Home > HP > Server > HP Ilo 3 User Guide

HP Ilo 3 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP Ilo 3 User Guide. The HP manuals for Server are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 161

    Page 161 2.Isyourconfigurationscalable? •No—Deployaninstanceoftheschema-freedirectoryintegrationtoevaluatewhetherthis methodmeetsyourpolicyandproceduralrequirements.Ifnecessary,youcandeployHP schemadirectoryintegrationlater.Formoreinformation,see“Schema-freedirectory integration”(page166). •Yes—UseHPschemadirectoryintegration.Formoreinformation,see“SettingupHP extendedschemadirectoryintegration”(page170). Thefollowingquestionscanhelpyoudeterminewhetheryourconfigurationisscalable:... 
    2.Isyourconfigurationscalable?
•No—Deployaninstanceoftheschema-freedirectoryintegrationtoevaluatewhetherthis
methodmeetsyourpolicyandproceduralrequirements.Ifnecessary,youcandeployHP
schemadirectoryintegrationlater.Formoreinformation,see“Schema-freedirectory
integration”(page166).
•Yes—UseHPschemadirectoryintegration.Formoreinformation,see“SettingupHP
extendedschemadirectoryintegration”(page170).
Thefollowingquestionscanhelpyoudeterminewhetheryourconfigurationisscalable:...

    Page 162

    Page 162 Generatingakeytab ThissectiondescribeshowtogenerateakeytabfileforiLOinaWindowsenvironment. TheiLOhostnamethatyouuseforkeytabgenerationmustbeidenticaltotheconfigurediLOhost name.iLOhostnamesarecasesensitive. 1.Usethektpasscommandtogenerateakeytabandsetthesharedsecret. Thecommandiscasesensitiveandhasspecialcharacters. ktpass -out iloname.keytab +rndPass -ptype KRB5_NT_SRV_HST -mapuser iloname$@example.net -princ HTTP/iloname.example.net@EXAMPLE.NET Theoutputshouldbesimilartothefollowing: Targeting domain... 
    Generatingakeytab
ThissectiondescribeshowtogenerateakeytabfileforiLOinaWindowsenvironment.
TheiLOhostnamethatyouuseforkeytabgenerationmustbeidenticaltotheconfigurediLOhost
name.iLOhostnamesarecasesensitive.
1.Usethektpasscommandtogenerateakeytabandsetthesharedsecret.
Thecommandiscasesensitiveandhasspecialcharacters.
ktpass -out iloname.keytab +rndPass -ptype KRB5_NT_SRV_HST -mapuser
[email protected] -princ HTTP/[email protected]
Theoutputshouldbesimilartothefollowing:
Targeting domain...

    Page 163

    Page 163 Universalandglobalusergroups(forauthorization) TosetpermissionsiniLO,youmustcreateagroupinthedomaindirectory.Userswhologinto iLOaregrantedthesumofthepermissionsforallgroupsofwhichtheyareamember.Only universalandglobalusergroupscanbeusedtosetpermissions.Domainlocalgroupsarenot supported. ConfiguringiLOforKerberoslogin ThissectiondescribestheiLOrequirementsforKerberoslogin.YoucanconfigureiLOforKerberos loginusingtheiLOwebinterface,XMLconfigurationandcontrolscripts,ortheCLI,CLP,orSSH interface.... 
    Universalandglobalusergroups(forauthorization)
TosetpermissionsiniLO,youmustcreateagroupinthedomaindirectory.Userswhologinto
iLOaregrantedthesumofthepermissionsforallgroupsofwhichtheyareamember.Only
universalandglobalusergroupscanbeusedtosetpermissions.Domainlocalgroupsarenot
supported.
ConfiguringiLOforKerberoslogin
ThissectiondescribestheiLOrequirementsforKerberoslogin.YoucanconfigureiLOforKerberos
loginusingtheiLOwebinterface,XMLconfigurationandcontrolscripts,ortheCLI,CLP,orSSH
interface....

