Server Management - Remote Server Management
1748124 Members
3227 Online
108758 Solutions
New Discussion юеВ

Re: ILO Active Directory User Name Issue

 
Kamal Kotecha
New Member

Re: ILO Active Directory User Name Issue

I can get ILO to work with the default directory, as you have suggested.
BUT i can't get it to work with my SAM_ID.
I have to use my full name,Kamal K. Kotecha not my SAM_ID (user_id) kotek001.
The contexts etc have all been set.
I wondered if there was a way of configuring my sam_id to be the primary identifier.

Thanks

Scott Huisman
Advisor

Re: ILO Active Directory User Name Issue

Was this issue ever resolved? My company is having the exact same problem, AD authentication works but only using the full display name not the actual userid.
Rancher
Honored Contributor

Re: ILO Active Directory User Name Issue

We can log in either with our AD name (first name, last name) or our userid. However, for the userid to work, it must be in this format:
domain\userid
Scott Huisman
Advisor

Re: ILO Active Directory User Name Issue

What did you configure to allow the "User logon name" attribute to pass through? I've tried every possible configuration that I can think of with for userid (domain\userid, userid@domain, etc) and things still aren't working. That leads me to think that I haven't configured something correctly. Could you take a screen shot of the directory settings that you are using in the iLO? If there is nothing configured differently then I'm going to guess there is something with the domain attributes of your account that have been configured differently than mine.
Scott_278
Valued Contributor

Re: ILO Active Directory User Name Issue

I have been away from this for a while, but I remember having to set the context as "@.com". Then I could log in with just my user account.
Scott Huisman
Advisor

Re: ILO Active Directory User Name Issue

I tried what you suggested and put @domain.com in the "Directory User Context 1:" field but when I test the settings I still get "Unable to authenticate test user t801622a@corp.ads [User Object not found]". Could you confirm the syntax that was used? This is sounding promising :)
Scott_278
Valued Contributor

Re: ILO Active Directory User Name Issue

Not sure which syntax you are referring to. Say the name of our AD domain is "manufacturing.company.com". I set the Directory User Context 1 field to "@manufacturing.company.com". Then at the logon page, you enter your user id, "t801622a" and password.

I think I also remember tinkering around with the AD settings using the test link in the ILO page where the AD settings are configured. I can't remember exactly what I did there or what it looks like, but I think it was useful to me.

Like I said it's been a while since I did this, and I don't have access to these cards anymore - so I'm doing it from memory.
Rancher
Honored Contributor

Re: ILO Active Directory User Name Issue

Our configuration was a little more complicated than that.

In the LOM Object Distinguished Name, we have the entire AD path for the iLo itself:
Cn=iloname,ou=one,ou=two,ou=etc.,ou=etc, DC=domainname,DC=org

Directory User 1 Context:
CN=Users,DC=domainname,DC=org

Directory User 2 Context:
OU-Administrators (Or however you have it named),OU=etc,OU=etc,DC=domainname,DC=org

Directory User 3 Context:
OU=etc,OU=etc,DC=domainname,DC=org

We are also using HP extended schema.

Scott Huisman
Advisor

Re: ILO Active Directory User Name Issue

Thanks for all of the help, it turns out everything was configured correctly but a GPO that was applied to my machines was causing ActiveX to be blocked. The iLO uses an ActiveX call to associate the userid with the user's CN. Once ActiveX was enabled the passthrough worked flawlessly!!
TienDNguyen
Occasional Contributor

Re: ILO Active Directory User Name Issue

All...I am working on the schema-free iLO AD integration, would it be possible for me to email one of you guys directly if you have this setup? My email is tien@ibx.com.

So far, my test has failed "Unable to Bind to AD".

I've tried using logging with:

short name
long name
domain\username
username@domain.com

Keep telling me that unable to connect to directory server.