Home » HP Manuals » Servers » HP Integrity BL870c » Manual Viewer

HP Integrity BL870c HP Integrity iLO 2 Operations Guide, Eleventh Edition - Page 185

Preparing Directory Services for Active Directory

View all HP Integrity BL870c manuals

Add to My Manuals
Save this manual to your list of manuals

Page 185 highlights

IMPORTANT: To install directory services for iLO 2, an Active Directory schema administrator must extend the schema. • Extending the schema in the Microsoft Windows 2000 Server Resource Kit, available at: http://www.microsoft.com • Installing Active Directory in the Microsoft Windows 2000 Server Resource Kit, available at: http://www.microsoft.com • Microsoft Knowledge Base articles: - 216999 "How to Install the Remote Server Administration Tools in Windows" - 314978 "How to Use Adminpak.msi to Install a Specific Server Administration Tool in Windows 2000" - 247078 "How to Enable SSL Communication over LDAP for Windows 2000 Domain Controllers" - 321051 "How to Enable LDAP over SSL with a Third-Party Certification Authority" - 299687 MS01-036 "Function Exposed by Using LDAP over SSL Could Enable Passwords to Be Changed" Integrity iLO 2 requires a secure connection to communicate with the directory service. This secure connection requires the installation of the Microsoft CA. For more information, see the following Microsoft technical references: • Securing Windows 2000, Appendix D, Configuring Digital Certificates on Domain Controllers for Secure LDAP and SMTP Replication at: http://www.microsoft.com • Microsoft Knowledge Base Article 321051 "How to Enable LDAP over SSL with a Third-Party Certification Authority" Preparing Directory Services for Active Directory To set up directory services for use with iLO 2, follow these steps: 1. Install Active Directory. For more information, see the resource kit, Installing Active Directory in the Microsoft Windows 2000 Server. 2. Install the Microsoft Admin Pack (the ADMINPAK.MSI file, which is located in the i386 subdirectory of the Windows 2000 Server or Advanced Server CD). For more information, see the Microsoft Knowledge Base Article 216999. 3. In Windows 2000, the safety interlock that prevents accidental writes to the schema must be temporarily disabled. The schema extender utility can do this if the remote registry service is running and you have appropriate rights. You can also do this by setting HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services NTDS Parameters Schema Update Allowed in the registry to a nonzero value (see the "Order of Processing When Extending the Schema" section of the Installation of Schema Extensions in the Windows 2000 Server Resource Kit), or by doing the following: CAUTION: Incorrectly editing the registry can severely damage your system. HP recommends creating a backup of any valued data on the computer before making changes to the registry. NOTE: This step is not necessary if you are using Windows Server 2003. a. Start the MMC. b. In MMC, install the Active Directory schema snap-in. c. Right-click Active Directory Schema and select Operations Master. d. Select The Schema may be modified on this Domain Controller. e. Click OK. Directory Services for Active Directory 185

