranges of devices are separated by a dash ( - ).

  • c n (Chassis n, where n is a valid chassis number. Use c1 for single-chassis environments.)
  • b n (Blade n, where n is a valid blade bay number in the chassis)
  • s n (I/O module n, where n is a valid I/O module bay number in the chassis)
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
  
Set maximum number of simultaneous sessions for user Sets the maximum number of simultaneous login sessions for the specified user. users - user_number -ms max-session

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • max-session is a number from 0 to 20 that sets the maximum number of simultaneous sessions for the user. A value of 0 means that there is no session limit for the user.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set SNMPv3 user context name Sets an SNMPv3 context name in the specified management-module user profile.

The context name defines the context the SNMPv3 user is working in. A context name can be shared by multiple users.

 users - user_number -cn context_name

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • context_name is a string up to 31 characters in length. Each of the 12 context names must be unique.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set SNMPv3 user authentication protocol Sets the SNMPv3 authentication protocol to be used for the specified management-module user profile. users - user_number -ap auth_protocol

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • auth_protocol is:
    • sha
    • md5
    • none
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set SNMPv3 user privacy protocol Sets the SNMPv3 privacy protocol to be used for the specified management-module user profile.

If the privacy protocol is set to none, no -ppw command option (privacy password) is required.

 users - user_number -pp privacy_protocol

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • privacy_protocol is:
    • aes
    • des
    • none
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set privacy password for SNMPv3 user Sets an SNMPv3 privacy password in the specified management-module user profile. users - user_number -ppw privacy_pwd

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • privacy_pwd is a string up to 31 characters in length.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set access type for SNMPv3 user Sets an SNMPv3 access type for the specified management-module user profile.

This command supports the following access types:

  • get: the user can query Management Information Base (MIB) objects and receive traps.
  • set: the user can query and set MIB objects and receive traps.
  • trap: the user can only receive traps.
 users - user_number -at access_type

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • access_type is
    • get
    • set
    • trap
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Set IP address or hostname for SNMPv3 trap receiver Sets the IP address or hostname that will receive SNMPv3 traps for the specified management-module user profile. users - user_number -i ip_addr/hostname

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • ip_addr/hostname is a valid static IP address or an alphanumeric hostname string up to 63 characters in length.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Display SSH public key Displays the entire specified SSH public key for the specified user in OpenSSH format.
Note: The -pk and -e options must be used exclusive of all other users command options.
 users - user_number -pk - key_index -e

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • key_index identifies the key number from 1 to 12 to display. If the -key_index is all, then all keys for the user are displayed.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Add SSH public key Adds an SSH public key for the specified user.
Notes:
  • The -pk and -add options must be used exclusive of all other users command options.
  • The SSH Public Key is added to the first available storage location. Each advanced management module can support up to 12 SSH public keys.
  • Each user is permitted a maximum of four SSH public keys, if the space is available.
 users - user_number -pk -add key

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • key is a valid key in OpenSSH format.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Add specific SSH public key Adds a specific SSH public key for the specified user.
Note: The -pk and -add options must be used exclusive of all other users command options.
 users - user_number -pk - key_index -add key

where:

  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • key_index identifies the key number from 1 to 12 to add.
  • key is a valid key in OpenSSH format.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Remove SSH public key Removes an SSH public key for the specified user.
Note: The -pk and -remove options must be used exclusive of all other users command options.
 users - user_number -pk - key_index -remove
  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • key_index identifies the key number from 1 to 12 to remove. If the -key_index is "all", then all keys for the user are removed.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Upload SSH public key Uploads a new SSH public key. users - user_number -pk -upld -i ip_addr/hostname -l filename
  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • ip_addr/hostname is a valid static IPv4 or IPv6 IP address or an alphanumeric hostname string up to 63 characters in length of the TFTP server.
  • filename is the filename of the key file. Keys must be in OpenSSH format.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Replace SSH public key Replaces an existing SSH public key. users - user_number -pk - key_index -upld -i ip_addr/hostname -l filename
  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • key_index identifies the key number from 1 to 12 to replace.
  • ip_addr/hostname is a valid static IPv4 or IPv6 IP address or an alphanumeric hostname string up to 63 characters in length of the TFTP server.
  • filename is the filename of the key file. Keys must be in OpenSSH format.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Download SSH public key Downloads a specific SSH public key to a TFTP server.
Note: The -pk and -dnld options must be used exclusive of all other users command options.
 users - user_number -pk - key_index -dnld -i ip_addr/hostname -l filename
  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the Display all user profiles list.
  • key_index identifies the key number from 1 to 12 to upload.
  • ip_addr/hostname is a valid static IPv4 or IPv6 IP address or an alphanumeric hostname string up to 63 characters in length of the TFTP server.
  • filename is the filename of the key file.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Connect to SSH public key Accept connections from SSH public key host. users - user_number -pk - key_index -af from="list"
  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • key_index identifies the key number from 1 to 12 to connect.
  • "list" is a comma-separate list of hostnames and IP addresses. The list is an alphanumeric string up to 511 characters in length that can include alphanumeric characters, commas, asterisks, question marks, exclamation points, periods, and hyphens. The string must be enclosed in double-quotes.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Comment SSH public key Add comment to an SSH public key. users - user_number -pk - key_index -cm "comment"
  • user_number is a number from 1 to 12 that corresponds to the user number assigned in the "Display all user profiles" list.
  • key_index identifies the key number from 1 to 12 to comment.
  • "comment" is up to 255 characters in length, enclosed in double-quotes.
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
                           -T system:mm[x]

where x is the primary management-module bay number.
Example: To create user number 3 with a user name of user3 who has supervisor rights to all BladeCenter components, while management module 1 is set as the persistent command environment, at the system:mm[1]> prompt, type 
                  users -3 -n user3 -p passw0rd -a rbs:super:c1|b1-b14|s1-s4 -cn joe -ap md5 -pp des
               
                  -ppw passw0rd -at get -I 192.168.70.129
Note: The entry beginning with users -3 -n... is shown with a line break after -pp des. When this command is entered, the entire entry must all be on one line.
To display all users, while management module 1 is set as the persistent command environment, at the system:mm[1]> prompt, type 
                  users

The following example shows the information that is returned from these commands:

Note: The entry beginning with users -3 -n... is shown with a line break after -a rbs:super:c1|b1-b14|s1-s4. When this command is entered, the entire entry must all be on one line.
               system:mm[1]> users -3 -n user3 -p passw0rd -a rbs:super:c1|b1-b14|s1-s4
-cn joe -ap md5 -pp des -ppw passw0rd -at get -I 192.168.70.129
OK
            
               system:mm[1]> users
0 active session(s)
Password compliant
Account active
   Role:cam
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4|5|6|7|8|9|10
There are no SSH public keys installed for this user
2. kprevent
0 active session(s)
Password compliant
Account active
   Role:supervisor
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4|5|6|7|8|9|10
There are no SSH public keys installed for this user
3. johnh
0 active session(s)
Password compliant
Account active
   Role:supervisor
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4|5|6|7|8|9|10
There are no SSH public keys installed for this user
4. toms
1 active session(s)
Password compliant
Account active
   Role:supervisor
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4|5|6|7|8|9|10
Number of SSH public keys installed for this user: 3
5. <not used>
6. <not used>
7. <not used>
8. <not used>
9. <not used>
10. <not used>
11. <not used>
12. <not used>
system:mm[1]>
Parent topic: Command syntax