HPE Community
Server Management - Remote Server Management
1830338 Members
2380 Online
110001 Solutions
New Discussion

ILO Active Directory User Name Issue

 
Lane Leverett
New Member

‎02-05-2008 07:18 AM

‎02-05-2008 07:18 AM

Re: ILO Active Directory User Name Issue

I had the same issue and although I cannot login with only the SAMAccountName, I can login with the UPN (i.e. username@domain.com). I only had to change one ActiveX setting based on our previous configuration. So this is what my ActiveX settings look like now that I have made the change:

*********************************************
Allow previously unused ActiveX controls to run without prompt
Disable
Allow Scriptlets
Disable
Automatic prompting for ActiveX controls
Disable
Binary and script behaviors
Enable
Display video and animation on a webpage that does not use external media player
Disable
Download signed ActiveX controls
Prompt
Download unsigned ActiveX controls
Disable
Initialize and script ActiveX controls not marked as safe for scripting
Prompt
Run ActiveX controls and plug-ins
Enable
Script ActiveX controls marked as safe for scripting*
Enable
*********************************************

The only one I change from our default settings was "Initialize and script ActiveX controls not marked as safe for scripting" from "Disable" to "Prompt".

I am also running the schema free option.

Thanks,

Lane Leverett
0 Kudos
Reply
Jen S.
New Member

‎07-12-2010 05:48 PM

‎07-12-2010 05:48 PM

Re: ILO Active Directory User Name Issue

Since I kept finding this thread when I tried to resolve this issue myself, I figured I'd update it with my solution.

To obtain the DOMAIN\userid login, I added both the distinguished name for my security group OU and the distinguished name for my users OU to the "Directory User Context" options. The distinguished name for the security group itself was added to the group accounts section. Also, Active X has to be set to at least prompt as mentioned in another post here, and Directory Server Address must be set to the DNS name, not the IP. Hope this helps someone! :)
0 Kudos
Reply
Matthew Thyer
Occasional Advisor

‎10-22-2010 04:04 PM

‎10-22-2010 04:04 PM

Re: ILO Active Directory User Name Issue

Is there a configuration possible where I can login with my userid (SAMaccountname) using the default schema and without ActiveX ? (e.g. from FireFox or other Linux browsers ?)
0 Kudos
Reply
trilee2
Occasional Advisor

‎10-22-2010 04:10 PM

‎10-22-2010 04:10 PM

Re: ILO Active Directory User Name Issue

You can telnet or SSH to the ILO if you have it setup in the web interface. Problem is there is different syntax for that user name possible and it really quirky. The other problem is the command syntax is not at all intuitive one you're in there.
0 Kudos
Reply
Matthew Thyer
Occasional Advisor

‎10-22-2010 04:40 PM

‎10-22-2010 04:40 PM

Re: ILO Active Directory User Name Issue

So there is no Web access method using the default schema that will let me login using my userid unless I have ActiveX ?

This is a pain for many environments that have ActiveX locked down.
0 Kudos
Reply
Matthew Thyer
Occasional Advisor

‎10-22-2010 04:55 PM

‎10-22-2010 04:55 PM

Re: ILO Active Directory User Name Issue

I should make it clear that my typical users will be using IE7 or IE8 on Windows XP or Windows 7 (or Server 2003, 2003 R2, 2008, 2008 R2). But some will use FireFox on Windows and some may want to login from Linux, Mac, BSD etc.

My goal is to achieve Web interface login to allow power management, remote console, virtual media etc to iLO2 & iLO3 (looking at iLO2 first). I'm aware of the new licencing model for newer servers.

I would like to avoid ActiveX as a requirement as that limits us and requires us to have our configuration set to allow running of ActiveX controls.
0 Kudos
Reply
Matthew Thyer
Occasional Advisor

‎10-22-2010 05:41 PM

‎10-22-2010 05:41 PM

Re: ILO Active Directory User Name Issue

I have logins working using fully distinguished names so my directory server and group settings are valid. I now need to get them working using just a userid (Sam Account Name?) and I'd prefer not have to use ActiveX. I definitely limited to the default schema.
0 Kudos
Reply
Matthew Thyer
Occasional Advisor

‎10-22-2010 06:30 PM

‎10-22-2010 06:30 PM

Re: ILO Active Directory User Name Issue

I have now got logins working just using the canonical name part of my fully distinguished name. I did this with the correct "Directory User Context 1" for what you see after the CN= part of your account when you query the domain with "dsquery user -name blah*".

Note that you need to prefix a comma with the back slash character (i.e. the same way your CN= part of your fully distinguished name is displayed when you query the domain with "dsquery user -name blah*".

I still can't get logins working with just my userid with IE8 with ActiveX controls allowed even though I have put what I should into "Directory User Context 2" for our domain.

It seems that this is the best that can be done.
0 Kudos
Reply
Matthew Thyer
Occasional Advisor

‎10-22-2010 10:23 PM

‎10-22-2010 10:23 PM

Re: ILO Active Directory User Name Issue

Login using a username of the form domain\samaccountname does work with IE8 and iLO2 v1.80 and v2.01 as long as I have a Directory User Context set with "@dns-domain.com".

Thanks to me for being persistent!
0 Kudos
Reply
Fohovlegotz
New Member

‎03-12-2015 06:24 AM

‎03-12-2015 06:24 AM

Re: ILO Active Directory User Name Issue

Your organization my have ActiveX settings lessened in different zones.  When connecting to your ilo card via a web browser use the fqdn name of the card.  This resolved this issue for us.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.