Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

Directory Integration iLo v1

Highlighted
René Johnen
Acclaimed Contributor

Directory Integration iLo v1

Hi

We want integrate Directory Authentification for iLo v1. And i have many Problems with that.

1. I´ve built a testserver with Windows Server 2003 SE. This Server is a domaincontroller for the domain test.local.
2. On the same server, i´ve integrate a certifiate authority.
3. in the grouppolices i´ve done the automatic registration for the certificate.
4. I make the user test and the group testgroupilo. The user test in the group testgroupilo.
5 In iLo i have this options
Directory Server Address: IP from the DC
Directory Server LDAP Port: 636
Directory User Context 1:CN=testgroupilo,CN=users,DC=test,DC=local

Now the Test has the folling results

The Informations in the Directory Test Controls
Test User Name: CN=test,CN=users,DC=test,DC=local
Test User Password: Tester01.
(that is the same in AD)

What is wrong in my Options?
8 REPLIES
barnett chan
Frequent Visitor

Re: Directory Integration iLo v1

Make sure your network settings reflect the same for Domain, and DNS settings. Try to change the Directory Server Address from IP to the domain name (test.local). Do a nslookup to make sure it resolves your dns correctly. Ping test.local, and it should reply to the ping. If ping does not reply, check your DNS settings.
René Johnen
Acclaimed Contributor

Re: Directory Integration iLo v1

My DNS Server is the same as the AD-Server

The IP 10.20.63.19 is for the dc and dns. This Adresses have i fill in the options.

In DNS i have taken the option secure and non-secure updates.
barnett chan
Frequent Visitor

Re: Directory Integration iLo v1

Is the nslookup reporting correctly? Make sure to turn off IPv6 if you have it enabled. This will make troubleshooting easier.
Keep everything basic, and add a user in the Users container, like "test user". Make him part of the "hprole". Try to log on with "test user", and see if you can logon to iLO.
René Johnen
Acclaimed Contributor

Re: Directory Integration iLo v1

OK The Testsettings are ok. ;)

I have 3 Users:
1. testuser (allowed to use ilo)
2. testallowed (allowed to use ilo)
3. testnotallowed (not allowed to use ilo)

In the testsetting is all ok. If i test User 3 it says me, user have not login rights. But if i login with the account 3, ilo allowed me to use ilo. Thats incorrectly.
Perhaps can be based the following Error
barnett chan
Frequent Visitor

Re: Directory Integration iLo v1

You need to disable the security override. It may be a dip switch or a jumper setting. Look on your system hood for information on how to disable it. If security override enabled, anyone can logon to iLO.
René Johnen
Acclaimed Contributor

Re: Directory Integration iLo v1

ok i´m understand.
Where can I disable the security override?
Can I configure it in iLo, or must i install the HP Agents?
barnett chan
Frequent Visitor

Re: Directory Integration iLo v1

This is a hardware setting. It may be a switch or a jumper. On iLO 1, it may be a jumper. It will be labeled as iLO Override on the Server hood label. The label may be on top or inside the hood.
René Johnen
Acclaimed Contributor

Re: Directory Integration iLo v1

Ok now i can use the AD-authetification. Thank you
//Add this to "OnDomLoad" event