Home » HP Manuals » Hubs & Switches » HP 4x1Ex32 » Manual Viewer

HP 4x1Ex32 HP IP Console Viewer User Guide - Page 207

Configuring LDAP parameters

Add to My Manuals
Save this manual to your list of manuals

Page 207 highlights

2. Click Add. The Enter Key dialog box appears. 3. Enter 387S9-M3228-JRM85-D2RZQ-NK8JR. 4. Click OK. -orClick Cancel to exit without saving changes. Configuring LDAP parameters There are differences between the LDAP-based access controls used by console switches and Kerberosbased access control that Windows® uses by default when users log in to workstations and servers. Some of the user account properties in Active Directory apply only to Kerberos, while some apply to both Kerberos and the LDAP-based access controls used by console switches. For example, configurable user restrictions, like the "Log On To," "Logon Hours," and "Managed By" features, in Active Directory do not apply to console switches and their attached servers. Other features, like user account expiration, user account lockout, and the capability to disable a user account, do apply to console switches and attached serves (subject to configuration of associated parameters in Active Directory). Because of the complexity of Active Directory, it is always useful to run test cases to confirm it is correctly configured to enforce the desired security policy. It is important to remember that LDAP cannot access the ACL data used by Windows® to make its access control decisions. HP recommends following the configuration guidance provided by this user guide. Configurations outside that guidance are not supported. If individual user accounts are stored on an LDAP-enabled Directory server, such as Active Directory, you can use the Directory service to authenticate users. The settings made in the Authentication subcategory enable you to configure your authentication configuration parameters. The HP IP Console Viewer sends the user name, password, and other information to the console switch, which then determines whether the HP IP Console Viewer user has permission to view or change configuration parameters for the console switch in the HP IP Console Viewer main window. CAUTION: Unless otherwise specified, use the LDAP default values unless Active Directory has been reconfigured. Modifying the default values might cause LDAP server communication errors. There are three tabs for configuring LDAP parameters. Using directory services integration 207