Section	Page
HP Integrity iLO 2 Operations Guide	1
Table of Contents	3
About This Document	15
Intended Audience	15
New and Changed Information in This Edition	15
Publishing History	15
Document Organization	17
Typographic Conventions	18
Related Information	18
HP Contact Information	19
Documentation Feedback	19
1 Introduction to iLO 2	21
Features	21
Standard Features	22
Always-On Capability	22
Virtual Front Panel	22
Multiple Access Methods	22
Security	22
User Access Control	22
Multiple Users	23
IPMI over LAN	23
System Management Homepage	23
Firmware Upgrades	24
Internal Subsystem Information	24
DHCP and DNS Support	24
Group Actions	24
Group Actions Using HP SIM	24
SNMP	24
SMASH	24
SM CLP	25
Mirrored Console	25
Remote Power Control	25
Power Regulation	25
Event Logging	25
Advanced Features	25
Virtual Media	25
Integrated Remote Console	26
Directory-Based Secure Authorization Using LDAP	26
Schema-Free LDAP	26
Power Meter Readings	26
HP Insight Power Manager	26
Obtaining and Activating iLO 2 Advanced Pack Licensing	27
Lights-Out Advanced KVM Card	27
Supported Systems and Required Components and Cables	27
Integrity iLO 2 Supported Browsers and Client Operating Systems	28
Security	28
Protecting SNMP Traffic	29
2 Ports and LEDs	31
HP Integrity Server Blade Components	31
Onboard Administrator	31
HP Integrity rx2660 Server Components	33
HP Integrity rx3600 and rx6600 Server Components	33
iLO 2 MP Status LEDs	34
iLO 2 MP Reset Button	35
Resetting Local User Accounts and Passwords to Default Values	35
Console Serial Port and Auxiliary Serial Port	35
MP LAN Port	36
MP LAN LEDs	36
3 Getting Connected to iLO 2	37
Setup Checklist	38
Setup Flowchart	39
Rackmount Server Connection	40
Preparing to Set Up iLO 2	40
Determining the Physical iLO 2 Access Method	40
Determining the iLO 2 MP LAN Configuration Method	41
Configuring the iLO 2 MP LAN Using DHCP and DNS	41
Configuring the iLO 2 MP LAN Using ARP Ping	42
Configuring the iLO 2 MP LAN Using the Console Serial Port	43
Server Blade Connection	45
Connecting to a Server Blade iLO 2 Using the Console Serial Port	45
Connecting the SUV Cable to the Server Blade	46
Connecting the Server Blade To iLO 2 Using the Onboard Administrator	48
Auto Login	49
Initiating an Auto Login Session	50
Terminating an Auto Login Session	50
User Account Cleanup During IPF Blade Initialization	50
Auto Login Troubleshooting	50
Additional Setup	51
Modifying User Accounts and Default Passwords	51
Setting Up Security	52
Setting Security Access	52
Setting iLO 2 MP LAN From EFI	52
4 Logging In to iLO 2	55
Logging In to iLO 2 Using the Web GUI	55
Logging In to iLO 2 Using the Command Line Interface	55
Network Port Usage	55
5 Adding Advanced Features	57
Lights-Out Advanced KVM Card for sx2000 Servers	57
Lights-Out Advanced KVM card Requirements	58
Configuring the Lights-Out Advanced KVM Card	59
Lights-Out Advanced KVM Card IRC Feature	60
Lights-Out Advanced KVM Card vMedia Feature	60
Installing the Lights-Out Advanced KVM Card in a Server	61
Lights-Out Advanced KVM Card Quick Setup Steps	63
Using Lights-Out Advanced KVM Features	64
Mid Range PCI Backplane Power Behavior	65
Troubleshooting the Lights-Out Advanced KVM Card	65
Core I/O Card Configurations	66
Supported PCI-X Slots	67
Upgrading the Lights-Out Advanced KVM Card Firmware	67
6 Accessing the Host (Operating System) Console	69
Accessing a Text Host Console through iLO 2 Virtual Serial Console	69
Accessing Online Help	70
Accessing a Text Host Console Using the TUI	70
Help System	70
Accessing a Graphic Host Console Using the Integrated Remote Console	71
Accessing a Text Host Console Using SMASH SM CLP	71
7 Configuring DHCP, DNS, LDAP, and Schema-Free LDAP	73
Configuring DHCP	73
Configuring DNS	74
Configuring LDAP Extended Schema	74
Login Process Using Directory Services with Extended LDAP	75
Configuring Schema-Free LDAP	76
Setting Up Directory Security Groups	77
Login Process Using Directory Services Without Schema Extensions	77
LDAP and MP Login for Integrity Cell-Based Servers	78
User Accounts	78
Commands	78
Access Rights	79
Partition User Support Options	82
8 Using iLO 2	83
Text User Interface	83
MP Command Interfaces	83
MP Main Menu	84
MP Main Menu Commands	84
CO (Console): Leave the MP Main Menu and enter console mode	85
VFP (Virtual Front Panel): Simulate the display panel	85
CM (Command Mode): Enter command mode	85
SMCLP (Server Management Command Line Protocol): Switch to the SMASH SMCLP	85
CL (Console Log): View the history of the console output	85
