Login by name, Schema-free directory integration, Schema-free directory – HP Integrated Lights-Out 3 User Manual

Page 166

Advertising

Verifying single sign-on (HP Zero Sign In) configuration

To verify that HP Zero Sign In is configured correctly:
1.

Browse to the iLO login page (for example, http://iloname.example.net).

Click the HP Zero Sign In button.

If a prompt for credentials appears, Kerberos authentication has failed and the system has
reverted to NTLM authentication. Click Cancel, and then repeat the procedures in

“Configuring

single sign-on” (page 164)

To verify that login by name is working properly:
1.

Browse to the iLO login page (for example, http://iloname.example.net).

Enter the user name in the Kerberos SPN format (for example, [email protected]).

Enter the associated domain password.

If a prompt for credentials appears, Kerberos authentication has failed. Click Cancel to close
the dialog box.

Login by name might not work correctly if the computer account for iLO is part of a child
domain, but the Kerberos configuration parameters (Kerberos Realm, Kerberos KDC Server
Address, and Kerberos KDC Server Port) reference the parent domain.

Schema-free directory integration

With schema-free directory integration, users and group memberships reside in the directory, but
group privileges reside in the iLO settings. iLO uses login credentials to read the user object in the
directory and retrieve the user group memberships, which are compared to those stored in iLO. If
the credentials and membership match, authorization is granted, as shown in

Figure 84 (page 166)

Figure 84 Schema-free directory integration

User enters

user name

and password

iLO

interface

Credentials

translated

to a DN

User found in

the directory

and verified in

the iLO groups