ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

iLo Default Schema AD Cofiguration help

aw93332
Occasional Contributor

iLo Default Schema AD Cofiguration help

Ok, so I have read through many blogs on this and found helpful information but cannot seem to get AD integration to work. I have even called HP and they said they could not help me because I don’t have a software support contract… I have a HW support contract and I thought iLo would fall under that category but that’s another issue.

Anyway, I have 385 G5’s I want to configure to use AD integration; I am using the HP Lights Out Directories Migration Utility to configure the servers. I have created a new group in AD (iLo Admins) and browsed to this group under the section called “Security Group Distinguished Name” In the next section under user context I browsed to “OU=domainname,DC=domainname,DC=org” (not sure is this part is right) When I log into iLo using the default administrator account and go to test the directory settings using my test domain account it fails on user authentication:

I have tried “username” and get an Invalid credentials error, login as username@domainname.org and "domainname\username" and get User object not found. Not sure what I am missing here…. And yes I have added my test user to the iLo group I created.

Any help would be great, I’ve been pulling my hair out on this one

Thanks
-Art
4 REPLIES
Pieter 't Hart
Honored Contributor

Re: iLo Default Schema AD Cofiguration help

If you look on the ILO itself, in "directory user context1" it should look like :
[...]OU=,OU=,DC=domainname,DC=org
single domain in a tree

NB! this doesn't point to the group, but to the OU where the group/user resides.
there may be a "CN=" added leading above string.

use "OU=" with self-created OU's, do not use the "built-in" names.

if the test-account is member of the

Pieter
WFHC-WI
Honored Contributor

Re: iLo Default Schema AD Cofiguration help

Hi Art,

The user context is the user's distinguished name minus their canonical name. You can get the user's distinguished name from a Windows machine by typing at the command prompt:

dsquery user -samid "login name"

where "login name" is the login account. This will return something to the effect of:

"CN=John Doe,OU=Information Systems,OU=North Region,DC=SomeCompany,DC=com"

Simply remove the "CN=John Doe," from this result and you have your user context.

Good luck!
aw93332
Occasional Contributor

Re: iLo Default Schema AD Cofiguration help

So, judging by what you guys are saying it looks like everything is how it should be on the iLo side, but I do not even know if it is hitting AD as I do not see and failure audits in my domain controller security logs??

Though when I run the directory test from iLo I get this:

Ping Directory Server Passed
Directory Server IP Address Not run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Not run
Directory Administrator login Not run
User Authentication Failed

With a log like this:

Directory Server address dc.domainname.org resolved to X.X.X.X
Accepting Directory Server certificate for /CN=dc.domainname.org signed by /DC=org/DC=domainname/CN=CERT CA1
Unable to authenticate test user username [Invalid credentials]
Ceasing tests.

Is there something that needs to be configured in Active directory to allow this?

Thanks
-Art
fahd_1
Occasional Visitor

Re: iLo Default Schema AD Cofiguration help