- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: KeyTab File Base64 encoding for HPeILO PowerSh...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2020 08:44 AM
тАО03-11-2020 08:44 AM
I've been going down the road to enable Kerberos "Zero Auth" on our HPE Servers' ILO.
I've created the Computer Object in AD, added the SPNs, created the KeyTab and configured the Kerberos Auth config. Uploading the KeyTab via the Browser works fine and enables SSO.
Now wanting to automate this, using the HPeILO-CMDlets, everything works well except uploading the KeyTab file.
Apparently HPe expects this as Base64:
-Keytab <string[]> Specifies the contents of the keytab file which is a binary file containing pairs of principals and encrypted passwords. In the Windows environment, the keytab file is generated with a ktpass utility. After generating a binary keytab file using the appropriate utility, use a Base64 encoder to convert the binary file to ASCII format. Place the Base64 contents between: -----BEGIN KEYTAB----- and -----END KEYTAB-----.</string[]>
So I took the ktpass keytab and parsed this to Binary then to Base64
$keytab = Get-Content .\ILO.keytab
$keytab looks like this:
U
DOMAIN.LOCAL HTTP hostname.domain.local V├│├н├И├Л тАУ┬н┬н┬▒┬░├С┬╢┼а
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($keytab)
$keytabBase64 =[Convert]::ToBase64String($Bytes)
$keytabBase64
$keytabUpload =@"
-----BEGIN KEYTAB-----
$keytabBase64
-----END KEYTAB-----
"@
Trying to upload like so
$session | Set-HPEiLOKerberosConfig -KerberosEnabled Yes -Realm DOMAIN.LOCAL -KDCAddress DOMAIN.LOCAL -KDCPort 88 -Keytab $keytabUpload
I'm getting the following Error:
Keytab Error, Keytab not properly encoded.
Again, using the same, original ILO.keytab and uploading it into the Config via the Web UI works. So the original file is good.
I assume I'm doing something wrong with the base64 encoding but I'm not sure what. Any help is greatly appreciated
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-21-2020 10:44 PM - edited тАО03-21-2020 10:52 PM
тАО03-21-2020 10:44 PM - edited тАО03-21-2020 10:52 PM
Re: KeyTab File Base64 encoding for HPeILO PowerShell Kerberos Configuration
Please refer to the below Advisory,
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-a00088213en_us
Refer to the User Guide at: Configuring Kerberos authentication settings in iLO
https://support.hpe.com/hpesc/public/docDisplay?docId=a00018324en_us
Let us know if any user guide is being followed, if yes, please share the link for the User Guide that is being followed.
Thank you
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2020 05:23 AM
тАО03-24-2020 05:23 AM
SolutionFound a Solution thanks to Reddit.
Get-Content has a switch to import straight as Byte, which can be turned into Base64 and then uploaded using the HPEILO CMDLets:
$keytab = Get-Content .\$ILO.keytab -Encoding Byte
$keytabBase64 =[Convert]::ToBase64String($keytab)
$keytabBase64
$keytabUpload ="-----BEGIN KEYTAB-----
$keytabBase64
-----END KEYTAB-----"
$session | Set-HPEiLOKerberosConfig -KerberosEnabled Yes -Realm DOMAIN.COM -KDCAddress DOMAIN.COM -KDCPort 88 -Keytab $keytabUpload