Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

ILO Active Directory User Name Issue

Occasional Visitor

ILO Active Directory User Name Issue

I've configured ILO with AD, and can log in when I put my "First name, initial and surname".
Can I configure ILO login page to accept my userid instead i.e. kotek001

Thanks

Kamal
34 REPLIES
Valued Contributor

Re: ILO Active Directory User Name Issue

What is the format of the login name you
are trying to use.
Is it
1.short name
Ex : sriv s
2.Distinguished name
Ex : CN=sriv s,CN=Users,DC=mycompu,DC=com
3.loginname@domain.com format
Ex : sriv@mycompu.com

Is kotek001 is the login name ?
Occasional Visitor

Re: ILO Active Directory User Name Issue

I want to use my login name (userid) i.e kotek001. At the moment I have to use First Name, Initial and Last Name (Kamal K. Kotecha).
I think its the way LDAP works on Active Directory, but I wondered if there was way of changing the setting.
Valued Contributor

Re: ILO Active Directory User Name Issue

I would be interested at seeing a screen shot of your Directory Settings. I also have ILOs configured for AD authentication. If I left the the "Directory User Context #1" field blank, I could only log in with my UserPrincipleName (i.e.userid@domain). Since I put the fully-qualified domain name in "Directory User Context #1", then I only have to enter the SamAccountName (i.e. userid). But in neither case can I log in with First name, Middle Initial, and Surname like you.
Occasional Visitor

Re: ILO Active Directory User Name Issue

Hi

I've attached a word document with screen shots.
As you can see I have configured
Directory User Conext 1 , and 2 with our OU's
I have also done the administrator group setiings.
I can log in as Kamal K. Kotecha , but not kotek001 (my SAMID).

Many Thanks

Kamal
Valued Contributor

Re: ILO Active Directory User Name Issue

I am using the extended schema, not the Default Directory schema like you are. I'm not sure how the default schema works, so I don't have much input. I'll keep watching the thread though.
Occasional Visitor

Re: ILO Active Directory User Name Issue

Thankyou !
Honored Contributor

Re: ILO Active Directory User Name Issue

Try configuring the user search contexts. You can also verify that these are working on the Directory Tests page.

For example, if you can log in as kotek001@domain
you might want to add the search context @domain.

This should also work with the default schema mode.
Honored Contributor

Re: ILO Active Directory User Name Issue

Try configuring the user search contexts. You can also verify that these are working on the Directory Tests page.

For example, if you can log in as kotek001@domain
you might want to add the search context @domain.
There are some suggestions that you should consult on the Directory Settings help page.

This should also work with the default schema mode.

Valued Contributor

Re: ILO Active Directory User Name Issue

Try to configure iLO manually by following the steps below
Please configure iLO with the appropriate directory settings and Group
distinguished name.


1.Logon to iLO with the appropriate login and password.
2.Click Administration->Directory settings.
3.Configure "directory settings" with appropriate parameters as under
1.Directory Server address
Ex : dlilo1.india.hp.com
2.LDAP port as "636".
3.Fill in appropriate "Directory User Context 1
Ex:CN=Users,DC=mycompu,DC=com
4.Click "Apply Settings" to save the directory settings.

5.Repeat "Step 2" to go back to directory
settings page.
4.Now click on "Administer Groups".
5.Select the appropriate group.
Ex : custom1
6.Fill in the Group distinguished name.
Ex : CN=newgroup,CN=Users,DC=mycompu,DC=com
NOTE : Please don't give any extra space.
7.Enable the appropriate access rights for this group.

8.Click on "Save Group Information" save the group settings.

Please ensure the following.
1.In windows Active directory setup
the same group(Ex:newgroup) exists.
2.User who tries to login to iLO is
present in this group.

Occasional Visitor

Re: ILO Active Directory User Name Issue

I can get ILO to work with the default directory, as you have suggested.
BUT i can't get it to work with my SAM_ID.
I have to use my full name,Kamal K. Kotecha not my SAM_ID (user_id) kotek001.
The contexts etc have all been set.
I wondered if there was a way of configuring my sam_id to be the primary identifier.