Section	Page
HP IP Console Viewer User Guide	1
Notice	2
Contents	3
Product overview	8
HP IP Console Viewer overview	8
System components	8
Main window	8
Video Session Viewer	8
Serial Session Viewer	9
Manage Console Switch windows	9
OBWI	9
Features and benefits	9
Directory services integration (LDAP)	10
Supported operating systems	10
Browser requirements	10
Supported directory services	11
System hardware requirements	11
Installation	12
Setting up the HP IP Console Switch	12
Synchronizing mouse pointers	12
Windows operating systems	12
Linux operating systems	12
Establishing LAN connections	13
Windows XP SP1 or newer	13
Installing the HP IP Console Viewer	14
Launching the HP IP Console Viewer	15
Configuring the HP IP Console Viewer	15
Navigating the HP IP Console Viewer	18
HP IP Console Viewer components overview	18
Viewing the main window	18
Main window features	19
Auto searching for a server in the list view	20
Searching for a server in the local database	20
Adding and discovering console switches	21
Adding console switches	21
Adding a console switch without an assigned IP address	21
Adding a console switch with an assigned IP address	25
Discovering one or more console switches with the Discover Wizard	28
Managing multiple connections	31
Server naming	33
Server name displays	33
Sorting displays	34
Managing cached credentials	34
Clearing login credentials	34
Accessing console switches	35
Accessing console switches overview	35
Managing KVM console switches	36
Manage Console Switch window overview for KVM console switches	36
Viewing and configuring parameters through the Settings tab	36
Configuring global parameters	36
Configuring network parameters	37
Configuring session parameters	39
Configuring Virtual Media parameters	41
Configuring authentication parameters	42
Configuring user accounts	43
Adding or modifying a user	45
Setting user access rights	47
Deleting a user	48
Locking and unlocking user accounts	48
Unlocking an account	49
Enabling or disabling a security lock-out	50
Specifying a security lock-out duration	51
Override Admin	51
Viewing interface adapter parameters	52
Setting interface adapter language parameters	52
Configuring SNMP parameters	53
Configuring general SNMP parameters	54
Adding, modifying, and deleting allowable managers	55
Adding, modifying, and deleting trap destinations	55
Configuring a cascade switch connection	56
Configuring trap parameters	56
Viewing server parameters	57
Modifying server names	58
Resynchronizing the server listing for console switches	59
Configuring cascade switch parameters	62
Viewing version parameters	63
Viewing hardware version parameters	64
Viewing interface adapter version parameters	65
Enabling automatic interface adapter firmware upgrades	65
Manually loading and upgrading the interface adapter firmware	65
Resetting an interface adapter	66
Viewing licensed options	67
Viewing the Status tab	68
Disconnecting user session	68
Using the Tools tab	69
Rebooting the console switch	69
Upgrading console switch firmware	70
Upgrading interface adapter firmware simultaneously	71
Managing console switch configuration files	72
Saving a console switch configuration database	72
Restoring a console switch configuration database	73
Managing console switch user databases	73
Saving a console switch user database	73
Restoring a console switch user database	74
Managing remote servers through the Video Session Viewer	75
About the Video Session Viewer	75
Video Session Viewer window	76
Using a smart card through Video Session Viewer	77
Accessing the Video Session Viewer	77
Selecting an action	78
Closing the Video Session Viewer	78
Video session types	78
Using exclusive mode (HP IP Console Switches with Virtual Media only)	79
Using digital share mode (HP IP Console Switches with Virtual Media only)	80
Using preemption mode (HP IP Console Switches with Virtual Media only)	81
Using stealth mode (HP IP Console Switches with Virtual Media only)	82
Connection sharing (HP IP Console Switches with Virtual Media only)	83
Expanding and refreshing the Video Session Viewer	83
Adjusting the local cursors	83
Refreshing the screen	84
Expanding to full screen mode	84
Adjusting the Video Session Viewer	84
Adjusting the Video Session Viewer size	84
Adjusting the video quality	84
Configuring session options	85
Configuring keyboard pass-through	86
Selecting function buttons for the Video Session Toolbar	86
Aligning the cursors	86
Mouse tuning	86
Windows operating systems	86
Linux operating systems	86
Viewing multiple servers using Scan mode	87
Scanning your servers	87
Accessing Scan mode	87
Setting scan preferences	88
Navigating the thumbnail view	88
Changing the thumbnail sizes	89
Adding an individual server to the scan sequence	89
Launching a server video session from a thumbnail view	89
Pausing or restarting a scan sequence	89
Setting server credentials	89
Using macros for KVM console switches	90
Sending a macro	90
Using Virtual Media (HP IP Console Switches with Virtual Media only)	90
Virtual Media requirements	91
Virtual Media resources	91
USB 2.0 composite device limitations	91
Virtual Media sharing and preemption considerations	92
Virtual Media window	92
Virtual Media session settings	93
Opening a Virtual Media session	93
Mapping to Virtual Media drives	94
Mapping to a physical drive as a Virtual Media drive	94
Unmapping a Virtual Media drive	95
Adding and mapping to an .iso or floppy image as Virtual Media drive	95
Displaying Virtual Media drive details	96
Resetting all USB devices on the server	96
Closing a Virtual Media session	97
Managing serial console switches	98
Manage Console Switch window overview for serial console switches	98
Viewing and configuring the Settings tab for serial console switches	98
Configuring global parameters for serial console switches	98
Configuring network parameters for serial console switches	99
Configuring CLI parameters for serial console switches	101
Configuring authentication parameters for serial console switches	103
Configuring session parameters for serial console switches	105
Specifying a history buffer control	106
Specifying a session time-out setting	107
Enabling or disabling plaintext sessions	107
Viewing and configuring SSH parameters for serial console switches	107
Changing the SSH authentication mode	108
Disabling SSH	109
Viewing key information	109
Configuring NTP parameters for serial console switches	109
Configuring NFS parameters for serial console switches	110
Configuring user accounts for serial console switches	112
Adding or modifying a user for serial console switches	113
Setting user access rights for serial console switches	117
Configuring the public SSH key for serial console switches	117
Deleting a user for serial console switches	120
Locking and unlocking user accounts for serial console switches	120
Unlocking an account for serial console switches	121
Enabling or disabling a security lock-out	122
Specifying a security lock-out duration	123
Override Admin subcategory for serial console switches	123
Configuring port parameters for serial console switches	124
Modifying port parameters for serial console switches	124
