HPE Community
BladeSystem - General
1753936 Members
10014 Online
108811 Solutions
New Discussion юеВ

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

 
Craig A. Liess
Advisor

тАО08-28-2007 01:57 AM

тАО08-28-2007 01:57 AM

AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi folks -

We're in the process of bringing up a c7000 blade enclosure and our last task before putting it into production is to configure Active Directory authentication with our Onboard Administrator modules.

At this point, we're just trying to authenticate with a single domain controller, per the OA configuration guide.

Everything appears to be set up correctly (certificate uploaded, search context pointed at the OU where our group resides, domain group created in the OA matching our AD group, etc.)

Both of our OA modules are on v2.02, which I believe is the latest.

All of the troubleshooting steps in the OA guide come back as positive, so I think we're pretty close, just missing something small here.

Any help would be greatly appreciated. Thanks!

-Craig
0 Kudos
Reply
16 REPLIES 16
Raghuarch
Honored Contributor

тАО08-28-2007 06:49 AM

тАО08-28-2007 06:49 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

Please refer to page 181 it has detailed description of the steps.

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00702815/c00702815.pdf


Regards,
Raghuarch
0 Kudos
Reply
Craig A. Liess
Advisor

тАО08-28-2007 06:57 AM

тАО08-28-2007 06:57 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

This is exactly what we have been doing..have followed the guide to the letter, just no luck.

There's really no good error reporting for this, either.. it just says "invalid username/password."

-Craig
0 Kudos
Reply
James ~ Happy Dude
Honored Contributor

тАО08-28-2007 08:37 AM

тАО08-28-2007 08:37 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hello Craig,
Just to make sure, You are using your ACCOUNT NAME(admin profile) to login & not the USERNAME.

Regards,
James.
0 Kudos
Reply
Raghuarch
Honored Contributor

тАО08-28-2007 09:59 AM

тАО08-28-2007 09:59 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

I am listing some of the possible typo or other error which may occur.

In OA:
verify The IP address is Correct in Directory Server Address.
Verify the Search Context is correct.
Verify the group for which user is member is present under the Directory Groups of OA Page.

In Active Directory.
Verify the user is a member of Valid group.
Verify the user is member of Domain users and the new group you created.

Try installing a certificate this is Optional, LDAP should work even without a certificate.

Regards,
Raghuarch
0 Kudos
Reply
Craig A. Liess
Advisor

тАО08-29-2007 02:23 AM

тАО08-29-2007 02:23 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

The IP and port are def. correct.

For search context, we're just having it look the default 'Groups' folder, so we're using the following in the Search Context field:

OU=Groups,DC=xxxxxxxxx,DC=com

The group is in 'Directory Groups' and in the above directory path. The accounts we're trying to use are in the AD group (this is the same group we use for other devices, like our IPKVMs, for example.)

Have tried checking the 'Use NT Account Name Mapping' check box as well to no avail.

-Craig
0 Kudos
Reply
Raghuarch
Honored Contributor

тАО08-29-2007 06:35 AM

тАО08-29-2007 06:35 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

Can you try these.

CN=Groups,DC=xxxxxxxxx,DC=com
or
CN=Users,DC=xxxxxxxxx,DC=com

Regards,
Raghuarch
0 Kudos
Reply
Craig A. Liess
Advisor

тАО08-29-2007 08:09 AM

тАО08-29-2007 08:09 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

No dice on those, I had already tried them :(

-Craig
0 Kudos
Reply
jmiller_2
New Member

тАО09-07-2007 07:11 AM

тАО09-07-2007 07:11 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Craig i have this working on 13 chassis, but i am using edirectory. configed as follows...

Directory settings
server address...DNS alias for redundancy
port 636
Search1 ou=group name,ou=city,o=organization
search2 o=organization

Group
cn=my group,ou=groups,ou=city,o=organization
privilege level admin or whatever and then select the components in the bottom

good luck...
0 Kudos
Reply
Craig A. Liess
Advisor

тАО09-07-2007 07:22 AM

тАО09-07-2007 07:22 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Where are you putting the DN for your group? In the 'Search Context 3' field?

-Craig
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.