HPE Community
ProLiant Servers (ML,DL,SL)
1753969 Members
7250 Online
108811 Solutions
New Discussion

Unable to get iLO2 working with Active Directory for authentication

 
btesdall71
New Member

‎07-17-2014 01:35 PM

‎07-17-2014 01:35 PM

Unable to get iLO2 working with Active Directory for authentication

Hi, all,

 

I'm at my wits end.  I'm trying to get an iLO-2 equipped server to use Active Directory for authentication and failing miserably.  I've read dozens of posts and articles and used an HP utility to try to get this set up right and nothing I try is working.

 

This server is a ProLiant DL380 G6, iLO 2 firmware is version 2.25.  I've gone to Administration -> Security -> Directory and set the following:

 

Use Directory Default Schema

Local User Accounts:  Enabled

Directory Server Address:  dmadc01.mydomain.com

Directory Server LDAP Port:  636

 

The security group I am wanting to use is the built-in Domain Admins group in AD.  My account is a member of this group.  The DistinguishedName of this group is CN=Domain Admins,CN=Users,DC=mydomain,DC=com.

 

In "Directory User Context 1:" I have entered CN=Users,DC=mydomain,DC=com.

 

I then click on "Administer Groups", confirm that "Administrator" is highlighted and click View/Modify.  I set the Security Group Distinguished Name as CN=Domain Admins,CN=Users,DC=mydomain,DC=com and set all permissions to Allowed.  I go back to Administration -> Security -> Directory and select Test Settings.  I put in my AD username in for the Test User Name in the format DOMAIN\username and put in my AD password, then click Start Test.

 

All tests pass except for User Authentication which always fails.  The test log indicates the reason as "Invalid Credentials".

 

I have tried using my username as username@mydomain.com and even tried my username as "LastName, FirstName".  I've tried adjusting the search contexts and put in the directory address as an IP and not a hostname.  Nothing is working.

 

The odd part is that we just got a new DL380 Gen8 with iLO 4 and the exact same settings worked fine in it, first try.

 

HELP!

0 Kudos
Reply
1 REPLY 1
waaronb
Respected Contributor

‎07-17-2014 06:02 PM

‎07-17-2014 06:02 PM

Re: Unable to get iLO2 working with Active Directory for authentication

I have my ILO 2 setup kind of similar... here's the settings I have:
directory server address: domain.local (don't put in a specific domain controller address here, just use the domain name and let DNS point it to any controller)
ldap port: 636
security group distinguished name (for Administrators): CN=Administrators,CN=Builtin,DC=domain,DC=local
Directory User Context 1: OU=Users,OU=Accounts,DC=domain,DC=local

We have our user accounts in that Org Unit Accounts\Users, and we're using Administrators instead of "Domain Admins" otherwise it's probably similar enough.

If your user accounts are all in CN=Users,DC=mydomain,DC=com then that's fine, same with the location of the Domain Admins group unless that was moved for some reason.

When logging in, you have to use the full account name like "Joe User", not a short name like "juser" or "joeuser" or whatever you might have set.

Don't use DOMAIN\username to login, unless you've defined that type of login as another directory context. Just "Joe User" (the user's full name) and their password.

It works for me, so be encouraged that it can and does work when properly configured. :)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.