- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- ILO Kerberos Sign-In Issues
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2017 07:22 AM
10-02-2017 07:22 AM
ILO Kerberos Sign-In Issues
Hi,
I tried using this video guide to configure kerberos integration for one of our ILO's: https://www.youtube.com/watch?v=rGnm2Kc10J0
Unfortunately it does not seem to be working. A diagnostic tests says the following:
Directory Server DNS Name: Success
Ping Directory Server: Success
Connect to Directory Server: Success
Bind to Directory Server: Success
Directory Administrator Login: Success
User Authorization: Success
Directory User Contexts: Success
I have a suspicion that this error is causing my problem:
Connect using SSL Success Certificate subject OK, verify OK, error code 27 (certificate not trusted), Subject /CN=xxxx.xx.xxxx.xxxx Issued By /DC=root/DC=xxxx/CN=XXXCA1
But - how do I go about making the certificate so that it is trusted?
The ILO already has a certificate installed from the same CA which is used by the Directory Server.
Any clues?
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2017 08:27 AM
10-02-2017 08:27 AM
Re: ILO Kerberos Sign-In Issues
Just to follow up on this.
It looks like almost everything is working as expected, but for some reason it's not able to confirm that the login being used is a member of the appropriate group.
If I deliberately enter a bad password when doing the test then it fails on many of the tests; but when you enter valid credentials everything passes apart from this:
User Authentication Warning Test user ilotest@xxx.xxx.xxx not authenticated, or does not have login rights.
Quite strange. Any ideas would be welcomed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2020 09:30 PM
05-10-2020 09:30 PM
Re: ILO Kerberos Sign-In Issues
Try doing these things.
1. log out of the SUT..
2. Clear the DNS Cache at the Server & restart the DNS
3. Now at the SUT use Alt+ Crtl+ Delete & login..
Using Alt+Crtl+ Delete, it will basically create a new Ticket & it will fix the issue..
Make Sure at the iLO , below things must be set correctly.
Refere the link : https://www.youtube.com/watch?v=rGnm2Kc10J0
Please do check all Time of all Client , Server & ILO must be in sync.. i had this issue if any 1 is not in sync
I work for HPE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2020 07:12 AM - edited 06-12-2020 07:28 AM
06-12-2020 07:12 AM - edited 06-12-2020 07:28 AM
Re: ILO Kerberos Sign-In Issues
1. Setup Domain Controller DNS & AD
Create Both Forward Lookup Zone & Reverse Lookup Zone for the Subnets Used for iLO
2. Install the LDAP Role
3. Install the CA ( Root CA or Enterprise CA) - Import the CA Certificate to the windows Clinet Machine & Install the same.
Path : Open Certificate Authorithy --> Right Click --> your CA --> Properties--> View Certificate & Export
4. Set Group Policy at Domain Controller at Default Domain Policy
PATH : Policies -->Windows Settings-->Security Settings---> Local Policies-->
Uncheck All except "AES128_HMAC_SHA1" & AES256_HMAC_SHA1", Future Encryption Types at
"Network Security: Configure Encryption types allowed for Kerberos" ( Security Policy)
5. Now Follow these steps as per the below link :
https://www.youtube.com/watch?v=rGnm2Kc10J0
For High Security, FIPS & CSNA Generate with Supported Crypto (Command)
Ktpass +rndPass -ptype KRB5_NT_SRV_HST -princHTTP/myilo.somedomain.net@SOMEDOMAIN.NET -mapuser myilo$@somedomain.net-out myilo.keytab -crypto AES256-SHA1
Note : Date & Time Sync must be same for Domain Conrtoller + iLO + Client Machine.
Note : iLO must resolve with Hostname
Please configure the Browser as below
1. Enable authentication in Internet Explorer.
a. Select Tools > Internet options.
b. Click the Advanced tab.
c. Scroll to the Security section.
d. Verify that the Enable Integrated Windows Authentication option is selected.
e. Click OK.
2. Add the iLO domain to the Intranet zone.
a. Select Tools > Internet options.
b. Click the Security tab.
c. Click the Local intranet icon.
d. Click the Sites button.
e. Click the Advanced button.
f. Enter the site to add in the Add this website to the zone box
g. On a corporate network, *.example.net is sufficient.
h. Click Add.
i. Click Close.
j. To close the Local intranet dialog box, click OK.
k. To close the Internet Options dialog box, click OK.
3. Enable the Automatic login only in Intranet zone setting.
a. Select Tools > Internet options.
b. Click the Security tab.
c. Click the Local intranet icon.
d. Click Custom level.
e. Scroll to the User Authentication section.
f. Verify that the Automatic logon only in Intranet zone option is selected.
g. To close the Security Settings — Local Intranet Zone window, click OK.
h. To close the Internet Options dialog box, click OK.
4. If any options were changed in steps 1–3, close and restart Internet Explorer
I work for HPE