BladeSystem - General
cancel
Showing results for 
Search instead for 
Did you mean: 

Onboard Administrator, C7000 chasis, Active Directory issue

brice-a
Occasional Advisor

Onboard Administrator, C7000 chasis, Active Directory issue

Overall Test Status Failed
Ping Directory Server Passed
Directory Server IP Address Not Run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
User Authentication Passed
User Authorization Failed

Test user placeholder@domain.com authenticated.
Unable to authorize test user.
Some diagnostics FAILED for server server01
Tests complete.

For some reason I can authenticate, but I cannot get authorized. I'm attempting to use the domain admins group located in the standard users container for my group access. My search contexts appear to work if I authenticate? I'm not sure what the authorization issue is.
10 REPLIES
Raghuarch
Honored Contributor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

is the domain admins group located in the standard users is listed under the OA directory Groups?

refer to Page 169:
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00705292/c00705292.pdf
brice-a
Occasional Advisor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

Yes, I have added a group named Domain Admins to the OA Directory Groups. This didn't seem to make a difference.
Raghuarch
Honored Contributor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

Is your Search Context OK, is it pointed till the Groups where the user is present.
CN=Users, DC=Domain, DC=com or
if the group is in OU try:
OU=OU-Name, CN=Users, DC=Domain, DC=com
brice-a
Occasional Advisor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

I managed to get it working, finally. It works ok, aside from a weird issue when doing a test. If I use the UPN style login (userid@domain.com) the test errors and forces me to log out of OA. Otherwise it works fine, and I can even login using the UPN format. I'm satisfied with the result.
Raghuarch
Honored Contributor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

Yes you are right... OA LDAP allows only one session at any point of time.
If you logged in already and test using the same user it logs out the logged in user.

Of you can try to Login with CLI session it allows only one LDAP session for the same user.
brice-a
Occasional Advisor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

Thanks for the help.
Matt Ronsman
Advisor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

Brice,

I am having the same issue. You never really say what you did to get this working. Care to share?

Thanx,
Matt
brice-a
Occasional Advisor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

Try logging in as the "Full Name" of the account vs using the user name. Don't use the 'test' function to see if it is working -- that is what I was doing wrong. Instead, just log out to test once you think you have the settings right. The 'test' your settings login does work for me now, but only if I use my full name vs the user name -- keep reading...

My full name is Joe Blow Admin vs jblow-a as my user name. Don't get me wrong jblow-a works to login, but it requires an activeX control to work. You're better off using the full name vs the actual user name since this is real LDAP not MS want-to-be LDAP. The password is the same either way.
Ken Henault
Honored Contributor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

Can you give more detail on what ActiveX control you're referring too? Where can I get it?
Ken Henault
Infrastructure Architect
HP
brice-a
Occasional Advisor

Re: Onboard Administrator, C7000 chasis, Active Directory issue

For me it was built into the onboard administrator web page when I tried to login with my account name vs my actual "user name" For instance my account is jblow-a but my name is joe blow. If you type domain\jblow-a or jblow-a@domain.com an active x control pops up for me asking to run. If I type joe blow for my user name and my password it doesn't require this control to work. I don't know if I'm explaining that very well or not.