Manualshelf

Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)
71727374757677787980
Directory authentication and authorization
The iLO firmware supports Kerberos authentication with Microsoft Active Directory. It also supports
directory integration with an Active Directory server. When you configure directory integration,
you can use the schema-free option or the HPE Extended Schema. The iLO firmware connects
to directory services by using SSL connections to the directory server LDAP port.
Configuring the authentication and directory server settings is one step in the process of
configuring iLO to use a directory or Kerberos authentication.
For information about setting up your environment to use these features, see “Kerberos
authentication and Directory services” (page 278).
Prerequisites for configuring authentication and directory server settings
Your iLO user account has the Configure iLO Settings privilege.
An iLO license that supports this feature is installed. For more information, see the following
website: http://www.hpe.com/info/ilo/licensing.
The environment is configured to support Kerberos authentication or directory integration.
For more information, see “Kerberos authentication and Directory services” (page 278)
The Kerberos keytab file is available (Kerberos authentication only).
Configuring Kerberos authentication settings in iLO
1. Navigate to the AdministrationSecurityDirectory page.
2. Select the Enabled option for Kerberos Authentication.
3. Select the Enabled option for Local User Accounts if you want to use local user accounts
at the same time as Kerberos authentication.
4. Enter the Kerberos Realm name.
5. Enter the Kerberos KDC Server Address.
6. Enter the Kerberos KDC Server Port.
7. To add the Kerberos Keytab file, click Browse (Internet Explorer or Firefox) or Choose File
(Chrome), and then follow the onscreen instructions.
8. Click Apply Settings.
More information
Local user accounts with Kerberos authentication and directory integration
Kerberos authentication and Directory services
Generating a keytab file for iLO in a Windows environment
Kerberos settings
Kerberos Authentication—This setting enables or disables Kerberos login. If Kerberos
login is enabled and configured correctly, the Zero Sign In button appears on the login page.
Kerberos Realm—The name of the Kerberos realm in which the iLO processor operates.
This value can be up to 128 characters. The realm name is usually the DNS name converted
to uppercase letters. Realm names are case-sensitive.
Kerberos KDC Server Address—The IP address or DNS name of the KDC server. This
value can be up to 128 characters. Each realm must have at least one KDC that contains
an authentication server and a ticket grant server. These servers can be combined.
78 Configuring the iLO security features