racadm remote configuration

Hello

Please send a private message with your service tag to ensure we have all appropriate information on your system.

Thanks

You can try racadm get -f and racadm set -f commands for this. 

First you can download iDRAC configuration from one iDRAC to a file with below command

racadm -r iDRAC IP/FQDN -u root -p calvin get -f c:\iDracConfig.txt

Now  "iDracConfig.txt" will have all iDRAC configuration. You can edit this file to make necessary configuration changes

Note : You can also make all required changes in one iDRAC and run the above command to get iDRAC configuration file with all required changes. This way errors while editing the file will be eliminated.

You can also remove some unwanted configuration from "iDracConfig.txt" file to reduce import time

Note : You need to be careful while doing this and ensure complete section including title are removed if you do not want any attributes in that section to be configured. If you want only selected attribute in a section to be configured ensure you are deleting only those attributes keeping title and required attributes.

Once you have the "iDracConfig.txt" file ready with all changes you can run below racadm command on all iDRAC to configure

racadm -r iDRAC IP/FQDN -u root -p calvin set -f c:\iDracConfig.txt

As soon as I start removing sections I don't want I get this from racadm set -f

ERROR: The specified configuration file does not seem to contain valid data

Can you share below details so that I can check the same

1. Server Model
2. iDRAC FW Version
3. Racadm Version
4. Set of attributes you are trying to configure
5. Try to configure awithout deleting any entries from the file and see whether that is successful

Note : Ensure you are editing the file using notepad. Do not use application like wordpad

1. Server Model:  R630
2. iDRAC FW Version 2.52.52.52 (build 12)
3. Racadm Version 8.5.0 (Build 2372)
4. Set of attributes you are trying to configure 

[cfgActiveDirectory]
cfgADEnable=$ADEnable
cfgADAuthTimeout=120
cfgADType=2
cfgADCertValidationEnable=1
cfgADSSOEnable=0
cfgADDcSRVLookupEnable=1
cfgADDcSRVLookupbyUserdomain=0
cfgADDcSRVLookupDomainName=$domain
cfgADGcSRVLookupEnable=1
cfgADGcRootDomain=$domain

[cfgLDAP]
cfgLdapEnable=$LDAPEnable
cfgLdapServer=$DUOLDAP
cfgLdapPort=$LDAPPort
cfgLdapBaseDN=$SearchDN
cfgLdapUserAttribute=samaccountname
cfgLdapGroupAttribute=member
cfgLdapGroupAttributeIsDN=1
cfgLdapBindDN=$LDAPUser
cfgLdapBindPassword=$DRACBindPwd
cfgLdapCertValidationEnable=1

[cfgLdapRoleGroup]
cfgLdapRoleGroupDN=$LDAPROLEGroup
cfgLdapRoleGroupPrivilege=0x000001ff

[cfgStandardSchema]
cfgSSADRoleGroupName=$PermGroup
cfgSSADRoleGroupDomain=$domain
cfgSSADRoleGroupPrivilege=0x000001ff

[cfgUserDomain]
cfgUserDomainName=$domain

[cfgLanNetworking]
cfgNicEnable=1
cfgNicIPv4Enable=1
cfgNicUseDhcp=1
cfgNicVLanEnable=0
cfgNicVLanID=1
cfgNicVLanPriority=0
cfgNicSelection=1
cfgDNSServersFromDHCP=Enabled
cfgDNSRacName=$hostname
cfgDNSDomainName=$newDRACFQDN
cfgDNSDomainNameFromDHCP=Disabled
cfgDNSRegisterRac=1
cfgNicFailoverNetwork=None

[cfgUserAdmin]
cfgUserAdminPassword=$newDracPwd
cfgUserAdminEnable=1
cfgUserAdminPrivilege=0x000001ff
cfgUserAdminIpmiLanPrivilege=4
cfgUserAdminIpmiSerialPrivilege=4
cfgUserAdminSolEnable=1

5. Try to configure awithout deleting any entries from the file and see whether that is successful

That works

Can you try with below changes

• Update racadm to latest 9.1.0. You can download same from https://downloads.dell.com/FOLDER04651959M/1/OM-DRAC-Dell-Web-WINX64-9.1.0-2771_A00.exe 
• Looks like you are using getconfig -f /config -f for configuration. This is an old method. Can you try with new method get -f / set -f.
• If you are using getconfig -f /config -f, you need to mentioned Index attribute with hash value for groups which have multiple index. E.g. cfgLdapRoleGroup, cfgStandardSchema, cfgUserDomain and cfgUserAdmin. Your config should looks like

[cfgActiveDirectory]
cfgADEnable=$ADEnable
cfgADAuthTimeout=120
cfgADType=2
cfgADCertValidationEnable=1
cfgADSSOEnable=0
cfgADDcSRVLookupEnable=1
cfgADDcSRVLookupbyUserdomain=0
cfgADDcSRVLookupDomainName=$domain
cfgADGcSRVLookupEnable=1
cfgADGcRootDomain=$domain

[cfgLDAP]
cfgLdapEnable=$LDAPEnable
cfgLdapServer=$DUOLDAP
cfgLdapPort=$LDAPPort
cfgLdapBaseDN=$SearchDN
cfgLdapUserAttribute=samaccountname
cfgLdapGroupAttribute=member
cfgLdapGroupAttributeIsDN=1
cfgLdapBindDN=$LDAPUser
cfgLdapBindPassword=$DRACBindPwd
cfgLdapCertValidationEnable=1

[cfgLdapRoleGroup]
# cfgLdapRoleGroupIndex=1
cfgLdapRoleGroupDN=$LDAPROLEGroup
cfgLdapRoleGroupPrivilege=0x000001ff

[cfgStandardSchema]
# cfgSSADRoleGroupIndex=1
cfgSSADRoleGroupName=$PermGroup
cfgSSADRoleGroupDomain=$domain
cfgSSADRoleGroupPrivilege=0x000001ff

[cfgUserDomain]
# cfgUserDomainIndex=1
cfgUserDomainName=$domain

[cfgLanNetworking]
cfgNicEnable=1
cfgNicIPv4Enable=1
cfgNicUseDhcp=1
cfgNicVLanEnable=0
cfgNicVLanID=1
cfgNicVLanPriority=0
cfgNicSelection=1
cfgDNSServersFromDHCP=Enabled
cfgDNSRacName=$hostname
cfgDNSDomainName=$newDRACFQDN
cfgDNSDomainNameFromDHCP=Disabled
cfgDNSRegisterRac=1
cfgNicFailoverNetwork=None

[cfgUserAdmin]
# cfgUserAdminIndex=2
cfgUserAdminPassword=$newDracPwd
cfgUserAdminEnable=1
cfgUserAdminPrivilege=0x000001ff
cfgUserAdminIpmiLanPrivilege=4
cfgUserAdminIpmiSerialPrivilege=4
cfgUserAdminSolEnable=1

Note : I assume all the varibales in the config file(E.g. $ADEnable) shown above is replaced with actual value before applying.

AD and LDAP can not be enabled same time. Only one will work at a time.

ok I will try that, and yes those are variables input via a powershell gui I wrote.  The admin setting up the drac can flip between straight AD auth or LDAP (also using AD) but using LDAP via a DUO proxy so the user login gets two factored.