HPE Community
BladeSystem - General
1826373 Members
4339 Online
109692 Solutions
New Discussion

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

 
Craig A. Liess
Advisor

‎08-28-2007 01:57 AM

‎08-28-2007 01:57 AM

AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi folks -

We're in the process of bringing up a c7000 blade enclosure and our last task before putting it into production is to configure Active Directory authentication with our Onboard Administrator modules.

At this point, we're just trying to authenticate with a single domain controller, per the OA configuration guide.

Everything appears to be set up correctly (certificate uploaded, search context pointed at the OU where our group resides, domain group created in the OA matching our AD group, etc.)

Both of our OA modules are on v2.02, which I believe is the latest.

All of the troubleshooting steps in the OA guide come back as positive, so I think we're pretty close, just missing something small here.

Any help would be greatly appreciated. Thanks!

-Craig
0 Kudos
Reply
16 REPLIES 16
Raghuarch
Honored Contributor

‎08-28-2007 06:49 AM

‎08-28-2007 06:49 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

Please refer to page 181 it has detailed description of the steps.

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00702815/c00702815.pdf


Regards,
Raghuarch
0 Kudos
Reply
Craig A. Liess
Advisor

‎08-28-2007 06:57 AM

‎08-28-2007 06:57 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

This is exactly what we have been doing..have followed the guide to the letter, just no luck.

There's really no good error reporting for this, either.. it just says "invalid username/password."

-Craig
0 Kudos
Reply
James ~ Happy Dude
Honored Contributor

‎08-28-2007 08:37 AM

‎08-28-2007 08:37 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hello Craig,
Just to make sure, You are using your ACCOUNT NAME(admin profile) to login & not the USERNAME.

Regards,
James.
0 Kudos
Reply
Raghuarch
Honored Contributor

‎08-28-2007 09:59 AM

‎08-28-2007 09:59 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

I am listing some of the possible typo or other error which may occur.

In OA:
verify The IP address is Correct in Directory Server Address.
Verify the Search Context is correct.
Verify the group for which user is member is present under the Directory Groups of OA Page.

In Active Directory.
Verify the user is a member of Valid group.
Verify the user is member of Domain users and the new group you created.

Try installing a certificate this is Optional, LDAP should work even without a certificate.

Regards,
Raghuarch
0 Kudos
Reply
Craig A. Liess
Advisor

‎08-29-2007 02:23 AM

‎08-29-2007 02:23 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

The IP and port are def. correct.

For search context, we're just having it look the default 'Groups' folder, so we're using the following in the Search Context field:

OU=Groups,DC=xxxxxxxxx,DC=com

The group is in 'Directory Groups' and in the above directory path. The accounts we're trying to use are in the AD group (this is the same group we use for other devices, like our IPKVMs, for example.)

Have tried checking the 'Use NT Account Name Mapping' check box as well to no avail.

-Craig
0 Kudos
Reply
Raghuarch
Honored Contributor

‎08-29-2007 06:35 AM

‎08-29-2007 06:35 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

Can you try these.

CN=Groups,DC=xxxxxxxxx,DC=com
or
CN=Users,DC=xxxxxxxxx,DC=com

Regards,
Raghuarch
0 Kudos
Reply
Craig A. Liess
Advisor

‎08-29-2007 08:09 AM

‎08-29-2007 08:09 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

No dice on those, I had already tried them :(

-Craig
0 Kudos
Reply
jmiller_2
New Member

‎09-07-2007 07:11 AM

‎09-07-2007 07:11 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Craig i have this working on 13 chassis, but i am using edirectory. configed as follows...

Directory settings
server address...DNS alias for redundancy
port 636
Search1 ou=group name,ou=city,o=organization
search2 o=organization

Group
cn=my group,ou=groups,ou=city,o=organization
privilege level admin or whatever and then select the components in the bottom

good luck...
0 Kudos
Reply
Craig A. Liess
Advisor

‎09-07-2007 07:22 AM

‎09-07-2007 07:22 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Where are you putting the DN for your group? In the 'Search Context 3' field?

-Craig
0 Kudos
Reply
Craig A. Liess
Advisor

‎09-07-2007 07:27 AM

‎09-07-2007 07:27 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

I tried putting the DN of my group I want to have rights as the name of the Directory Group in the OA, but still no dice.

I wish this had better error trapping, all I get is 'Invalid username/password'.. no idea if I'm even barking up the right tree here!

-Craig
0 Kudos
Reply
Raghuarch
Honored Contributor

‎09-07-2007 07:44 AM

‎09-07-2007 07:44 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

This is not a solution but you can check the for the right tree.

For this you should have iLO Advanced License.

when you configure the directory setting in the
iLO there is a button called test settings. this one will let you know where you are going wrong.

Please refer to the attachment.

Regards,
Raghuarch
0 Kudos
Reply
Craig A. Liess
Advisor

‎09-07-2007 07:58 AM

‎09-07-2007 07:58 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Dang, that looks EXACTLY like what we need. Unfortunately, we don't have any other iLO2 than what is on these bl456s :(

I tried logging into the iLO of one of the blades just to see if I coiuld get to those settings and I can get all the way up until the Directory tab, at which time it tells me I'm not licensed for it.

Bummer!

-Craig
0 Kudos
Reply
Raghuarch
Honored Contributor

‎09-07-2007 08:59 AM

‎09-07-2007 08:59 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

if you have below configuration:
OU=Groups,DC=xxxxxxxxx,DC=com

Try
Search Context 1: OU=Groups, DC=xxxxx,DC=Com
Search Context 2: @xxxxxxx

when you log on try giving the display name of the user.
Example: user1 is the display name for the user1 if it doesn't work.
try giving the logon name: user1@xxxxxx.com

you can get the logon name and display name by right click and select properties on the user in the Directory.

Regards,
Raghuarch
0 Kudos
Reply
jmiller_2
New Member

‎09-10-2007 01:41 AM

‎09-10-2007 01:41 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

The info I gave you earlier was for the OA in the chassis. If you do not have the Lic code for the blade iLo you can't use LDAP to go directly to the blade iLo's. The OA's give you full passthrough authentication to the blades.
0 Kudos
Reply
Raghuarch
Honored Contributor

‎10-05-2007 03:21 AM

‎10-05-2007 03:21 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

Hi Craig,

Did it work what did you try.
It will be helpful if you can share the steps to make it work.

Regards,
Raghuarch
0 Kudos
Reply
Craig A. Liess
Advisor

‎10-09-2007 12:36 AM

‎10-09-2007 12:36 AM

Re: AD/LDAP Integration w/ Onboard Administrator -- Issues

No dice on getting this to work. We've given up and will try again once newer OA firmware comes out.

Every other device we have on our network that we've set up AD or RADIUS support for works like a champ.. except this.

Thanks for trying, though, it is appreciated.

-Craig
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.