SL (Show Logs): View events in the log history	85
SL Command for Integrity Cell-Based Servers	87
HE (Help): Display help for the menu or command in the MP Main Menu	89
X (Exit): Exit iLO 2	89
Command Menu	89
Command Line Interface Scripting	91
Expect Script Example	91
Command Menu Commands and Standard Command Line Scripting Syntax	93
BP: Reset BMC passwords	93
BLADE: Display BLADE parameters	94
CA: Configure asynchronous local serial port	94
DATE: Display date	95
DC (Default Configuration): Reset all parameters to default configurations	95
DF: Display FRU information	96
DI: Disconnect LAN, WEB, SSH, or Console	96
DNS: DNS settings	96
FW: Upgrade the MP firmware	97
HE: Display help for menu or command in command menu interface	97
ID: System information settings	97
IT: Inactivity timeout settings	98
LC: LAN configuration usage	98
LDAP: LDAP directory settings	99
LDAP: LDAP group administration	100
LDAP: Schema-Free LDAP	101
LM: License management	101
LOC: Locator UID LED configuration	101
LS: LAN status	101
PC: Power control access	101
PM: Power regulator mode	102
PR: Power restore policy configuration	103
PS: Power status	103
RB: Reset BMC	103
RS: Reset system through the RST signal	103
SA: Set access LAN/WEB/SSH/IPMI over LAN ports	104
SNMP: Configure SNMP parameters	104
SO: Security option help	105
SS: System Status	105
SYSREV: Firmware revisions	106
TC: System reset through INIT or TOC signal	106
TE: Send a message to other mirroring terminals	106
UC: User Configuration (users, passwords, and so on)	106
WHO: Display a list of iLO 2 connected users	108
XD: iLO 2 Diagnostics or reset	108
Web GUI	110
System Status	110
Status Summary > General	110
Status Summary > Active Users	111
Status Summary > FW Revisions	112
Server Status > General	113
Server Status > Identification	114
System Event Log	115
Events	116
Remote Serial Console	116
Virtual Serial Port	119
Integrated Remote Console	119
IRC Requirements and Usage	119
Limitations of the IRC Mouse and Keyboard	120
Browsers and Client Operating Systems that Support the IRC	121
IRC-Supported Resolutions and Browser Configurations	121
Microsoft Windows Server 2003 and HP-UX Graphics Resolution Settings for the IRC	121
Server Display Properties	121
Server Mouse Properties	121
Console Settings	121
Enabling X Windows on HP-UX	122
Accessing the IRC	122
Integrated Remote Console Fullscreen	124
Virtual Media	125
Using iLO 2 Virtual Media Devices	125
Virtual CD/DVD	126
Virtual Media CD/DVD Operating System	128
Creating the iLO 2 Disk Image Files	128
Virtual Floppy/USB Key	130
Virtual Media Applet Timeout	131
Supported Operating Systems and USB Support for vMedia	131
Java Plug-in Version	132
Client Operating System and Browser Support for vMedia	132
Power Management	132
Power & Reset	132
Power Meter Readings	133
Power Regulator	135
Administration	137
Firmware Upgrade	137
Licensing	138
User Administration > Local Accounts	139
Group Accounts	140
Access Settings	141
LAN	142
Serial Page	143
Login Options Page	143
Current LDAP Parameters	144
Network Settings	146
Network Settings > Standard	146
Domain Name Server	147
SNMP Settings	148
BL c-Class	149
Help	150
SMASH Server Management Command Line Protocol	152
SM CLP Features and Functionality Overview	152
SM CLP Session	152
Accessing the SM CLP Interface	152
Exiting the SM CLP Interface	153
Changing the iLO 2 Default Interface to SM CLP	153
Using the SM CLP Interface	154
SM CLP Syntax	154
Command Line Terms	154
Command Verbs	155
Command Targets	156
Command Target Properties	156
Command Options	156
Level Option	156
Display Option	157
Character Set, Delimiters, Special, and Reserved Characters	157
System1 Target	158
Target: SYSTEM1	158
System Reset Power Status and Power Control	159
Resetting the System	159
Displaying Power Status	159
Powering Off the System	159
Powering On the System	159
Map1 (iLO 2) Target	160
Target: map1	160
Map1 Example	160
Resetting iLO 2	161
Text Console Services	161
Opening the MP Main Menu from SM CLP	161
Target: map1/textredirectsap1	161
Opening the System Console Interface from SM CLP	161
Target: system1/consoles1/textredirectsap1	161
Switching Between the System Console and the SM CLP	162
Starting a System Console Session	162
Determining the Session Termination Character Sequence for the System Console	162
Exiting the System Console Session and Returning to SM CLP	162
Entering the MP Main Menu Interface From SM CLP	162
Exiting the MP Main Menu Session and Returning to SM CLP	162
