Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

Ilo + active directory help

SOLVED
Go to Solution
Occasional Visitor

Ilo + active directory help

We are having some issues attaching ilo to our active directory. A valid user can login.

Here is a screenshot of the AD setup. We have a OU for Ilo that we want all users that have Ilo access to go in

http://i27.tinypic.com/4hftoo.jpg

here is our Ilo settings

http://i30.tinypic.com/vqqy50.jpg
http://i29.tinypic.com/2ikw3zc.jpg

Thanks
10 REPLIES
Trusted Contributor

Re: Ilo + active directory help

Your DNS should be able to resolve fsad.fs.fxserver.com. When you ping fsad.fs.fxserver.com or nslookup, it should return 10.100.172.125. If not, DNS is not setup correctly.

The Directory User Context1 needs to point to your users context. If the users are in the Users container, then ie CN=Users,DC=fsad,DC=fs,DC=fxserver,DC=com

Your security groups (2ikw3zc.jpg) needs to point to your group that holds the iLO users.
If the iLO group is in the ILO OU, then
CN=ILOGROUP,OU=ILO,DC=fsad,DC=fs,DC=fxserver,DC=com

Make sure the iLO network setting is pointing to the correct Domain, and DNS server.
Occasional Visitor

Re: Ilo + active directory help

Here is my ILO tab

http://i27.tinypic.com/2q8r6gp.jpg

The user I am trying to auth is "Mike Zupan" with a username of mzupan

That user is not in the User's Container

I tried your settings and no luck yet
Occasional Visitor

Re: Ilo + active directory help

sorry.. here is the log I get

Initiating Directory Settings diagnostic for server 10.100.172.125
Accepting Directory Server certificate for /CN=njnt-tch101.fsad.fs.fxserver.com signed by /DC=com/DC=fxserver/DC=fs/DC=fsad/CN=fsad.fs.fxserver.com
Warning: certificate does not match Directory Server Address 10.100.172.125.
Unable to authenticate test user mzupan [Invalid credentials]
Ceasing tests.
Some diagnostics FAILED for server 10.100.172.125
Occasional Advisor

Re: Ilo + active directory help

Point your Directory User Context to:
OU=ILO,DC=fsad,DC=fs,DC=fxserver,DC=com
(Assuming your user is in ILO OU)

The user you are testing must belong to a security group on the AD, eg ILOAdmin group in your ILO OU, then point your Security Group Distinguished Name to CN=iLOAdmin,OU=ILO,DC=fsad,DC=fs,DC=fxserver,DC=com

God Bless,
LC...
Trusted Contributor

Re: Ilo + active directory help

LC is correct.
Your User context would be:
OU=ILO,DC=fsad,DC=fs,DC=fxserver,DC=com

Your 2ikw3zc.jpg for the Administration group should point to your iLO security group:
CN=iLO,OU=ILO,DC=fsad,DC=fs,DC=fxserver,DC=com
The User Mike Zupan is a member of the iLO security group. Make sure the iLO security group have login rights and what others rights you want to grant him.
Occasional Visitor

Re: Ilo + active directory help

is it a problem that these two tests are not run?

Bind to Directory Server Not run
Directory Administrator login Not run
Occasional Advisor

Re: Ilo + active directory help

As long as you dont get any error, that should be fine.

God Bless,
LC...
Occasional Visitor

Re: Ilo + active directory help

Ok thanks it is working with the full name like "Mike Zupan"

Is there anyway to make it work with the username that is set in AD.. mzupan?
Occasional Advisor

Re: Ilo + active directory help

Try putting mzupan as the Display Name on the AD.

God Bless!
LC...
Regular Advisor

Re: Ilo + active directory help

According to the "log" you posted on the 8th, your not able to get in because your using the IP Address of the ActiveDirectory machine and not the hostname.

The Certificate only has the hostname and not the IP Address.

2 things
1) Make sure DNS is configured on the iLO and the iLO can actually do lookups successfully on the DNS Server
2) Change your "Directory Server" entry from x.x.x.x to mydc.mydomain.com

Then try again.