iLO Configuration with Active directory

larryb — Tue, 25 Sep 2007 13:20:06 GMT

Dear Ms.Sir,

I am configuring iLO and AD so that we can do authentication using AD. We have extended the schema in AD for iLO. When we we try to authenticate as an AD user we get the folowing error.

Warning: certificate does not match Directory Server Address 10.64.2.10.
Unable to access directory with LOM Object Password.

I'm not sure why the iLO is looking for the ip address and not the host name.

Thank you in advance for your help.

Best regards,
Larry

Re: iLO Configuration with Active directory

HP_Sammy — Tue, 25 Sep 2007 14:42:38 GMT

I dont know why that link is not working

try this

http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual〈=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=18964&prodSeriesId=397989

Go to whitepapers and under that u will find a doc for integrating iLO with AD

Cheers :)

Re: iLO Configuration with Active directory

HP_Sammy — Tue, 25 Sep 2007 21:50:56 GMT

Hi Larry,

Try Following and also check pg 27 of pdf

********************************************

HP Proliant iLO/RILOE Authentication with MS Active Directory

( Schema-less Configuration ) Schem Free !

Required: HP iLO/RILEO Firmware : v1.91 (or later)

HP iLO/RILEO Configuration

1) Login to the iLO/RILEO as the â Administratorâ User

2) Goto the â Administrationâ tab and select â Directory Servicesâ

3) Configure â Directory Settingsâ with the following information:

[formatted]
Authentication Settings

Å¾ Use Directory Default Schema

Directory Server Settings
Directory Server Address: servername.HP.com

Directory Server LDAP Port: 636

Select â Apply Settingsâ (answer â Yes/OKâ on any subsequent questions)
[unformatted]

4) Select â Administer Groupsâ . Highlight â Administratorâ and select â View/Modifyâ

5) Configure the â Administrator Group Settingsâ with the following information:
Security Group Distinguished Name: CN=Administrators,OU=Groups,DC=HP,DC=com

Administer Group Accounts: Yes

Remote Console Access: Yes

Virtual Power and Reset: Yes

Virtual Media: Yes

Configure iLO Settings: Yes
Select â Save Group Informationâ

6) Return to the â Directory Settingsâ Page and select â Test Settingsâ . Enter a â Test User Nameâ and â Test User Passwordâ to validate the configuration.

NOTE : Ensure that you use the appropriate Distinguished Name (DN) for the user that youâ re going to test with. Check Active Directory for the appropriate DN for the user container.

[formatted]
Active Directory Users and Computers

- Find the user

- Righ Click on the User Object

- Select â Name Mapping â ¦â

(Here is where some basic knowledge of directory services is needed as to what to context use â CN=Container, OU=Organizational Unit, DC=Domain etc.)

ie: CN=LastName\, FirstName,OU=Users,DC=HP,DC=com

NOTE: Since â ,â are delimiters for a DN, they will need to be escaped with a â \â when being used.

Server Name: servername

iLO name: iLOname

Current User: Administrator
[unformatted]

A successful test will render the following output: [Administration â Directory Settings]

Directory Tests

[formatted]
RESULTS
Overall Status Passed
Test Description Status
Ping Directory Server Passed
Directory Server IP address Not run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Passed
Directory Administrator login Not Run
User Authentication Passed
User Authorization Passed
Directory User Context 1 Not Run
Directory User Context 2 Not Run
Directory User Context 3 Not Run
LOM Object exists Not Run
LOM Object password Not Run
[unformatted]

TEST LOG
Directory Server address servername.HP.com resolved to 192.168.1.1

Accepting Directory Server certificate for /servername.HP.com signed by /DC=com/DC=HP/CN=Common Certificate Issuer

Test user CN=LastName\, FirstName,OU=Users,DC=HP,DC=comauthenticated.

Cumulative rights gained:

Â· Login

Â· Administer Local User Accounts

Â· Remote Console Access

Â· Virtual Power and Reset

Â· Virtual Media

Â· Configure Local Device (iLO) Settings

Test Complete.

IE/Web browser Configuration

In order for the IE (ActiveX Control) to translate your Username into the proper Distinguished Name (DN) for the iLO Authentication, the following needs to be configured:

1) Within IE, select â Tools Ã Internet Optionsâ

2) On the â Securityâ Tab, select â Custom Levelâ ¦â

3) Ensure the following is set with regards to â ActiveX Controls and Plug- Insâ

a. Automatic prompting of ActiveX controls: Enable

b. Binary and Script behavior: Enable

c. Download signed ActiveX controls: Prompt

d. Download unsigned ActiveX controls: Prompt

e. Initialize and script ActiveX controls not marked as safe: Prompt

f. Run ActiveX controls and plug-ins: Enable

g. Script ActiveX controls marked safe for scripting: Enable

4) Select â OKâ (on any subsequent diaglog boxes).

5) Restart IE and access the iLO

At this point, the configuration is complete for the iLO and IE to be able to accept MS Active Directory accounts for authentication and authorities.

Valid representation of Usernames are: \ - a.k.a NetBIOS Username @ - a.k.a. User Principle Name (UPN)

********************************************

Cheers :)

Re: iLO Configuration with Active directory

KarloChacon — Wed, 26 Sep 2007 00:20:11 GMT

hi larryb

try this thread

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1005787

regards

Re: iLO Configuration with Active directory

larryb — Wed, 26 Sep 2007 07:42:29 GMT

Hi All,

Thank you all for your help. We found the problem. We were using the default iLO password to try and logon not the AD password. In addition to that we had the LDAPdn full qualified path wrong. IE: cn=aduser,dc=example,dc=com

again thank you for your help.

topic iLO Configuration with Active directory in Server Management - Remote Server Management

iLO Configuration with Active directory

Re: iLO Configuration with Active directory

Re: iLO Configuration with Active directory

Re: iLO Configuration with Active directory

Re: iLO Configuration with Active directory

Re: iLO Configuration with Active directory

Re: iLO Configuration with Active directory