Firmware Revision Display and Upgrade	163
SM CLP Firmware Targets	163
Target: map1/swinstallsvc1	163
Target: map1/swinventory1	163
Target: map1/swinventory1/swid#	163
Displaying Firmware Revisions	164
Firmware Upgrade	165
Remote Access Configuration	165
Telnet SM CLP Targets	165
Target: map1/telnetsvc1	165
Telnet Examples	166
SSH	166
Target: map1/sshsvc1	166
SSH Examples	166
Network Configuration	166
SM CLP Network Targets, Properties, and Verbs	166
Target: map1/enetport1	166
Target: map1/enetport1/lanendpt1	167
Target: map1/enetport1/lanendpt1/ipendpt1	167
Target: map1/dhcpendpt1	168
Target: map1/dnsendpt1	168
Target: map1/enetport1/lanendpt1/ipendpt1/gateway1	169
Target: map1/dnsserver1, map1/dnsserver2, map1/dnsserver3	169
Target: map1/settings1/dnssettings1	169
SM CLP Network Command Examples	170
vMedia	171
Setting Up IIS for Scripted vMedia	171
vMedia Functionality on Server Blades and Rack-Mounted Servers	172
Target: map1/oemhp_vm1/cddr1	172
Using Scriptable vMedia on Server Blades and Rack-Mounted Servers	173
Using Scriptable vMedia on Server Blades Only	173
User Accounts Configuration	176
Target: map1/group1	176
Target: map1/group1/account#	176
User Account Examples	177
LDAP Configuration	177
Target: map1/settings1/oemhp_ldapsettings1	177
LDAP Configuration Examples	178
9 Installing and Configuring Directory Services	179
Directory Services	179
Features Supported by Directory Integration	179
Directory Services Installation Prerequisites	180
Installing Directory Services	180
Schema Documentation	180
Directory Services Support	181
eDirectory Installation Prerequisites	181
Required Schema Software	181
Schema Installer	182
Schema Preview Screen	182
Setup Screen	182
Results Screen	183
Management Snap-In Installer	184
Directory Services for Active Directory	184
Active Directory Installation Prerequisites	184
Preparing Directory Services for Active Directory	185
Installing and Initializing Snap-Ins for Active Directory	186
Example: Creating and Configuring Directory Objects for Use with iLO 2 in Active Directory	186
Directory Services Objects	189
Active Directory Snap-Ins	190
Managing HP Devices In a Role	190
Managing Users In a Role	190
Setting Login Restrictions	191
Setting Time Restrictions	192
Defining Client IP Address or DNS Name Access	192
Setting User or Group Role Rights	193
Directory Services for eDirectory	194
Installing and Initializing Snap-In for eDirectory	194
Example: Creating and Configuring Directory Objects for Use with iLO 2 Devices in eDirectory	195
Creating Objects	195
Creating Roles	196
Directory Services Objects for eDirectory	198
Adding Role Managed Devices	198
Adding Members	198
Setting Role Restrictions	199
Setting Time Restrictions	200
Defining Client IP Address or DNS Name Access	200
Setting Lights-Out Management Device Rights	200
Installing Snap-Ins and Extending Schema for eDirectory on a Linux Platform	201
Installing the Java Runtime Environment	201
Installing Snap-Ins	202
Extending Schema	202
Verifying Snap-In Installation and Schema Extension	203
Using the LDAP Command to Configure Directory Settings in iLO 2	203
User Login Using Directory Services	204
Certificate Services	205
Installing Certificate Services	205
Verifying Directory Services	205
Configuring an Automatic Certificate Request	205
Directory-Enabled Remote Management	205
Using Existing Groups	206
Using Multiple Roles	206
Creating Roles that Follow Organizational Structure	207
Restricting Roles	207
Role Time Restrictions	207
IP Address Range Restrictions	208
IP Address and Subnet Mask Restrictions	208
DNS-Based Restrictions	208
Role Address Restrictions	208
Enforcing Directory Login Restrictions	208
Enforcing User Time Restrictions	209
User Address Restrictions	210
Creating Multiple Restrictions and Roles	210
Directory Services Schema (LDAP)	211
HP Management Core LDAP Object Identifier Classes and Attributes	211
Core Classes	211
Core Attributes	211
Core Class Definitions	212
hpqTarget	212
hpqRole	212
hpqPolicy	212
Core Attribute Definitions	212
hpqPolicyDN	213
hpqRoleMembership	213
hpqTargetMembership	213
hpqRoleIPRestrictionDefault	213
hpqRoleIPRestrictions	213
hpqRoleTimeRestriction	214
iLO 2-Specific LDAP OID Classes and Attributes	214
iLO 2 Classes	214
iLO 2 Attributes	214
iLO 2 Class Definitions	215
hpqLOMv100	215
iLO 2 Attribute Definitions	215
hpqLOMRightLogin	215
hpqLOMRightRemoteConsole	215
hpqLOMRightRemoteConsole	216
hpqLOMRightServerReset	216
hpqLOMRightLocalUserAdmin	216
hpqLOMRightConfigureSettings	216
Glossary	217

