HPE Community
Server Management - Remote Server Management
1753366 Members
5856 Online
108792 Solutions
New Discussion юеВ

ILO2 SSO problem

 
sdb_2
Regular Advisor

тАО11-25-2009 05:21 AM

тАО11-25-2009 05:21 AM

ILO2 SSO problem

We are using C7000 enclosures and BL460C blades. On the C7000 ILO's, we defined users for the other teams.
With this users they can log on to the ILO of the enclosure and go to the ILO of one particular blade via SSO.

Is it possible to give this operators enough rights to reset the ILO of the blades, without giving them the "administrator - right"?

I can define users in the ILO2 of our blades, but how can I change settings for the "SSO user" from the enclosure?

Thanks in advance
0 Kudos
Reply
3 REPLIES 3
acartes
Honored Contributor

тАО11-30-2009 07:23 AM

тАО11-30-2009 07:23 AM

Re: ILO2 SSO problem

From the Onboard Administrator, navigate to the Users page, then local users. For each user, there is a matrix of the bays that they have access to, allowing you to restrict certain user accounts from specific bays.

From the same page, the Privilege level can also be configured. This level will translate to corresponding iLO privileges when that account is used to access iLO from the Onboard Adminstrator.
0 Kudos
Reply
sdb_2
Regular Advisor

тАО11-30-2009 11:10 PM

тАО11-30-2009 11:10 PM

Re: ILO2 SSO problem

Thanks, but when I look at this privilege levels, there's only user - operator and administrator.
The user is now an operator, but he can't reset the ILO of the blades.
When I give him the "administrator privilege", he sure can do this but also a lot of other things he shouldn't be able to...

Is there any other way to give the user the right to reset ILO of a blade, while he still is an operator (not an administrator)?
0 Kudos
Reply
acartes
Honored Contributor

тАО12-01-2009 09:17 AM

тАО12-01-2009 09:17 AM

Re: ILO2 SSO problem

The OS to iLO role to privilege mapping is static and does not allow you to create an OA "operator" account that can reset iLO. Only OA "administrator" accounts will have the necessary privilege (configure iLO), and they will also have full rights on iLO.

You may need to create separate accounts on iLO to meet the requirement.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.