Thanks

Re: ILO Active Directory User Name Issue

Was this issue ever resolved? My company is having the exact same problem, AD authentication works but only using the full display name not the actual userid.
Honored Contributor

Re: ILO Active Directory User Name Issue

We can log in either with our AD name (first name, last name) or our userid. However, for the userid to work, it must be in this format:
domain\userid

Re: ILO Active Directory User Name Issue

What did you configure to allow the "User logon name" attribute to pass through? I've tried every possible configuration that I can think of with for userid (domain\userid, userid@domain, etc) and things still aren't working. That leads me to think that I haven't configured something correctly. Could you take a screen shot of the directory settings that you are using in the iLO? If there is nothing configured differently then I'm going to guess there is something with the domain attributes of your account that have been configured differently than mine.
Valued Contributor

Re: ILO Active Directory User Name Issue

I have been away from this for a while, but I remember having to set the context as "@.com". Then I could log in with just my user account.

Re: ILO Active Directory User Name Issue

I tried what you suggested and put @domain.com in the "Directory User Context 1:" field but when I test the settings I still get "Unable to authenticate test user t801622a@corp.ads [User Object not found]". Could you confirm the syntax that was used? This is sounding promising :)
Valued Contributor

Re: ILO Active Directory User Name Issue

Not sure which syntax you are referring to. Say the name of our AD domain is "manufacturing.company.com". I set the Directory User Context 1 field to "@manufacturing.company.com". Then at the logon page, you enter your user id, "t801622a" and password.

I think I also remember tinkering around with the AD settings using the test link in the ILO page where the AD settings are configured. I can't remember exactly what I did there or what it looks like, but I think it was useful to me.

Like I said it's been a while since I did this, and I don't have access to these cards anymore - so I'm doing it from memory.
Honored Contributor

Re: ILO Active Directory User Name Issue

Our configuration was a little more complicated than that.

In the LOM Object Distinguished Name, we have the entire AD path for the iLo itself:
Cn=iloname,ou=one,ou=two,ou=etc.,ou=etc, DC=domainname,DC=org

Directory User 1 Context:
CN=Users,DC=domainname,DC=org

Directory User 2 Context:
OU-Administrators (Or however you have it named),OU=etc,OU=etc,DC=domainname,DC=org

Directory User 3 Context:
OU=etc,OU=etc,DC=domainname,DC=org

We are also using HP extended schema.

Re: ILO Active Directory User Name Issue

Thanks for all of the help, it turns out everything was configured correctly but a GPO that was applied to my machines was causing ActiveX to be blocked. The iLO uses an ActiveX call to associate the userid with the user's CN. Once ActiveX was enabled the passthrough worked flawlessly!!
Occasional Contributor

Re: ILO Active Directory User Name Issue

All...I am working on the schema-free iLO AD integration, would it be possible for me to email one of you guys directly if you have this setup? My email is tien@ibx.com.

So far, my test has failed "Unable to Bind to AD".

I've tried using logging with:

short name
long name
domain\username
username@domain.com

Keep telling me that unable to connect to directory server.
Trusted Contributor

Re: ILO Active Directory User Name Issue

in the AD server cmd run:

dsquery user username

where username is a known AD username to find out the current and correct DN for the users you want to grant access to ilo.

Then use the correct DN to configure the iLO with the ILO directories migration utility.

please let know.
Advisor

Re: ILO Active Directory User Name Issue

Hi,
I have tried all but still I can not log-in using SAMaccount name (shortname). I am also using schema free configuration.

Is there any solution to use short names in ILO login?

Thanks.
Occasional Visitor

Re: ILO Active Directory User Name Issue

I have been unable to use the short account name (Pre-Win2K name) too. Instead we found out that ILO uses the Directory Name (different from the Display Name). So you either have to login using that ("Fred Flintstone", quotation marks needed) or rename the account to match the Pre-Win2K name.
Honored Contributor

Re: ILO Active Directory User Name Issue

OR use the directory distinguished name syntax, i.e. cn=Administrator,o=ilo
The fully qualified user object name will work with all directory services.
Occasional Advisor

Re: ILO Active Directory User Name Issue

Kamal and Scott

I have the same situation and we have ActiveX locked down for the users. Can you please tell me the exact settings that has to be enabled for ActiveX to allow just using the SAMAccountName for login.

I have to decided to ENABLE the Unsigned ActiveX Controls and the Initialize ActiveX scripts.
Please advise if this is OK or need more settings.

Thanks
Thiru