Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)

281

282

283

284

285

286

287

288

289

290

Example command

SetSPN -A HTTP/myilo.somedomain.net myilo

The SPN components are case sensitive. The primary (service type) must be in uppercase letters,

for example, (HTTP). The instance (iLO hostname) must be in lowercase letters, for example,

myilo.somedomain.net.

The SetSPN command might display a message about not being able to set the UPN. This is

acceptable because iLO is a service, not a user. You might be prompted to confirm the password

change on the computer object. Click OK to close the window and continue creating the keytab

file.

Verifying that your environment meets the Kerberos authentication time requirement

For Kerberos authentication to function properly, the date and time must be synchronized between

the iLO processor, the KDC, and the client workstation. Set the date and time in iLO with the

server, or obtain the date and time from the network by enabling the SNTP feature in iLO.

Verify that the date and time of the following are set to within 5 minutes of one another:

• The iLO date and time setting

• The client running the web browser

• The servers performing the authentication

More information

Configuring iLO SNTP settings

Configuring Kerberos support in iLO

Using the iLO web interface to configure iLO for Kerberos login

1. Configure the iLO Kerberos-specific parameters.

2. Configure directory groups.

More information

Configuring Kerberos authentication settings in iLO

Adding directory groups

Using XML configuration and control scripts to configure iLO for Kerberos login

Use the following sample scripts as a template for setting the iLO parameters for directories:

• Set_Server_Name.xml shows how to set the iLO hostname.

• Mod_Schemaless_Directory.xml shows how to configure directory groups.

• Mod_Network_Settings.xml shows how to configure SNTP settings.

• Mod_Kerberos_Config.xml shows how to configure Kerberos-specific parameters.

You can download sample XML scripts from http://www.hpe.com/support/ilo4. For more

information, see the iLO scripting and command line guide.

Using the CLI, CLP, or SSH interface to configure iLO for Kerberos login

• iLO Hostname—You can change the iLO hostname in the Hostname property of the

/map1/dnsendpt1 target.

• Directory groups—You can configure directory group names and permissions in the

properties of the /map1/oemhp_dircfg1 target. The group SIDs cannot be configured

through this interface.

Kerberos authentication with iLO 281