    Page 164

    Page 164 UsingXMLconfigurationandcontrolscripts ThefollowingsamplescriptsshowhowtosettheiLOparametersfordirectories: •Set_Server_Name.xmlshowshowtosettheiLOhostname. •Mod_Schemaless_Directory.xmlshowshowtoconfiguredirectorygroups. •Mod_Network_Settings.xmlshowshowtoconfigureSNTPsettings. •Mod_Kerberos_Config.xmlshowshowtoconfigureKerberos-specificparameters. NOTE:YoucandownloadsampleXMLscriptsfromhttp://www.hp.com/support/ilo3.Formore information,seetheHPiLO3ScriptingandCommandLineGuide.... 
    UsingXMLconfigurationandcontrolscripts
ThefollowingsamplescriptsshowhowtosettheiLOparametersfordirectories:
•Set_Server_Name.xmlshowshowtosettheiLOhostname.
•Mod_Schemaless_Directory.xmlshowshowtoconfiguredirectorygroups.
•Mod_Network_Settings.xmlshowshowtoconfigureSNTPsettings.
•Mod_Kerberos_Config.xmlshowshowtoconfigureKerberos-specificparameters.
NOTE:YoucandownloadsampleXMLscriptsfromhttp://www.hp.com/support/ilo3.Formore
information,seetheHPiLO3ScriptingandCommandLineGuide....

    Page 165

    Page 165 1.EnableauthenticationinInternetExplorer: a.SelectTools→InternetOptions. b.ClicktheAdvancedtab. c.ScrolltotheSecuritysection. d.VerifythattheEnableIntegratedWindowsAuthenticationoptionisselected. e.ClickOK. 2.AddtheiLOdomaintotheIntranetzone: a.SelectTools→InternetOptions. b.ClicktheSecuritytab. c.ClicktheLocalintraneticon. d.ClicktheSitesbutton. e.ClicktheAdvancedbutton. f.EnterthesitetoaddintheAddthiswebsitetothezonebox. Onacorporatenetwork,*.example.netissufficient. g.ClickAdd. h.ClickClose.... 
    1.EnableauthenticationinInternetExplorer:
a.SelectTools→InternetOptions.
b.ClicktheAdvancedtab.
c.ScrolltotheSecuritysection.
d.VerifythattheEnableIntegratedWindowsAuthenticationoptionisselected.
e.ClickOK.
2.AddtheiLOdomaintotheIntranetzone:
a.SelectTools→InternetOptions.
b.ClicktheSecuritytab.
c.ClicktheLocalintraneticon.
d.ClicktheSitesbutton.
e.ClicktheAdvancedbutton.
f.EnterthesitetoaddintheAddthiswebsitetothezonebox.
Onacorporatenetwork,*.example.netissufficient.
g.ClickAdd.
h.ClickClose....

    Page 166

    Page 166 Verifyingsinglesign-on(HPZeroSignIn)configuration ToverifythatHPZeroSignInisconfiguredcorrectly: 1.BrowsetotheiLOloginpage(forexample, http://iloname.example.net). 2.ClicktheHPZeroSignInbutton. Ifapromptforcredentialsappears,Kerberosauthenticationhasfailedandthesystemhas revertedtoNTLMauthentication.ClickCancel,andthenrepeattheproceduresin“Configuring singlesign-on”(page164). Loginbyname Toverifythatloginbynameisworkingproperly: 1.BrowsetotheiLOloginpage(forexample, http://iloname.example.net).... 
    Verifyingsinglesign-on(HPZeroSignIn)configuration
ToverifythatHPZeroSignInisconfiguredcorrectly:
1.BrowsetotheiLOloginpage(forexample, http://iloname.example.net).
2.ClicktheHPZeroSignInbutton.
Ifapromptforcredentialsappears,Kerberosauthenticationhasfailedandthesystemhas
revertedtoNTLMauthentication.ClickCancel,andthenrepeattheproceduresin“Configuring
singlesign-on”(page164).
Loginbyname
Toverifythatloginbynameisworkingproperly:
1.BrowsetotheiLOloginpage(forexample, http://iloname.example.net)....

    Page 167

    Page 167 Usingschema-freedirectoryintegrationhasthefollowingdisadvantage: •GroupprivilegesareadministeredoneachiLO.However,thisdisadvantagehasminimal impactbecausegroupprivilegesrarelychange,andthetaskofchanginggroupmembership isadministeredinthedirectoryandnotoneachiLO.HPprovidestoolsthatenableyouto makechangestoalargenumberofiLOsatthesametime. Settingupschema-freedirectoryintegration Ifyouwanttousetheschema-freedirectoryintegrationmethod,yoursystemmustmeetthe... 
    Usingschema-freedirectoryintegrationhasthefollowingdisadvantage:
•GroupprivilegesareadministeredoneachiLO.However,thisdisadvantagehasminimal
impactbecausegroupprivilegesrarelychange,andthetaskofchanginggroupmembership
isadministeredinthedirectoryandnotoneachiLO.HPprovidestoolsthatenableyouto
makechangestoalargenumberofiLOsatthesametime.
Settingupschema-freedirectoryintegration
Ifyouwanttousetheschema-freedirectoryintegrationmethod,yoursystemmustmeetthe...