Match case Limit results 1 per page

IMPORTANT:

To install directory services for iLO 2, an Active Directory schema administrator

must extend the schema.

•

Extending the schema in the Microsoft Windows 2000 Server Resource Kit, available at:

http://www

.microsoft.com

•

Installing Active Directory in the Microsoft Windows 2000 Server Resource Kit, available

at:

http://www

.microsoft.com

•

Microsoft Knowledge Base articles:

—

216999 “How to Install the Remote Server Administration Tools in Windows”

—

314978 “How to Use Adminpak.msi to Install a Specific Server Administration Tool in

Windows 2000”

—

247078 “How to Enable SSL Communication over LDAP for Windows 2000 Domain

Controllers”

—

321051 “How to Enable LDAP over SSL with a Third-Party Certification Authority”

—

299687 MS01-036 “Function Exposed by Using LDAP over SSL Could Enable Passwords

to Be Changed”

Integrity iLO 2 requires a secure connection to communicate with the directory service. This

secure connection requires the installation of the Microsoft CA. For more information, see the

following Microsoft technical references:

•

Securing Windows 2000, Appendix D, Configuring Digital Certificates on Domain Controllers

for Secure LDAP and SMTP Replication at:

http://www

.microsoft.com

•

Microsoft Knowledge Base Article 321051 “How to Enable LDAP over SSL with a Third-Party

Certification Authority”

Preparing Directory Services for Active Directory

To set up directory services for use with iLO 2, follow these steps:

Install Active Directory. For more information, see the resource kit, Installing Active Directory

in the Microsoft Windows 2000 Server.

Install the Microsoft Admin Pack (the

ADMINPAK.MSI

file, which is located in the i386

subdirectory of the Windows 2000 Server or Advanced Server CD). For more information,

see the Microsoft Knowledge Base Article 216999.

In Windows 2000, the safety interlock that prevents accidental writes to the schema must

be temporarily disabled. The schema extender utility can do this if the remote registry service

is running and you have appropriate rights. You can also do this by setting

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services NTDS Parameters Schema

Update Allowed

in the registry to a nonzero value (see the “Order of Processing When

Extending the Schema” section of the Installation of Schema Extensions in the Windows

2000 Server Resource Kit), or by doing the following:

CAUTION:

Incorrectly editing the registry can severely damage your system. HP

recommends creating a backup of any valued data on the computer before making changes

to the registry.

NOTE:

This step is not necessary if you are using Windows Server 2003.

Start the MMC.

In MMC, install the Active Directory schema snap-in.

Right-click

Active Directory Schema

and select

Operations Master

Select

The Schema may be modified on this Domain Controller

Click

Directory Services for Active Directory

185