Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

iLO authentication, Directory Default Schema

Highlighted
Jon D.
Acclaimed Contributor

iLO authentication, Directory Default Schema

The iLO firmware version is 1.82. I have configured the iLO directory services according to the instructuction http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf, page 22 "Schema-free integration using the iLO web interface". See the picture in attachment.

I have some users accounts in Windows Active Directory who member Domain Admins group.

My problem is: some Domain Admins users may to logon to the iLO web interface and the some users cannot.

If users canntot login to iLO then the Login Delay page displayed: "iLO has detected a failed login attempt. Cause: Unauthorized. Please wait for login prompt."

If I try "Directory Tests":

1. User with succeessful logon:
User Authentication Passed
Test user cn=User1,CN=Users,DC=ex,DC=domain,DC=com authenticated.
Cumulative rights gained...

2. User with failed logon:
User Authentication Failed
Unable to authenticate test user User2 [Invalid credentials]

Any ideas why some users not cannot logon to iLO?

2 REPLIES
Rajeshwari, Hir
Frequent Visitor

Re: iLO authentication, Directory Default Schema

Please try using full name (it is displayed user properties in the active directory) for login instead of login name.

Or try using the login name with domain (ex: loginname@domain) format with "Active X" enabled in your browser.
Jon D.
Acclaimed Contributor

Re: iLO authentication, Directory Default Schema

Thank you for advice! I have localized a problem. If account's cn or name properties (terms of AD objects) contained national characters like cyrillic alphabet then logon impossible!

Interestingly that in Account Login in web interface I can use:
1. canonicalName (example: office.domain.com/Users/user1);
2. cn (example: user1);
3. name (example: user1);
4. displayName (example: user1);
5. distinguishedName (example: CN=user1,CN=Users,DC=office,DC=domain,DC=com);
6. userPrincipialName (example: user1@office.domain.com)

Logon by sAMAccountName not possible.

But how to solve problem with national characters without renaming accounts?
//Add this to "OnDomLoad" event