- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: ILO with AD integration
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2008 09:33 PM
тАО03-13-2008 09:33 PM
Re: ILO with AD integration
2.Click on "Security" tab" (Present on the left hand side).
3.Click on "Directory".This will display the directory settings.
4.There is a "Test Settings" tab at the bottom.
Hope this information helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2008 06:44 AM
тАО03-14-2008 06:44 AM
Re: ILO with AD integration
Ok so I know I am very close. I am failing on the test at the following
Test Log
Initiating Directory Settings diagnostic for server Testserver
Directory Server address Testserver resolved to 10.10.10.2
Accepting Directory Server certificate for /CN=Testserver.ad.test.com signed by /DC=com/DC=test/DC=ad/CN=Lab Root CA
Unable to authenticate test user dan [Invalid credentials]
Ceasing tests.
now dan is a domain admin and the administrator group in directory is setup as CN=Domain Admins,CN=Users,DC=ad,DC=test,DC=com. on the previous screen there is the Directory User Context 1: line that the directions say to put in an entry but I don't have one in there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-17-2008 03:56 AM
тАО03-17-2008 03:56 AM
Re: ILO with AD integration
Assuming
1.Full name of the user : sriv s
2.Login name : sriv
Question
What is the format of the login name you
are trying to use for "Test Settings".
Is it
1.short name
Ex : sriv s
2.Distinguished name
Ex : CN=sriv s,CN=Users,DC=mycompu,DC=com
3.loginname@domain.com format
Ex : sriv@mycompu.com
4.Netbios name
Ex : mycompu/sriv
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-17-2008 04:39 AM
тАО03-17-2008 04:39 AM
Re: ILO with AD integration
Ex : mycompu/sriv or test.com/testuser. In reality I was hoping to be able to just user testuser but not sure if that is possible or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-18-2008 08:44 AM
тАО03-18-2008 08:44 AM
Re: ILO with AD integration
CN=testuser,DC=test,DC=com
(Distinguished name)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2008 10:56 AM
тАО03-19-2008 10:56 AM
Re: ILO with AD integration
the name of the display name of the account I am testing is Test, Dan the account name is dtest
The user is a mamber if the domain admins group. so in AD the user full name is Test, Dan
In the directory settings screen, I have the correct server fully quallified, the port 636 and Directory User Context 1 set to CN=Users,DC=ad,DC=test,DC=com
Now I go into the administer groups page and select custom1. in there I add CN=Domain Admins,CN=Users,DC=ad,DC=test,DC=com and allowed for all items
So I tried testing the following combonations with no luck
CN=Test Dan,CN=Domain Admins,CN=Users,DC=ad,DC=test,DC=com
CN=Dan Test,CN=Domain Admins,CN=Users,DC=ad,DC=test,DC=com
CN=dtest,CN=Domain Admins,CN=Users,DC=ad,DC=test,DC=com
CN=Test Dan,DC=ad,DC=test,DC=com
CN=dtest,DC=ad,DC=test,DC=com
After trying all of these I still fail on User Authentication
Results
Overall Status: Problem Detected
--------------------------------------------------------------------------------
Test Description Status
Ping Directory Server Passed
Directory Server IP Address Not run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Not run
Directory Administrator login Not run
User Authentication Failed
User Authorization Not run
Directory User Context 1 Not run
Directory User Context 2 Not run
Directory User Context 3 Not run
LOM Object exists Not run
LOM Object password Not run
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-17-2009 07:56 AM - last edited on тАО11-13-2020 04:17 AM by Vajith V
тАО07-17-2009 07:56 AM - last edited on тАО11-13-2020 04:17 AM by Vajith V
Re: ILO with AD integration
try this info
http://www.davidstclair.co.uk/Configure-Windows-ADS-Authentication-for-HP-iLO-2-card
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2009 11:54 AM
тАО07-21-2009 11:54 AM
Re: ILO with AD integration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-14-2015 09:56 AM
тАО10-14-2015 09:56 AM
Re: ILO with AD integration
This is an ancient thread, but the forum indicates a recurring theme, so I believe it's worth clarifying what happened here, and giving some details about how the process worked and how it has changed in later versions of iLO.
Unfortunately the correct form of username was never used.
iLO sends exactly what you type to the LDAP server, so it has to be a form that would be supported by Active Directory itself. The LDP.exe tool using "SIMPLE" bind and LDAP SSL port 636 can be used to test or check ldap connection and authentication in the same way iLO does.
If the user full name is "Test, Dan", the distinguished name will typically be "CN=Test, Dan,CN=Domain Admins,CN=Users,DC=ad,DC=test,DC=com" AD servers may require escaping that first comma too.
In the "Active Directory Users and Computers" tool, on the view menu, there's a setting for "Advanced Features", if this setting is enabled, the properties page of user objects will include an "Object" tab, which shows the "canonical name" of the user object. The "CN" of the user object is the last part of that name. It's also displayed next to the user icon on the "General tab"
For normal user logins, iLO can attempt to build a better username using the configured search contexts, by simply appending the context to the entered username.
In this example the "CN=Users,DC=ad,DC=test,DC=com" context would allow you to enter usernames that appear directly in that "Users" container. The "Test, Dan" user does not.
Unfortunately, for iLO 2, the test settings screen cannot use search contexts or alternate forms of the username, so a fully qualified DN like "CN=Test, Dan,CN=Domain Admins,CN=Users,DC=ad,DC=test,DC=com" is required.
On the login page, the pre-windows 2000 user logon name from the "Account" tab of Users & Computers can be used, "adtest\dtest" should work - The direction of the slash does matter.
iLO 2 used a microsoft activeX control in the webpage to do the translation, and was limited by that to web sessions using IE on domain-authenticated workstations.
iLO 3 and iLO 4 do the name translation internally, and no longer require the ActiveX control, and can support "adtest\dtest" or "Test, Dan" forms of user names in the Directory "Test Settings" page and for user login.
- « Previous
-
- 1
- 2
- Next »