topic Re: ILO2 SSO problem in Server Management - Remote Server Management

ILO2 SSO problem

sdb_2 — Wed, 25 Nov 2009 13:21:34 GMT

We are using C7000 enclosures and BL460C blades. On the C7000 ILO's, we defined users for the other teams.
With this users they can log on to the ILO of the enclosure and go to the ILO of one particular blade via SSO.

Is it possible to give this operators enough rights to reset the ILO of the blades, without giving them the "administrator - right"?

I can define users in the ILO2 of our blades, but how can I change settings for the "SSO user" from the enclosure?

Thanks in advance

Re: ILO2 SSO problem

acartes — Mon, 30 Nov 2009 15:23:21 GMT

From the Onboard Administrator, navigate to the Users page, then local users. For each user, there is a matrix of the bays that they have access to, allowing you to restrict certain user accounts from specific bays.

From the same page, the Privilege level can also be configured. This level will translate to corresponding iLO privileges when that account is used to access iLO from the Onboard Adminstrator.

Re: ILO2 SSO problem

sdb_2 — Tue, 01 Dec 2009 07:10:50 GMT

Thanks, but when I look at this privilege levels, there's only user - operator and administrator.
The user is now an operator, but he can't reset the ILO of the blades.
When I give him the "administrator privilege", he sure can do this but also a lot of other things he shouldn't be able to...

Is there any other way to give the user the right to reset ILO of a blade, while he still is an operator (not an administrator)?

Re: ILO2 SSO problem

acartes — Tue, 01 Dec 2009 17:17:24 GMT

The OS to iLO role to privilege mapping is static and does not allow you to create an OA "operator" account that can reset iLO. Only OA "administrator" accounts will have the necessary privilege (configure iLO), and they will also have full rights on iLO.

You may need to create separate accounts on iLO to meet the requirement.