- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- iLo Default Schema AD Cofiguration help
ProLiant Servers (ML,DL,SL)
1753894
Members
7277
Online
108809
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2009 01:26 PM
04-21-2009 01:26 PM
iLo Default Schema AD Cofiguration help
Ok, so I have read through many blogs on this and found helpful information but cannot seem to get AD integration to work. I have even called HP and they said they could not help me because I don’t have a software support contract… I have a HW support contract and I thought iLo would fall under that category but that’s another issue.
Anyway, I have 385 G5’s I want to configure to use AD integration; I am using the HP Lights Out Directories Migration Utility to configure the servers. I have created a new group in AD (iLo Admins) and browsed to this group under the section called “Security Group Distinguished Name” In the next section under user context I browsed to “OU=domainname,DC=domainname,DC=org” (not sure is this part is right) When I log into iLo using the default administrator account and go to test the directory settings using my test domain account it fails on user authentication:
I have tried “username” and get an Invalid credentials error, login as username@domainname.org and "domainname\username" and get User object not found. Not sure what I am missing here…. And yes I have added my test user to the iLo group I created.
Any help would be great, I’ve been pulling my hair out on this one
Thanks
-Art
Anyway, I have 385 G5’s I want to configure to use AD integration; I am using the HP Lights Out Directories Migration Utility to configure the servers. I have created a new group in AD (iLo Admins) and browsed to this group under the section called “Security Group Distinguished Name” In the next section under user context I browsed to “OU=domainname,DC=domainname,DC=org” (not sure is this part is right) When I log into iLo using the default administrator account and go to test the directory settings using my test domain account it fails on user authentication:
I have tried “username” and get an Invalid credentials error, login as username@domainname.org and "domainname\username" and get User object not found. Not sure what I am missing here…. And yes I have added my test user to the iLo group I created.
Any help would be great, I’ve been pulling my hair out on this one
Thanks
-Art
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2009 01:04 AM
04-22-2009 01:04 AM
Re: iLo Default Schema AD Cofiguration help
If you look on the ILO itself, in "directory user context1" it should look like :
[...]OU=,OU=,DC=domainname,DC=org
single domain in a tree
NB! this doesn't point to the group, but to the OU where the group/user resides.
there may be a "CN=" added leading above string.
use "OU=" with self-created OU's, do not use the "built-in" names.
if the test-account is member of the
Pieter
[...]OU=
single domain in a tree
NB! this doesn't point to the group, but to the OU where the group/user resides.
there may be a "CN=
use "OU=
if the test-account is member of the
Pieter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2009 06:43 AM
04-22-2009 06:43 AM
Re: iLo Default Schema AD Cofiguration help
Hi Art,
The user context is the user's distinguished name minus their canonical name. You can get the user's distinguished name from a Windows machine by typing at the command prompt:
dsquery user -samid "login name"
where "login name" is the login account. This will return something to the effect of:
"CN=John Doe,OU=Information Systems,OU=North Region,DC=SomeCompany,DC=com"
Simply remove the "CN=John Doe," from this result and you have your user context.
Good luck!
The user context is the user's distinguished name minus their canonical name. You can get the user's distinguished name from a Windows machine by typing at the command prompt:
dsquery user -samid "login name"
where "login name" is the login account. This will return something to the effect of:
"CN=John Doe,OU=Information Systems,OU=North Region,DC=SomeCompany,DC=com"
Simply remove the "CN=John Doe," from this result and you have your user context.
Good luck!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2009 09:14 AM
04-22-2009 09:14 AM
Re: iLo Default Schema AD Cofiguration help
So, judging by what you guys are saying it looks like everything is how it should be on the iLo side, but I do not even know if it is hitting AD as I do not see and failure audits in my domain controller security logs??
Though when I run the directory test from iLo I get this:
Ping Directory Server Passed
Directory Server IP Address Not run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Not run
Directory Administrator login Not run
User Authentication Failed
With a log like this:
Directory Server address dc.domainname.org resolved to X.X.X.X
Accepting Directory Server certificate for /CN=dc.domainname.org signed by /DC=org/DC=domainname/CN=CERT CA1
Unable to authenticate test user username [Invalid credentials]
Ceasing tests.
Is there something that needs to be configured in Active directory to allow this?
Thanks
-Art
Though when I run the directory test from iLo I get this:
Ping Directory Server Passed
Directory Server IP Address Not run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Not run
Directory Administrator login Not run
User Authentication Failed
With a log like this:
Directory Server address dc.domainname.org resolved to X.X.X.X
Accepting Directory Server certificate for /CN=dc.domainname.org signed by /DC=org/DC=domainname/CN=CERT CA1
Unable to authenticate test user username [Invalid credentials]
Ceasing tests.
Is there something that needs to be configured in Active directory to allow this?
Thanks
-Art
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2009 01:50 AM
09-24-2009 01:50 AM
Re: iLo Default Schema AD Cofiguration help
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP