- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- iLO authentication using default Directory Schema
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2005 05:49 AM
тАО09-20-2005 05:49 AM
iLO authentication using default Directory Schema
i am sure that the test user that i had entered is a valid domain user. what is this 'User Object not foun' really means?
please help.
thanks.
Shu-Chuan Lin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2005 10:59 PM
тАО09-20-2005 10:59 PM
Re: iLO authentication using default Directory Schema
Check if you have given the correct user context in of the user context fields in the directory settings page for the user you are trying to test the directory settings. If you don't give the correct user context, you will get the same error. the format will look like CN=Users,DC=yourdomain,DC=com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2005 01:57 AM
тАО09-21-2005 01:57 AM
Re: iLO authentication using default Directory Schema
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2005 04:55 PM
тАО09-21-2005 04:55 PM
Re: iLO authentication using default Directory Schema
For eg: Say the user "abc" is in the Path "Users" in the Active directory in domain say "yourdomian.com". You need to give the context as CN=Users,DC=yourdomain,DC=com and NOT CN=abc,CN=Users,DC=yourdomain,DC=com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-22-2005 01:29 AM
тАО09-22-2005 01:29 AM
Re: iLO authentication using default Directory Schema
this is the first time we are trying th iLO authentication using default schema. Thank you very much for being patience with me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-22-2005 04:40 PM
тАО09-22-2005 04:40 PM
Re: iLO authentication using default Directory Schema
The error may be because you haven't added the user to any of the groups (either default or customizable) in iLO. Try the following steps
In the Active directory create a group say "testgrp" in "Users". Make the user "abc" a Member of "testgrp".
This can be done by select "testgrp" -> right-click -> select properties. In "members" add the user "abc".
In directory settings page -> "Administer groups". Select one group say "Administrator". In the field "Security Group Distinguished Name" enter CN=testgrp,CN=Users,DC=mydomain,DC=com.
(Make sure there is no extra space in the string) Set appropriate rights (login right is default) for the group "testgrp". These rights will be available for all the members of the group "testgrp". Save the information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-28-2005 02:02 AM
тАО09-28-2005 02:02 AM
Re: iLO authentication using default Directory Schema
I have nearly the same error. I cannot bind to directory server. "Unable to authenticate test user" is the message, credentials invaled. But they are valid :-)
In the Active directory create a group say "testgrp" in "Users". Make the user "abc" a Member of "testgrp".
==> done
In directory settings page -> "Administer groups". Select one group say "Administrator". In the field "Security Group Distinguished Name" enter CN=testgrp,CN=Users,DC=mydomain,DC=com.
==> done
(Make sure there is no extra space in the string) Set appropriate rights (login right is default) for the group "testgrp". These rights will be available for all the members of the group "testgrp". Save the information.
==> done
But I don't know if I have the right config on the Directory settings screen. Perhaps you can help me? I have my actual settings enclosed.
Thank you very much in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-28-2005 05:23 PM
тАО09-28-2005 05:23 PM
Re: iLO authentication using default Directory Schema
You need to enter the Directory user context in one of the 3 User context fields. Say if you have user "abc" in directory "Users" in Active directory, you need to enter in the Directory user context field, CN=abc,CN=Users,DC=yourdomain,DC=com. This should solve the problem as you have done other settings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-30-2005 01:41 AM
тАО09-30-2005 01:41 AM
Re: iLO authentication using default Directory Schema
I've deleted the LOM lines and inserted the context, but still I get the error credentials are invalid.
I took a user who isn't in a iLO-Group and got the error No login rights, so I know, that this works.
But why it tells me the credentials are invalid??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-30-2005 05:42 AM
тАО09-30-2005 05:42 AM
Re: iLO authentication using default Directory Schema
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-03-2005 01:52 AM
тАО10-03-2005 01:52 AM
Re: iLO authentication using default Directory Schema
In the iLO-Help there is written:
==============
Example 3
(Active Directory only)
Microsoft Active Directory allows an alternate user credential format. Search contexts in this format cannot be tested except by successful login using them. A user may login as:
user@domain.hp.com
in which case a search context of
@domain.hp.com
allows the user to login as
user
==============
Is "Active Directory only" only works with HP schema extension or with the schema-less integration also?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2005 11:26 PM
тАО10-30-2005 11:26 PM
Re: iLO authentication using default Directory Schema
When you select "Default Schema" then you dont need the HP Schema objects nor expanding the Active Directory Schema !
The HP Schema expansion, provides you additional benefit of migrating the ILO cards into an OU and link HP Security Roles (which of course being added by the Schema Expansion via HP Tools), and by that gain full ILO management via Active Directory from all aspects.
Sharon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-26-2006 10:56 AM
тАО10-26-2006 10:56 AM
Re: iLO authentication using default Directory Schema
Schema-free works for me when using a CN/Display Name.
Our schema has the HP schema extensions, so I switched an iLo to use them.
After many days of trial and error and fruitless searches, I am stumped.
Logging in with "name@domain.com" or "domain\name" both fail with the same error. Here's the error from the test:
-----
Initiating Directory Settings diagnostic for server dc2.domain.com
Directory Server address dc2.domain.com resolved to 172.24.36.10
Accepting Directory Server certificate for /CN=dc2.domain.com signed by /EMAIL=ca-admin@domain.net/C=US/ST=California/L=Sunnyvale/O=Our Company, Inc./OU=Our Company Certificate Authority/CN=Our Company Root CA
Unable to access directory with LOM Object Password.
Test user user@domain.com authenticated.
Role CN=GOMS-iLo-Access-All,OU=Roles,OU=HP,OU=Common,DC=domain,DC=com
Cumulative rights gained:
None
Unable to authorize test user.
Tests complete.
----------
The only tests that fail are the "LOM Object password" and "User authorization".
I've tried to just login, too, and those logins fail. Only the local "administrator" account defined for the iLo works.
The LOM object obviously exists, and I've tried creating it with no password, the word "password"... Doesn't matter. The user ID is fine, and it works with the schema-free setup.
There is NO documention on this error, there's almost NO documentation on the LOM Object Password usage. There's no help file with guidelines for the LOM objects.
The user ID has FULL rights to the LOM object, based on the role applied.
The LOM object is nested (ie, under a couple of OU's) as are the roles.
I'm at a loss.
Any suggestions welcome!!!
-- Rob --