Simpler Navigation coming for Servers and Operating Systems
Coming soon: a much simpler Servers and Operating Systems section of the Community. We will combine many of the older boards, and you won't have to click through so many levels to get at the information you need. If you are looking for an older board and do not find it, check the consolidated boards, as the posts are still there.
Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II)
cancel
Showing results for 
Search instead for 
Did you mean: 

AD Authentication for RILOE/iLO

BeeLeng
Frequent Advisor

AD Authentication for RILOE/iLO

Hello,

I'm using the HP Lights-out Directories Migration Utility to configure the RILOE/iLO setting. I have a question regarding the section for Directory Server configuration.

Instead of pointing to a DC IP address or the DC FQDN, is there a way to configure for a domain so that there is redundancy and not depends on just ONE DC information?

If the DC failed, we will have problem login to the RILOE/iLOE.

Thanks!!


regards,
BLeng
5 REPLIES
acartes
Honored Contributor

Re: AD Authentication for RILOE/iLO

If you have a multi-homed domain controller- that is, more than one server, you can use the DNS name of the domain controller instead of the IP address.

If one of the domain controllers goes down and iLO tries to access it by name, it fails over to another domain controller.

This is a good practice for robustness.
BeeLeng
Frequent Advisor

Re: AD Authentication for RILOE/iLO

Thanks Acartes,

First of all, our environment doesn't support multihome Domain Controller.

Furthermore, I understand (pls correct me if I'm wrong) that A "multihomed" domain controller is a computer that has multiple network adapters or that has been configured with multiple IP addresses for a single network adapter. In such case, there is no redundancy when this particular DC is down?

Is it possible to configure the Directory Server section to point to a domain (and it will find the nearest DC to authenticated by itself) or more than 1 DC IP address?

Thanks!!


regards,
BLeng
acartes
Honored Contributor

Re: AD Authentication for RILOE/iLO

You should be able to configure iLO to use the domain as opposed to a specific address. Try this out on a specific iLO first.

When iLO contacts the directory, it performs a DNS lookup on the field entered for the server name. If DNS returns alternate IPs, then iLO will "fail over" to the next address.
acartes
Honored Contributor

Re: AD Authentication for RILOE/iLO

There is an iLO Best Practices whitepaper linked below. You can get to this page from www.hp.com/servers/lights-out then Support then Manuals

http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual〈=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=18964&prodSeriesId=397989

Specifically, within the whitepaper, your concern is discussed on page 23:

Setting up the directory server:
The directory server field can be configured with a DNS name or an IP address. The DNS name can be the DNS name of a single server or the DNS name of a domain. This field can be configured with multiple IP addresses or DNS names separated with a comma or space.
BeeLeng
Frequent Advisor

Re: AD Authentication for RILOE/iLO

Hi Acartes,

thank you very much. That's what I'm looking for.


regards,
BLeng