Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)

271

272

273

274

275

276

277

278

279

280

Preparing the domain controller for Kerberos support

In a Windows Server environment, Kerberos support is part of the domain controller, and the

Kerberos realm name is usually the domain name converted to uppercase letters.

1. Create and enable computer accounts in the domain directory for each iLO system.

Create the user account in the Active Directory Users and Computers snap-in. For

example:

• iLO hostname: myilo

• Parent domain name: somedomain.net

• iLO domain name (fully qualified): myilo.somedomain.net

2. Ensure that a user account exists in the domain directory for each user who is allowed to

3. Create universal and global user groups in the domain directory.

To set permissions in iLO, you must create a security group in the domain directory. Users

who log in to iLO are granted the sum of the permissions for all groups of which they are a

member. Only universal and global user groups can be used to set permissions. Domain

local groups are not supported.

Generating a keytab file for iLO in a Windows environment

1. Use the Ktpass.exe tool to generate a keytab file and set the shared secret.

For Windows Vista only: See Microsoft hotfix KB960830 and use Ktpass.exe version

6.0.6001.22331 or later.

2. Optional: Use the Setspn command to assign the Kerberos SPN to the iLO system.

3. Optional: Use the Setspn -L <iLO name> command to view the SPN for the iLO system.

Verify that the HTTP/myilo.somedomain.net service is displayed.

More information

Ktpass

Setspn

Error when running Setspn for iLO Kerberos configuration

Failure generating Kerberos Keytab file for iLO Zero Sign In configuration

Ktpass

Syntax

Ktpass [options]

Description

Ktpass generates a binary file called the keytab file, which contains pairs of service principal

names and encrypted passwords for Kerberos authentication.

Parameters

+rndPass

Specifies a random password.

-ptype KRB5_NT_SRV_HST

The principal type. Use the host service instance (KRB5_NT_SRV_HST) type.

-princ <principal name>

Kerberos authentication with iLO 279