Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

iLO Configuration with Active directory

SOLVED
Go to solution
Highlighted
larryb
Acclaimed Contributor

iLO Configuration with Active directory

Dear Ms.Sir,

I am configuring iLO and AD so that we can do authentication using AD. We have extended the schema in AD for iLO. When we we try to authenticate as an AD user we get the folowing error.

Warning: certificate does not match Directory Server Address 10.64.2.10.
Unable to access directory with LOM Object Password.

I'm not sure why the iLO is looking for the ip address and not the host name.

Thank you in advance for your help.

Best regards,
Larry
6 REPLIES
HP_Sammy
Occasional Contributor
HP_Sammy
Occasional Contributor

Re: iLO Configuration with Active directory

I dont know why that link is not working

try this

http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual〈=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=18964&prodSeriesId=397989

Go to whitepapers and under that u will find a doc for integrating iLO with AD

Cheers :)
HP_Sammy
Occasional Contributor
Solution

Re: iLO Configuration with Active directory

Hi Larry,

Try Following and also check pg 27 of pdf



********************************************



HP Proliant iLO/RILOE Authentication with MS Active Directory

( Schema-less Configuration ) Schem Free !

Required: HP iLO/RILEO Firmware : v1.91 (or later)

HP iLO/RILEO Configuration

1) Login to the iLO/RILEO as the â Administratorâ User

2) Goto the â Administrationâ tab and select â Directory Servicesâ

3) Configure â Directory Settingsâ with the following information:

[formatted]
Authentication Settings

ž Use Directory Default Schema

Directory Server Settings
Directory Server Address: servername.HP.com

Directory Server LDAP Port: 636

Select â Apply Settingsâ (answer â Yes/OKâ on any subsequent questions)
[unformatted]

4) Select â Administer Groupsâ . Highlight â Administratorâ and select â View/Modifyâ

5) Configure the â Administrator Group Settingsâ with the following information:
Security Group Distinguished Name: CN=Administrators,OU=Groups,DC=HP,DC=com

Administer Group Accounts: Yes

Remote Console Access: Yes

Virtual Power and Reset: Yes

Virtual Media: Yes

Configure iLO Settings: Yes
Select â Save Group Informationâ

6) Return to the â Directory Settingsâ Page and select â Test Settingsâ . Enter a â Test User Nameâ and â Test User Passwordâ to validate the configuration.

NOTE : Ensure that you use the appropriate Distinguished Name (DN) for the user that youâ re going to test with. Check Active Directory for the appropriate DN for the user container.

[formatted]
Active Directory Users and Computers

- Find the user

- Righ Click on the User Object

- Select â Name Mapping â ¦â

(Here is where some basic knowledge of directory services is needed as to what to context use â CN=Container, OU=Organizational Unit, DC=Domain etc.)

ie: CN=LastName\, FirstName,OU=Users,DC=HP,DC=com

NOTE: Since â ,â are delimiters for a DN, they will need to be escaped with a â \â when being used.

Server Name: servername

iLO name: iLOname

Current User: Administrator
[unformatted]

A successful test will render the following output: [Administration â Directory Settings]

Directory Tests

[formatted]
RESULTS
Overall Status Passed
Test Description Status
Ping Directory Server Passed
Directory Server IP address Not run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Passed
Directory Administrator login Not Run
User Authentication Passed
User Authorization Passed
Directory User Context 1 Not Run
Directory User Context 2 Not Run
Directory User Context 3 Not Run
LOM Object exists Not Run
LOM Object password Not Run
[unformatted]

TEST LOG
Directory Server address servername.HP.com resolved to 192.168.1.1

Accepting Directory Server certificate for /servername.HP.com signed by /DC=com/DC=HP/CN=Common Certificate Issuer

Test user CN=LastName\, FirstName,OU=Users,DC=HP,DC=comauthenticated.

Cumulative rights gained:

· Login

· Administer Local User Accounts

· Remote Console Access

· Virtual Power and Reset

· Virtual Media

· Configure Local Device (iLO) Settings

Test Complete.

IE/Web browser Configuration

In order for the IE (ActiveX Control) to translate your Username into the proper Distinguished Name (DN) for the iLO Authentication, the following needs to be configured:

1) Within IE, select â Tools à Internet Optionsâ

2) On the â Securityâ Tab, select â Custom Levelâ ¦â

3) Ensure the following is set with regards to â ActiveX Controls and Plug- Insâ

a. Automatic prompting of ActiveX controls: Enable

b. Binary and Script behavior: Enable

c. Download signed ActiveX controls: Prompt

d. Download unsigned ActiveX controls: Prompt

e. Initialize and script ActiveX controls not marked as safe: Prompt

f. Run ActiveX controls and plug-ins: Enable

g. Script ActiveX controls marked safe for scripting: Enable

4) Select â OKâ (on any subsequent diaglog boxes).

5) Restart IE and access the iLO

At this point, the configuration is complete for the iLO and IE to be able to accept MS Active Directory accounts for authentication and authorities.

Valid representation of Usernames are: \ - a.k.a NetBIOS Username @ - a.k.a. User Principle Name (UPN)


********************************************


Cheers :)
KarloChacon
Frequent Visitor

Re: iLO Configuration with Active directory

hi larryb

try this thread

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1005787

regards
Didn't your momma teach you to say thanks!
larryb
Acclaimed Contributor

Re: iLO Configuration with Active directory

Hi All,

Thank you all for your help. We found the problem. We were using the default iLO password to try and logon not the AD password. In addition to that we had the LDAPdn full qualified path wrong. IE: cn=aduser,dc=example,dc=com

again thank you for your help.

//Add this to "OnDomLoad" event