- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: ILO AD Authentication...
Server Management - Remote Server Management
1753297
Members
6659
Online
108792
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-02-2006 09:10 AM
тАО06-02-2006 09:10 AM
ILO AD Authentication...
I spent that past hour read the previous posts on this forum regarding this topic and still am having issues.
Here is my situation:
DL585 w/ ILO running firmware 1.82.
I want to use this with the default schema.
I put in the domain controller name, the Directory context (OU=USR,OU=LOC,DC=xx,DC=xxxxx,DC=com) and then went in and setup the Administrator group and User group.
When I run the test I either get:
Unable to authenticate test user me.user@xxxxxxx.com [Invalid credentials]
or
Unable to authenticate test user xx\userme [User Object not found]
or
Unable to authenticate test user userme@xx.xxxxxx.com
and finally
Unable to authenticate test user CN=userme,OU=USR,OU=LOC,DC=xx,DC=xxxxxxxx,DC=com [No login rights]
Any ideas? Thanks
Here is my situation:
DL585 w/ ILO running firmware 1.82.
I want to use this with the default schema.
I put in the domain controller name, the Directory context (OU=USR,OU=LOC,DC=xx,DC=xxxxx,DC=com) and then went in and setup the Administrator group and User group.
When I run the test I either get:
Unable to authenticate test user me.user@xxxxxxx.com [Invalid credentials]
or
Unable to authenticate test user xx\userme [User Object not found]
or
Unable to authenticate test user userme@xx.xxxxxx.com
and finally
Unable to authenticate test user CN=userme,OU=USR,OU=LOC,DC=xx,DC=xxxxxxxx,DC=com [No login rights]
Any ideas? Thanks
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-03-2006 01:52 AM
тАО06-03-2006 01:52 AM
Re: ILO AD Authentication...
Hi,
The iLO configuration needs to specify the full distinguished name. When the AD object for the iLO is created and the iLO is configured manually, it is easy to not provide the correct syntax for the full distinguished name.
To configure the iLOs and to create the objects in AD is to use the Lights Out Migration tool to create the AD objects and configure the iLOs (RILOEs). The utility takes the user through the process of creating object names, adding them to AD and configuring the objects to work with AD. It is the third program in the iLO/AD package that can be downloaded.
For more info check http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf?jumpid=reg_R1002_USEN
Minimum flexibility requires entry of the fully distinguished name and password to login. The user must be a member of a group that is allowed access to the iLO/RILOE.
Better flexibility requires that the Directory User Context be written to the iLO/RILOE II. When the user types in the the login name, the iLO concatenates the login name and Directory Search context then sends the request to the AD to find out what access (if any) that account has. The login name is actually the CN portion of the distinguished name that designates the account. This can be different than the account name in the AD as well as the usernames in DOMAINNAME\username and username@domain.ext.
Maximum flexibility requires that ActiveX controls be allowed, the use of the directory's DNS name when configuring the iLO, and that the client and iLO can both resolve the directory's DNS name to an IP address. With those conditions met, the user may also use the DOMAINNAME\username and username@domain.ext formats to login. In that case, the iLO resolves the domain name and sends the request to the correct directory.
Chill
RaMpaNTe
The iLO configuration needs to specify the full distinguished name. When the AD object for the iLO is created and the iLO is configured manually, it is easy to not provide the correct syntax for the full distinguished name.
To configure the iLOs and to create the objects in AD is to use the Lights Out Migration tool to create the AD objects and configure the iLOs (RILOEs). The utility takes the user through the process of creating object names, adding them to AD and configuring the objects to work with AD. It is the third program in the iLO/AD package that can be downloaded.
For more info check http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf?jumpid=reg_R1002_USEN
Minimum flexibility requires entry of the fully distinguished name and password to login. The user must be a member of a group that is allowed access to the iLO/RILOE.
Better flexibility requires that the Directory User Context be written to the iLO/RILOE II. When the user types in the the login name, the iLO concatenates the login name and Directory Search context then sends the request to the AD to find out what access (if any) that account has. The login name is actually the CN portion of the distinguished name that designates the account. This can be different than the account name in the AD as well as the usernames in DOMAINNAME\username and username@domain.ext.
Maximum flexibility requires that ActiveX controls be allowed, the use of the directory's DNS name when configuring the iLO, and that the client and iLO can both resolve the directory's DNS name to an IP address. With those conditions met, the user may also use the DOMAINNAME\username and username@domain.ext formats to login. In that case, the iLO resolves the domain name and sends the request to the correct directory.
Chill
RaMpaNTe
You heve a question... I have an aswer!!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-29-2007 04:38 PM
тАО03-29-2007 04:38 PM
Re: ILO AD Authentication...
I have ilo fw 1.82. I am trying to setup schema free integration. I can login with
fqdn and user name but not with domain\username or UPN name. In both cases I get [User Object Not Found] error.
I am using hostname in the directory servers field and activex controls are enabled. Hostname is be resolved from both ilo and the client. Still the problem persists. What could be the problem ?
fqdn and user name but not with domain\username or UPN name. In both cases I get [User Object Not Found] error.
I am using hostname in the directory servers field and activex controls are enabled. Hostname is be resolved from both ilo and the client. Still the problem persists. What could be the problem ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-01-2007 03:37 PM
тАО04-01-2007 03:37 PM
Re: ILO AD Authentication...
Just want to add.
Assumptions
1.Domain name : xxxxxx.com
2.Active directory server IP address : 15.70.179.104
3.user's full name in Active directory :lango s
4.user's login name : lango
Check iLO Network settings
1.Login to iLO browser Interface
2.Goto "Administration->Network Settings".
3.Configure "Primary DNS server" with IP address "15.70.179.104".
4.Configure Domain name with "xxxxxx.com".
If this configuration is not done,"loginname@domain.com(lango@xxxxxx.com" and "xxxxxx\lango" is not
going to work as expected.
About Directory test settings page
In iLO browser Interface
1."Test settings" page under "Administration->Directory settings" can only be used for short name(lango s) and
Full distinguished name(CN=lango s,CN=Users,DC=xxxxxx,DC=com)
This cannot be used for "login@domain.com"(lango@xxxxxx.com) and "domain\loginname"(xxxxxx\lango).
Login failing with Full distinguished name
Ex: CN=lango s,CN=Users,DC=xxxxxx,DC=com
If the directory user login fails,this could be an issue with
mismatch in the Group configuration in iLO as compared to
Group configutation in Active directory.
Assumptions
1.Domain name : xxxxxx.com
2.Active directory server IP address : 15.70.179.104
3.user's full name in Active directory :lango s
4.user's login name : lango
Check iLO Network settings
1.Login to iLO browser Interface
2.Goto "Administration->Network Settings".
3.Configure "Primary DNS server" with IP address "15.70.179.104".
4.Configure Domain name with "xxxxxx.com".
If this configuration is not done,"loginname@domain.com(lango@xxxxxx.com" and "xxxxxx\lango" is not
going to work as expected.
About Directory test settings page
In iLO browser Interface
1."Test settings" page under "Administration->Directory settings" can only be used for short name(lango s) and
Full distinguished name(CN=lango s,CN=Users,DC=xxxxxx,DC=com)
This cannot be used for "login@domain.com"(lango@xxxxxx.com) and "domain\loginname"(xxxxxx\lango).
Login failing with Full distinguished name
Ex: CN=lango s,CN=Users,DC=xxxxxx,DC=com
If the directory user login fails,this could be an issue with
mismatch in the Group configuration in iLO as compared to
Group configutation in Active directory.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP