Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)

301

302

303

304

305

306

307

308

309

310

the corporate subnet after hours. A more manageable solution is to restrict the Reset role and

the General Use role, as shown in Figure 11 (page 302).

Figure 11 Restricting the Reset and General Use roles

User

General Use

role

Reset role

Assigns Login privilege

IP Restrictions: DENY except to

corporate subnet

Server

Assigns Virtual Power and Reset

privilege AND Login privilege

Time Restriction: Denied Monday

through Friday, 8 a.m. to 5 p.m.

IP Restriction: DENY except to

corporate subnet

Tools for configuring multiple iLO systems at a time

Configuring large numbers of LOM objects for Kerberos authentication and directory services is

time consuming. You can use the following utilities to configure several LOM objects at a time.

• Directories Support for ProLiant Management Processors—This software includes a

GUI that provides a step-by-step approach to configuring Kerberos authentication and

directory services with large numbers of management processors. Hewlett Packard Enterprise

recommends using this tool when you want to configure several management processors.

For more information, see “Directories Support for ProLiant Management Processors utility

(HPLOMIG.exe)” (page 303).

• Traditional import utilities—Administrators familiar with tools such as LDIFDE or the NDS

Import/Export Wizard can use these utilities to import or create LOM device directory objects.

Administrators must still configure the devices manually, but can do so at any time.

Programmatic or scripting interfaces can be used to create LOM device objects in the same

way as users or other objects. For information about attributes and attribute data formats

when you are creating LOM objects, see “Directory services schema” (page 365).

User login using directory services

The Login Name box on the iLO login page accepts directory users and local users.

The maximum length of the login name is 39 characters for local users and 127 characters for

directory users.

When you connect through the diagnostics port (on servers that support this feature), Zero Sign

In and directory user login are not supported and you must use a local account.

• Directory users—The following formats are supported:

LDAP fully distinguished names (Active Directory)

Example: CN=John Smith,CN=Users,DC=HPE,DC=COM, or @HPE.com

◦

The short form of the login name does not notify the directory which domain you are

trying to access. Provide the domain name or use the LDAP DN of your account.

◦ DOMAIN\user name format (Active Directory)

Example: HPE\jsmith

◦ username@domain format (Active Directory)

Example: jsmith@hpe.com

302 Kerberos authentication and Directory services