Configuring alert parameters for serial console switches	126
Viewing NFS parameters for serial console switches	129
Viewing statistics parameters for serial console switches	129
Configuring SNMP parameters for serial console switches	131
Configuring general SNMP parameters for serial console switches	132
Adding, modifying, and deleting allowable managers for serial console switches	133
Adding, modifying, and deleting trap destinations for serial console switches	134
Configuring trap parameters for serial console switches	134
Viewing server parameters for serial console switches	135
Modifying server names for serial console switches	136
Resynchronizing the server listing for serial console switches	137
Viewing version parameters for serial console switches	142
Viewing the Status tab for serial console switches	143
Using the Tools tab for serial console switches	144
Rebooting the serial console switch	144
Upgrading serial console switch firmware	145
Managing serial console switch configuration files	146
Saving a serial console switch configuration database	146
Restoring a serial console switch configuration database	147
Managing serial console switch user databases	148
Saving a serial console switch user database	148
Restoring a serial console switch user database	148
Managing remote servers through the Serial Session Viewer	150
About the Serial Session Viewer	150
Serial Session Viewer window	150
About options	151
Accessing the Serial Session Viewer	152
Choosing an encryption method	152
Selecting an action	153
Closing the Serial Session Viewer	154
Customizing preferences	154
Customizing session properties	155
Terminal session properties	155
Customizing terminal session properties	156
Login scripts session properties	158
Logging session properties	159
Using login scripts	159
Changing a default login script	160
Enabling or disabling automatic login	162
Enabling or disabling debug mode for login scripts	163
Using logging	164
Enable or disabling automatic logging	165
Changing the default log file directory	166
Starting dynamic logging	166
Pausing logging	167
Resuming logging	167
Stopping logging	167
Moving session data	167
Copying a session data	167
Pasting system clipboard contents	168
Printing a session screen	168
Using macros for serial console switches	168
Grouping macros for serial console switches	170
Organizing the system	173
Customizing console switch and server properties	173
General tab	173
Telnet tab	176
Serial console switch Telnet tab	176
Server Telnet tab	177
Viewing and changing telnet options	177
Network tab	179
iLO tab	181
Information tab	181
Connections properties	183
VNC tab	184
Viewing and changing VNC options	185
RDP tab	187
Viewing and changing RDP options	188
Http/Https Ports tab	191
Customizing options	191
Creating custom field labels	191
Setting up custom field labels	192
Creating new sites, departments, or locations	193
Creating new folders	193
Modifying the selected view on startup	194
Changing the default browser	194
Using Direct Draw	194
Assigning units to sites, departments, locations, or folders	195
Deleting and renaming a unit	195
Deleting a unit, site, department, location, or folder	196
Renaming a unit, site, department, location, or folder	196
Managing local databases	196
Saving local databases	196
Exporting local databases	197
Loading local databases	198
Using directory services integration	200
Using LDAP	200
LDAP Authentication Only mode	200
LDAP Authentication and Access Control mode	201
LDAP Authentication and Access Control Query types	201
Query modes	201
LDAP Authentication and Access Control Basic Mode	202
LDAP Authentication and Access Control User Attribute Mode	203
LDAP Authentication and Access Control Group Attribute Mode	204
Enabling directory services integration	204
Entering the default LDAP license key	206
Configuring LDAP parameters	207
Server Parameters tab	208
Search Parameters tab	208
Query Parameters tab	209
Console switch and server query modes	211
Setting up the Active Directory for performing group attribute mode queries	216
Using the on-board Web interface (OBWI)	218
Setting up the OBWI	218
Upgrading the console switch firmware for OBWI compatibility	218
Upgrading interface adapter firmware for OBWI compatibility	219
Migrating console switches to the OBWI	220
Synchronizing the local and console switch databases	221
Launching the OBWI	222
Installing the certificate	225
Downgrading console switch firmware	227
Managing console switches	227
Connections	227
Status	228
Configure	228
Tools	232
User accounts	233
Adding or modifying a user	233
Changing a user password	234
Deleting a user	234
Locking and unlocking user accounts	234
Disconnecting a user	235
SNMP	235
Configuring SNMP parameters	235
Enabling SNMP traps	236
Resynchronizing server connections	237
Modifying a server name	237
Configuring tiered switches	238
Interface adapters	238
Versions	239
Upgrading firmware using the OBWI	242
Upgrading console switch firmware	242
Upgrading interface adapter firmware in batch mode	245
Upgrading interface adapters individually	245
Rebooting a console switch	246
Managing console switch configuration files	246
Saving console switch configuration files	247
Restoring a configuration file to a console switch	250
Managing user databases	252
Saving a user database	252
Restoring a user database	255
Setting virtual media options	257
Troubleshooting	259
Troubleshooting chart	259
Certificate errors	261
Microsoft Internet Explorer 6	262
Microsoft Internet Explorer 7	265
Mozilla Firefox	269
Upgrading the firmware	271
Using the file system to upgrade firmware	271
Using TFTP for firmware upgrades	272
TFTP for Linux operating systems	272
Verifying TFTP for Linux operating systems	272
Upgrading the firmware using TFTP on Linux operating systems	273
HP IP Console Switch directory services integration setup tutorial	276
HP IP Console Switch directory service setup	276
Hardware configuration used for this example	276
Settings used for this example	277
Authentication and group-level access controls	277
Authentication only	289
LDAP client behavior overview	291
UID masks (simple and complex)	291
Active Directory attributes that can be used as credentials	291
Attributes initialized during creation of a new user object	291
Additional attributes available in user properties	296
Additional attributes available through the ADSI Editor	297
UID mask for single factor credentials	298
UID mask for multiple factor credentials	306
Serial Session Viewer terminal emulation modes	308
Terminal emulation modes overview	308
VT terminal emulation	308
VT102 terminal emulation	308
VT100 terminal emulation	309
VT100 ANSI set and reset mode cursor keys	310
VT100 PF1 through PF4 key definitions	310
VT100 ANSI mode control sequences	310
VT220 terminal emulation	313
VT220 decoding	314
VT52 terminal emulation	316
VT52 decoding	316
VT320 terminal emulation	317
VT320 decoding	318
Keyboard and mouse shortcuts	320
Divider pane keyboard and mouse shortcuts	320
Group view control keyboard and mouse shortcuts	320
List view keyboard and mouse operations	321
Acronyms and abbreviations	322
Glossary	327

