- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- Unable to get iLO2 working with Active Directory f...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2014 01:35 PM
07-17-2014 01:35 PM
Unable to get iLO2 working with Active Directory for authentication
Hi, all,
I'm at my wits end. I'm trying to get an iLO-2 equipped server to use Active Directory for authentication and failing miserably. I've read dozens of posts and articles and used an HP utility to try to get this set up right and nothing I try is working.
This server is a ProLiant DL380 G6, iLO 2 firmware is version 2.25. I've gone to Administration -> Security -> Directory and set the following:
Use Directory Default Schema
Local User Accounts: Enabled
Directory Server Address: dmadc01.mydomain.com
Directory Server LDAP Port: 636
The security group I am wanting to use is the built-in Domain Admins group in AD. My account is a member of this group. The DistinguishedName of this group is CN=Domain Admins,CN=Users,DC=mydomain,DC=com.
In "Directory User Context 1:" I have entered CN=Users,DC=mydomain,DC=com.
I then click on "Administer Groups", confirm that "Administrator" is highlighted and click View/Modify. I set the Security Group Distinguished Name as CN=Domain Admins,CN=Users,DC=mydomain,DC=com and set all permissions to Allowed. I go back to Administration -> Security -> Directory and select Test Settings. I put in my AD username in for the Test User Name in the format DOMAIN\username and put in my AD password, then click Start Test.
All tests pass except for User Authentication which always fails. The test log indicates the reason as "Invalid Credentials".
I have tried using my username as username@mydomain.com and even tried my username as "LastName, FirstName". I've tried adjusting the search contexts and put in the directory address as an IP and not a hostname. Nothing is working.
The odd part is that we just got a new DL380 Gen8 with iLO 4 and the exact same settings worked fine in it, first try.
HELP!
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2014 06:02 PM
07-17-2014 06:02 PM
Re: Unable to get iLO2 working with Active Directory for authentication
directory server address: domain.local (don't put in a specific domain controller address here, just use the domain name and let DNS point it to any controller)
ldap port: 636
security group distinguished name (for Administrators): CN=Administrators,CN=Builtin,DC=domain,DC=local
Directory User Context 1: OU=Users,OU=Accounts,DC=domain,DC=local
We have our user accounts in that Org Unit Accounts\Users, and we're using Administrators instead of "Domain Admins" otherwise it's probably similar enough.
If your user accounts are all in CN=Users,DC=mydomain,DC=com then that's fine, same with the location of the Domain Admins group unless that was moved for some reason.
When logging in, you have to use the full account name like "Joe User", not a short name like "juser" or "joeuser" or whatever you might have set.
Don't use DOMAIN\username to login, unless you've defined that type of login as another directory context. Just "Joe User" (the user's full name) and their password.
It works for me, so be encouraged that it can and does work when properly configured. :)