- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: iLO Configuration with Active directory
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2007 06:20 AM
тАО09-25-2007 06:20 AM
I am configuring iLO and AD so that we can do authentication using AD. We have extended the schema in AD for iLO. When we we try to authenticate as an AD user we get the folowing error.
Warning: certificate does not match Directory Server Address 10.64.2.10.
Unable to access directory with LOM Object Password.
I'm not sure why the iLO is looking for the ip address and not the host name.
Thank you in advance for your help.
Best regards,
Larry
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2007 07:19 AM
тАО09-25-2007 07:19 AM
Re: iLO Configuration with Active directory
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2007 07:22 AM
тАО09-25-2007 07:22 AM
Re: iLO Configuration with Active directory
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2007 07:42 AM
тАО09-25-2007 07:42 AM
Re: iLO Configuration with Active directory
try this
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManualтМй=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=18964&prodSeriesId=397989
Go to whitepapers and under that u will find a doc for integrating iLO with AD
Cheers :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2007 02:50 PM
тАО09-25-2007 02:50 PM
SolutionTry Following and also check pg 27 of pdf
********************************************
HP Proliant iLO/RILOE Authentication with MS Active Directory
( Schema-less Configuration ) Schem Free !
Required: HP iLO/RILEO Firmware : v1.91 (or later)
HP iLO/RILEO Configuration
1) Login to the iLO/RILEO as the ├в Administrator├в User
2) Goto the ├в Administration├в tab and select ├в Directory Services├в
3) Configure ├в Directory Settings├в with the following information:
[formatted]
Authentication Settings
├Е┬╛ Use Directory Default Schema
Directory Server Settings
Directory Server Address: servername.HP.com
Directory Server LDAP Port: 636
Select ├в Apply Settings├в (answer ├в Yes/OK├в on any subsequent questions)
[unformatted]
4) Select ├в Administer Groups├в . Highlight ├в Administrator├в and select ├в View/Modify├в
5) Configure the ├в Administrator Group Settings├в with the following information:
Security Group Distinguished Name: CN=Administrators,OU=Groups,DC=HP,DC=com
Administer Group Accounts: Yes
Remote Console Access: Yes
Virtual Power and Reset: Yes
Virtual Media: Yes
Configure iLO Settings: Yes
Select ├в Save Group Information├в
6) Return to the ├в Directory Settings├в Page and select ├в Test Settings├в . Enter a ├в Test User Name├в and ├в Test User Password├в to validate the configuration.
NOTE : Ensure that you use the appropriate Distinguished Name (DN) for the user that you├в re going to test with. Check Active Directory for the appropriate DN for the user container.
[formatted]
Active Directory Users and Computers
- Find the user
- Righ Click on the User Object
- Select ├в Name Mapping ├в ┬ж├в
(Here is where some basic knowledge of directory services is needed as to what to context use ├в CN=Container, OU=Organizational Unit, DC=Domain etc.)
ie: CN=LastName\, FirstName,OU=Users,DC=HP,DC=com
NOTE: Since ├в ,├в are delimiters for a DN, they will need to be escaped with a ├в \├в when being used.
Server Name: servername
iLO name: iLOname
Current User: Administrator
[unformatted]
A successful test will render the following output: [Administration ├в Directory Settings]
Directory Tests
[formatted]
RESULTS
Overall Status Passed
Test Description Status
Ping Directory Server Passed
Directory Server IP address Not run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Passed
Directory Administrator login Not Run
User Authentication Passed
User Authorization Passed
Directory User Context 1 Not Run
Directory User Context 2 Not Run
Directory User Context 3 Not Run
LOM Object exists Not Run
LOM Object password Not Run
[unformatted]
TEST LOG
Directory Server address servername.HP.com resolved to 192.168.1.1
Accepting Directory Server certificate for /servername.HP.com signed by /DC=com/DC=HP/CN=Common Certificate Issuer
Test user CN=LastName\, FirstName,OU=Users,DC=HP,DC=comauthenticated.
Cumulative rights gained:
├В┬╖ Login
├В┬╖ Administer Local User Accounts
├В┬╖ Remote Console Access
├В┬╖ Virtual Power and Reset
├В┬╖ Virtual Media
├В┬╖ Configure Local Device (iLO) Settings
Test Complete.
IE/Web browser Configuration
In order for the IE (ActiveX Control) to translate your Username into the proper Distinguished Name (DN) for the iLO Authentication, the following needs to be configured:
1) Within IE, select ├в Tools ├Г Internet Options├в
2) On the ├в Security├в Tab, select ├в Custom Level├в ┬ж├в
3) Ensure the following is set with regards to ├в ActiveX Controls and Plug- Ins├в
a. Automatic prompting of ActiveX controls: Enable
b. Binary and Script behavior: Enable
c. Download signed ActiveX controls: Prompt
d. Download unsigned ActiveX controls: Prompt
e. Initialize and script ActiveX controls not marked as safe: Prompt
f. Run ActiveX controls and plug-ins: Enable
g. Script ActiveX controls marked safe for scripting: Enable
4) Select ├в OK├в (on any subsequent diaglog boxes).
5) Restart IE and access the iLO
At this point, the configuration is complete for the iLO and IE to be able to accept MS Active Directory accounts for authentication and authorities.
Valid representation of Usernames are:
********************************************
Cheers :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2007 05:20 PM
тАО09-25-2007 05:20 PM
Re: iLO Configuration with Active directory
try this thread
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1005787
regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-26-2007 12:42 AM
тАО09-26-2007 12:42 AM
Re: iLO Configuration with Active directory
Thank you all for your help. We found the problem. We were using the default iLO password to try and logon not the AD password. In addition to that we had the LDAPdn full qualified path wrong. IE: cn=aduser,dc=example,dc=com
again thank you for your help.