Match case Limit results 1 per page

Using directory services integration

207

Click

Add.

The Enter Key dialog box appears.

Enter

387S9-M3228-JRM85-D2RZQ-NK8JR.

Click

OK.

-or-

Click

Cancel

to exit without saving changes.

Configuring LDAP parameters

There are differences between the LDAP-based access controls used by console switches and Kerberos-

based access control that Windows® uses by default when users log in to workstations and servers. Some

of the user account properties in Active Directory apply only to Kerberos, while some apply to both

Kerberos and the LDAP-based access controls used by console switches. For example, configurable user

restrictions, like the "Log On To," "Logon Hours," and "Managed By" features, in Active Directory do not

apply to console switches and their attached servers. Other features, like user account expiration, user

account lockout, and the capability to disable a user account, do apply to console switches and attached

serves (subject to configuration of associated parameters in Active Directory). Because of the complexity

of Active Directory, it is always useful to run test cases to confirm it is correctly configured to enforce the

desired security policy. It is important to remember that LDAP cannot access the ACL data used by

Windows® to make its access control decisions. HP recommends following the configuration guidance

provided by this user guide. Configurations outside that guidance are not supported.

If individual user accounts are stored on an LDAP-enabled Directory server, such as Active Directory, you

can use the Directory service to authenticate users.

The settings made in the Authentication subcategory enable you to configure your authentication

configuration parameters. The HP IP Console Viewer sends the user name, password, and other

information to the console switch, which then determines whether the HP IP Console Viewer user has

permission to view or change configuration parameters for the console switch in the HP IP Console Viewer

main window.

CAUTION:

Unless otherwise specified, use the LDAP default values unless Active Directory

has been reconfigured. Modifying the default values might cause LDAP server communication

errors.

There are three tabs for configuring LDAP parameters.