HPE Community
ProLiant Deployment and Provisioning
1825771 Members
2105 Online
109687 Solutions
New Discussion

HP SMH RHEL 4 LDAP Authentication problems

 
Support Microsoft Serv
Occasional Visitor

‎12-22-2008 08:46 AM

‎12-22-2008 08:46 AM

HP SMH RHEL 4 LDAP Authentication problems

Hi All,

We are running RHEL 4 on Proliant DL380's running PSP 8.12. The System Management Homepage installed in this pack is hpsmh-2.1.12-200.

These machines all authenticate via LDAP to MS Active Directory tree

I have been modifing HP SMH to disable anonymous login and have been trying add an admin group restriction to the smhpd.xml but it will not recognise the LDAP group.

I have tried the full distingished name as well just the short name as below.

SRV-IT-PRODUCTION-UNIX-Services;sysadmin

CN=,OU=LDAP-NIS,OU=Server,OU=Security Groups,OU=Administrative Area,DC=,DC=,DC=local

Has anyone else managed to get HPSMH authenticating to LDAP on Linux ?

Any help would be greatly appreciated.

Rob.
0 Kudos
7 REPLIES 7
Predator
Trusted Contributor

‎12-22-2008 09:02 PM

‎12-22-2008 09:02 PM

Re: HP SMH RHEL 4 LDAP Authentication problems

Hi Rob,

If your LDAP client is authenticating via LDAP server, then if you add *\* to SMH user groups, it will work.
Get back if there is any problem :-)

Thnx
Predator
0 Kudos
Douglas Poland
New Member

‎11-25-2009 12:03 PM

‎11-25-2009 12:03 PM

Re: HP SMH RHEL 4 LDAP Authentication problems

I'm requesting clarification of the response from Predator...

"If your LDAP client is authenticating via LDAP server, then if you add *\* to SMH user groups, it will work."

I tried variations of your suggestion with no success. Let's say my domain is "example.com", and my username is "linuxadmin". Would the syntax be:

\

Is that syntax correct?

When you say add the value to the SMH user groups, are you referring to elements?
0 Kudos
Predator
Trusted Contributor

‎11-25-2009 08:12 PM

‎11-25-2009 08:12 PM

Re: HP SMH RHEL 4 LDAP Authentication problems

Hi,

>>Would the syntax be:
\
Is that syntax correct?

This syntax is correct

>>When you say add the value to the SMH user groups, are you referring to elements?

When you add the above syntax in SMH UI under settings user groups, it will store that value in or .

Thnx
predator
0 Kudos
Douglas Poland
New Member

‎11-30-2009 10:25 AM

‎11-30-2009 10:25 AM

Re: HP SMH RHEL 4 LDAP Authentication problems

Curious,

When I change my smhpd.xml file as follows:

\

and start the daemon:
/etc/init.d/hpsmhpd start,

I get the following message:
Starting hpsmhd: Invalid configuration file (/opt/hp/hpsmh/[FAILED]pd.xml). Ask your system administrator to run "/opt/hp/hpsmh/sbin/smhconfig".

My smhpd.xml file is re-written and the LDAP entries are removed.

I'm running RHEL 4.6 and 5.2 (x64). The SMH page --> HP Version Control Agent reports:

HP System Management Homepage 3.0.2-77

While the HP SIM server says:

Management Protocols HTTP:, SMH:2.0, SNMP:1.0, SSH:SSH-1.99-OpenSSH_3.9p1

So I'm not sure if I'm runnig SMH 2.0 or 3.0. I thought I read somewhere that directory authentication is not available in SMH 2.0.
0 Kudos
Predator
Trusted Contributor

‎11-30-2009 08:46 PM

‎11-30-2009 08:46 PM

Re: HP SMH RHEL 4 LDAP Authentication problems

Hi,

If the xml file is corrupted, during service restart SMH will erase that file and create it with default configurations. This is the way it is designed to work.

You have to edit it like
ldapdomain\ldapuser
donot use "<>" in between

It is better to use the SMH UI to configure these values rather than doing it in the back end.

Thnx
Predator
0 Kudos
Douglas Poland
New Member

‎12-01-2009 07:04 AM

‎12-01-2009 07:04 AM

Re: HP SMH RHEL 4 LDAP Authentication problems

Thank you for the clarification. I tried your suggestion of using the SMH UI to enter the ldap info. Unfortunately, the UI will not accept an entry in the form ldapdomain\ldapuser. It returns an error "Invalid group name".

When I manually enter the ldap credentials in smhpd.xml, I can see the info in the web UI, but still cannot login via AD.

Do you use the form LDAPdomain\LDAPuser
on the SMH Homepage as the User Name ?
0 Kudos
Predator
Trusted Contributor

‎12-01-2009 08:32 PM

‎12-01-2009 08:32 PM

Re: HP SMH RHEL 4 LDAP Authentication problems

Hi,

In SMH UI, you have to add the groupname not the username
ldapdomain\ldapusergroup
Then try to login with the user in that groupname you have added in SMH.
ldapdomain\ldapuser

If the SMH UI is not accepting the usergroup which you have provided means, client is unable to contact the AD you have setup.

Thnx
predator.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.