User's Manual
Table Of Contents
- HP Remote Insight Lights-Out Edition II User Guide
- Notice
- Contents
- Operational overview
- Installing the RILOE II
- Configuring the RILOE II
- Using the RILOE II
- Accessing RILOE II for the first time
- Features of the RILOE II
- Managing the user and configuration settings of the RILOE II
- Using the Remote Console
- Terminal Services pass-through option
- Using virtual devices
- Resetting the RILOE II to the factory default settings
- Getting help
- Pocket PC access with RILOE II
- RILOE II security
- Systems Insight Manager integration
- Directory services
- Overview of directory integration
- Benefits of directory integration
- How directory integration works
- Advantages and disadvantages of schema-free and HP Extended
- Setup for Schema-free directory integration
- Setting up HP schema directory integration
- Features supported by HP schema directory integration
- Setting up directory services
- Directory services support
- Schema required software
- Schema installer
- Management snap-in installer
- Directory services for Active Directory
- Active Directory Lights-Out management
- Directory services for eDirectory
- User login using directory services
- Directory settings
- Directory-enabled remote management
- Scripting, command line, and utility options
- Overview of the Lights-Out DOS utility
- Lights-Out directories migration utilities
- Compatibility
- Pre-migration checklist
- HP Lights-Out directory package
- HPQLOMIG operation
- Finding management processors
- Upgrading firmware on management processors
- Selecting a directory access method
- Naming management processors
- Configuring directories when HP Extended schema is selected
- Configuring directories when schema-free integration is sele
- Setting up management processors for directories
- HPQLOMGC operation
- Lights-Out Configuration Utility
- Using Perl with the XML scripting interface
- HPONCFG
- Remote Insight command language
- RIBCL sample scripts
- RIBCL general guidelines
- XML header
- Data types
- Response definitions
- RIBCL
- LOGIN
- USER_INFO
- ADD_USER
- DELETE_USER
- GET_USER
- MOD_USER
- GET_ALL_USERS
- GET_ALL_USER_INFO
- RIB_INFO
- RESET_RIB
- GET_NETWORK_SETTINGS
- MOD_NETWORK_SETTINGS
- GET_GLOBAL_SETTINGS
- MOD_GLOBAL_SETTINGS
- CLEAR_EVENTLOG
- UPDATE_RIB_FIRMWARE
- GET_FW_VERSION
- HOTKEY_CONFIG
- DIR_INFO
- GET_DIR_CONFIG
- MOD_DIR_CONFIG
- SERVER_INFO
- RESET_SERVER
- INSERT_VIRTUAL_FLOPPY
- EJECT_VIRTUAL_FLOPPY
- COPY_VIRTUAL_FLOPPY
- GET_VF_STATUS
- SET_VF_STATUS
- GET_HOST_POWER_STATUS
- SET_HOST_POWER
- GET_VPB_CABLE_STATUS
- GET_ALL_CABLES_STATUS
- GET_TWOFACTOR_SETTINGS
- MOD_TWOFACTOR_SETTINGS
- Troubleshooting the RILOE II
- Supported client operating systems and browsers
- Supported hardware and software
- Server PCI Slot and Cable Matrix
- Network connection problems
- Alert and trap problems
- NetWare initialization errors
- Miscellaneous problems
- Accessing System Partition Utilities
- Inability to reboot the server
- Inability to upgrade the RILOE II firmware
- Incorrect time or date of entries in the event log
- Interpreting LED indicators
- Invalid Source IP address
- Login name and password problems
- Remote Console mouse control issue
- Resetting the RILOE II to Factory Default Settings
- Virtual Floppy media applet is unresponsive
- Video Problems
- Troubleshooting the host server
- Directory Services errors
- Directory Services schema
- Technical support
- Regulatory compliance notices
- Acronyms and abbreviations
- Index
Scripting, command line, and utility options 172
</LOGIN>
</RIBCL>
MOD_TWOFACTOR_SETTINGS parameters
All of the following parameters are optional. If a parameter is not specified, then the parameter value for
the specified setting is preserved.
AUTH_TWOFACTOR_ENABLE enables or disables Two-Factor authentication. The possible values are
"Yes" and "No."
CERT_REVOCATION_CHECK causes RILOE II to use the CRL distribution point attribute of the client
certificate, to download the CRL and check against revocation. The possible values are "Yes" and "No."
If this setting is set to Yes, and the CRL cannot be downloaded for any reason, authentication will be
denied.
CERT_OWNER_SAN causes RILOE II to extract the User Principle Name from the Subject Alternative
Name, and use that for authentication with the directory, for example: username@domain.extension.
CERT_OWNER_SUBJECT causes RILOE II to derive the user's distinguished name from the subject name.
For example if the subject name is "/DC=com/DC=domain/OU=organization/CN=user", RILOE II will
derive: "CN=user,OU=organization,DC=domain,DC=com".
The CERT_OWNER_SAN and CERT_OWNER_SUBJECT settings are only used if directory authentication
is enabled.
IMPORT_CA_CERTIFICATE imports the certificate into RILOE II as the trusted Certificate Authority. RILOE II
will only allow client certificates that are issued by this CA. A Trusted CA certificate must be configured in
RILOE II in order for Two-Factor authentication to function.
IMPORT_USER_CERTIFICATE imports the certificate into RILOE II and maps it to the specified local user.
Any client that authenticates with this certificate will authenticate as the local user to which it is mapped.
The SHA1 hash of this certificate will be displayed on the Modify User web page for the user to whom it
is mapped. If RILOE II is using directory authentication, client certificate mapping to local user accounts is
optional and only necessary if authentication with local accounts is desired.
The IMPORT_CA_CERTIFICATE and IMPORT_USER_CERTIFICATE settings require that base64 encoded
certificate data be included between the begin and end tags.
MOD_TWOFACTOR_SETTINGS runtime errors
The possible MOD_TWOFACTOR_SETTINGS error messages include:
• RIB information is open for read-only access. Write access is required for this operation.
• This setting cannot be changed while Shared Network port is enabled.
RILOE II has been configured to use shared network port, which will not function if Two-factor
authentication is enabled
• This setting cannot be enabled unless a trusted CA certificate has been imported.
A CA certificate must be imported before enabling Two-factor authentication.
• User does not have correct privilege for action. CONFIG_ILO_PRIV required.