Server Management - Remote Server Management
1748160 Members
4043 Online
108758 Solutions
New Discussion юеВ

Re: iLO integration with AD

 
passmos
Occasional Contributor

iLO integration with AD

Hi All,

I'm trying to integrate our iLO's, iLO II, RILOE and RILOE II with our AD infrastructure.

I've successfully followed through the installation of the Directory services software, extended the AD schema and installed the relevant snapins. Following that I create two roles (level 1 and level 2) and started teh migration of the iLO devices. The migration utility is pretty straight forward and I managed to take a test sample of iLO's over to AD. Now for the test and the problem!!

It would seem that I can login using my AD login, however the roles I've set up aren't restricting lesser users, it appears that all the roles permissions get added to the device irrespective of what level access they have.

For example USERA is in Level 1 which has permissions to login and remote console only.

USERB is in Level 2 which has full permissions.

Both roles are assigned to iLO1.

When USERA logs in, he has access to everything when he should only have Login and Remote. If I remove the higher role (level 2) then he only has the lower access permissions.

I've tried all sorts to resolve this, firmware upgrades / downgrades, directory software downgrades etc and still can't resolve this issue.

Has anyone ever experienced this?? Do we know of any fixes??

Need help with this as I've got about 400 of these iLO's to do and this is really the only way forward.

Thanks
4 REPLIES 4
pratap m keshava
Trusted Contributor

Re: iLO integration with AD

Are you sure the user USERA is a member of only Level 1 and NOT Level 2? If he is also a member of Level 2 (or some other role with all the previleges), he will get all the permissions assigned to Level 2 along with the permissions assigned to Level 1.
passmos
Occasional Contributor

Re: iLO integration with AD

Hi,

Yes, only Level 1.
acartes
Honored Contributor

Re: iLO integration with AD

Make sure that the user you are using for access is not the same account that created the roles. The creation account implicitly has rights to all roles. Additionally, the role rights are additive: If a user is in multiple roles, they are granted the rights from each role.

Finally, use the Directory Settings tests page. The results should indicate how the rights are granted for a test user.
passmos
Occasional Contributor

Re: iLO integration with AD

Hi All

Thanks for the help so far, however it's still not working as initially thought.. I've gone through the documentation and set up all the roles again and the iLO's but still no luck.. :(

Does anyone else have any ideas?

Thanks