    Page 168

    Page 168 5.ClickFinish,andthenclickCloseandOKtoclosetheremainingdialogboxes. 6.ExpandComputerConfiguration→WindowsSettings→SecuritySettings→PublicKey. 7.Right-clickAutomaticCertificateRequestsSettings,andselectNew→AutomaticCertificate Request. TheAutomaticCertificateRequestSetupwizardstarts. 8.ClickNext. 9.SelecttheDomainControllertemplate,andclickNext. 10.Selectthelistedcertificateauthority(itisthesameCAthatwasdefinedduringtheCertificate Servicesinstallation).ClickNext. 11.ClickFinishtoclosethewizard.... 
    5.ClickFinish,andthenclickCloseandOKtoclosetheremainingdialogboxes.
6.ExpandComputerConfiguration→WindowsSettings→SecuritySettings→PublicKey.
7.Right-clickAutomaticCertificateRequestsSettings,andselectNew→AutomaticCertificate
Request.
TheAutomaticCertificateRequestSetupwizardstarts.
8.ClickNext.
9.SelecttheDomainControllertemplate,andclickNext.
10.Selectthelistedcertificateauthority(itisthesameCAthatwasdefinedduringtheCertificate
Servicesinstallation).ClickNext.
11.ClickFinishtoclosethewizard....

    Page 169

    Page 169 Formoreinformation,see“HPDirectoriesSupportforProLiantManagementProcessorsutility” (page196). Schema-freesetupoptions Theschema-freesetupoptionsarethesame,regardlessofthemethodyouusetoconfigurethe directory. Toreviewtheavailablemethods,see“Schema-freesetupusingtheiLOwebinterface”(page168), “Schema-freesetupusingscripts”(page168),and“Schema-freesetupwithHPDirectoriesSupport forProLiantManagementProcessors”(page168). Afteryouenabledirectoriesandselecttheschema-freeoption,youhavethefollowingoptions:... 
    Formoreinformation,see“HPDirectoriesSupportforProLiantManagementProcessorsutility”
(page196).
Schema-freesetupoptions
Theschema-freesetupoptionsarethesame,regardlessofthemethodyouusetoconfigurethe
directory.
Toreviewtheavailablemethods,see“Schema-freesetupusingtheiLOwebinterface”(page168),
“Schema-freesetupusingscripts”(page168),and“Schema-freesetupwithHPDirectoriesSupport
forProLiantManagementProcessors”(page168).
Afteryouenabledirectoriesandselecttheschema-freeoption,youhavethefollowingoptions:...

    Page 170

    Page 170 Whenyouareusingtrusteeordirectoryrightsassignmentstoextendrolemembership,usersmust beabletoreadtheobjectthatrepresentstheiLOdevice.Someenvironmentsrequirethatthe trusteesofarolealsobereadtrusteesoftheobjecttosuccessfullyauthenticateusers. SettingupHPextendedschemadirectoryintegration WhenyouareusingHPschemadirectoryintegration,iLOsupportsbothActiveDirectoryand eDirectory.However,thesedirectoryservicesrequirethattheschemabeextended. FeaturessupportedbyHPschemadirectoryintegration... 
    Whenyouareusingtrusteeordirectoryrightsassignmentstoextendrolemembership,usersmust
beabletoreadtheobjectthatrepresentstheiLOdevice.Someenvironmentsrequirethatthe
trusteesofarolealsobereadtrusteesoftheobjecttosuccessfullyauthenticateusers.
SettingupHPextendedschemadirectoryintegration
WhenyouareusingHPschemadirectoryintegration,iLOsupportsbothActiveDirectoryand
eDirectory.However,thesedirectoryservicesrequirethattheschemabeextended.
FeaturessupportedbyHPschemadirectoryintegration...
    Start reading HP Ilo 3 User Guide

    Related Manuals for HP Ilo 3 User Guide

    All HP manuals