Server Management - Remote Server Management
1748092 Members
5964 Online
108758 Solutions
New Discussion юеВ

Re: Directory authentication at a remote AD site

 
Chuck Reimer
Advisor

Directory authentication at a remote AD site

We are in the process of testing the integration of Riloe/RiloII/ilo's into AD and running into delay when an AD user is authenticated. Currently we set our "Directory Server Address" to the full DNS name of our AD domain for redundancy purposes. One problem I found with this is the DNS resolver will query DNS for the AD domain name which returns all DC's in the domain. The problem is we have DC's at remote sites where the authentication may occur which could be over slow WAN links vs high speed networks in the same AD site. Are there plans to modify the resolver to query for DC's in the same active directory site of the Remote Insight card? If not, how does one request this functionality? TIA
4 REPLIES 4
Junior Yharte
Trusted Contributor

Re: Directory authentication at a remote AD site

At present, there are no plans to change the way iLO looks for the directory server. Since you are only using the domain name, the list of domain controllers that respond is not controlled. I would recommend using the name/address of your directory server instead of the domain name. iLO will accept up to three directory servers to look for upon a request. If the first one listed does not respond, it moves on... Hope this helps.
Chuck Reimer
Advisor

Re: Directory authentication at a remote AD site

Thanks for the reply. I wanted the directory server address to be redundant incase one of the DC's was down during authentication. I was unaware that you can configure multiple addresses. How do you delimit the servernames/addresses in the "Directory Server Address" field? Thanks for you help with this!!!
Tim Martin_8
New Member

Re: Directory authentication at a remote AD site

Did anybody confirm what the delimeter is that can be used between the multiple addresses ?

acartes
Honored Contributor

Re: Directory authentication at a remote AD site

try separating the LDAP hosts with "comma space", for example:

192.168.1.1, 192.168.2.1