HP Integrated Lights-Out manual Privileges, Login Security

Page 138

138 User Guide Integrated Lights-Out

An alternative to local iLO user accounts is to integrate iLO user authentication into directory services. This configuration allows a virtually unlimited number of users, and easily scales to the number of Lights-Out devices in an enterprise. Additionally, the directory provides a central point of administration for Lights- Out devices and users, and the directory can enforce a stronger password policy. iLO enables you to use local users, directory users, or both.

Privileges

iLO allows the administrator to control user account access to iLO functions through the use of privileges. When a user attempts to use a function, the iLO system verifies that the user has the privilege before the user is allowed to perform the function.

Each feature available through iLO can be controlled through privileges, including Administer User Accounts, Remote Console Access, Virtual Power and Reset, Virtual Media, and Configure iLO Settings. Privileges for each user can be configured on the User Administration page of the Administration tab.

Login Security

iLO provides several login security features. After an initial failed login attempt, iLO imposes a delay of five seconds. After a second failed attempt, iLO imposes a delay of 10 seconds. After the third failed attempt, and any subsequent attempts, iLO imposes a delay of 60 seconds. All subsequent failed login attempts cycles through these values. An information page is displayed during each delay. This will continue until a valid login is completed. This feature assists in defending against possible dictionary attacks against the browser login port.

iLO saves a detailed log entry for failed login attempts, which imposes a delay of 60 seconds.

Image 138

Contents HP Integrated Lights-Out User Guide Audience Assumptions Contents User Guide Integrated Lights-Out ILO Security 135 Certificate Services 189 Insight Manager 7 Integration 223 Lights-Out DOS Utility 249 Login Modglobalsettings Moddiagport Settings ILO Parameters 331 Contents Technical Support 397 Operational Overview New in This VersionThis Section Usage Model Network Connection OverviewSupported Server Operating System Software Supported Browsers Linux Browser Configuration Configuring Linux Font SizePage Configuring iLO ILO Configuration OptionsILO Rbsu Browser-Based Setup Installing iLO Device Drivers Scripted SetupInstalling or Updating the iLO Drivers for Microsoft Select Software and DriversILO Pre-requisite Files for Microsoft Installing or Updating iLO Drivers for NetWare Novell NetWare Server Driver SupportILO Pre-Requisite Files for NetWare Red Hat Linux and SuSE Linux Server Driver Support ILO Pre-requisite Files for Red Hat and SuSE Linux FilesInstaling or Updating iLO Linux and SuSE Drivers Enabling iLO Advanced Functionality Activating iLO Advanced Features Using a Browser ILO Advanced Evaluation LicenseILO Advanced License Options User Guide Integrated Lights-Out ProLiant BL p-Class Configuration Activating iLO Advanced Using ScriptingStatic IP Bay Configuration ProLiant BL p-Class User RequirementsConfiguring a ProLiant BL p-Class Blade Enclosure Configuring Static IP Bay SettingsUser Guide Integrated Lights-Out ProLiant BL p-Class Standard Configuration Parameters ProLiant BL p-Class Advanced Configuration ParametersEnable iLO IP Address Assignment Ribcl Rackinfo CommandsRibcl Rackinfo Command Examples Getting Static IP Bay Configuration SettingsModifying Static IP Bay Configuration Settings Integration with Riloe II Accessory Boards Using iLO Logging in to iLO for the First TimeLogging in to iLO for the First Time Using a Browser Using iLO User Guide Integrated Lights-Out Using iLO Progressive Delays for Failed Browser Login Attempts HelpSystem Status Status SummaryILO Status Server Status ILO Event Log Integrated Management Log Server and iLO Diagnostics Post Diagnostic Results for the Host ServerNvram Environment Variables Listing Virtual NMI ButtonILO Self-Test Results Remote Console Remote Console OptionRemote Console Information Option Optimizing Performance for Graphical Remote Console Enhanced Features of the Remote ConsoleRecommended Client Settings Display PropertiesRemote Console Remote Console Linux SettingsRecommended Server Settings Mouse PropertiesMicrosoft Windows NT 4.0 and Windows 2000 Settings Microsoft Windows Server 2003 SettingsRed Hat Linux and SuSE Linux Server Settings Novell NetWare SettingsRemote Console Hot Keys Supported Hot Keys Single- and Dual-Cursor Modes for Graphical Remote Console Remote Console Single-CursorRemote Console Dual-Cursor Virtual Devices Virtual Power Using iLO Virtual Media Operating System USB Support MS-DOSUSB USB CD USB CD2 Using iLO Virtual Media Devices ILO Virtual FloppySelect Local Floppy Drive Click Connect Access iLO through a browser Connect Click Create Disk Image ILO Virtual CD-ROM Select Local CD-ROM DriveUsing an Image File Virtual Media CD-ROM Operating System Notes Mounting USB Virtual Media CD in NetWare Mount /dev/scd0 /mnt/cdrom -t iso9660 Virtual Media Composite Device Support Select Local Floppy Drive Virtual Media Applet Timeout ILO Virtual Media PrivilegeVirtual Media Scripting Command Line Input Result Scripting Web Server Requirements Virtual Media Image FilesCGI Helper Application Virtual Indicators Virtual Serial Port Windows EMS ConsoleSecurity Information Virtual Serial Port and LinuxAdministration User AdministrationLinux End-to-End Support Adding a New User Viewing or Modifying an Existing Users Settings Click View/Modify UserGlobal Settings Click Global SettingsDeleting a User User Guide Integrated Lights-Out Network Settings Click Network Settings Using iLO ILO Diagnostic Port Configuration Parameters SNMP/Insight Manager Settings Recovering from a Failed iLO Firmware UpdateEnabling Snmp Alerts Click Apply Settings Generating Test AlertsUpgrade iLO Firmware Configure Insight Manager IntegrationClick Send firmware image Certificate Administration LicensingDirectory Settings ProLiant BL p-Class Advanced ManagementUser Guide Integrated Lights-Out Rack Settings Power Management Module Server Blade Management ModuleRedundant Power Management Module ILO Control of ProLiant BL p-Class Server LEDsKeyboard Definitions Insufficient Power NotificationHot-Plug Keyboard Server Post TrackingHot-Plug Keyboard Troubleshooting Hot-Plug Keyboard Recommended UsageUser Guide Integrated Lights-Out Terminal Services Pass-Through Option Terminal Services Client RequirementsWindows RDP Pass-Through Service Terminal Services Pass-Through Installation Enabling the Terminal Services Pass-Through Option Windows 2000 Terminal Services Port ChangeTerminal Services Pass-Through Status Terminal Services Warning MessageRemote Console and Terminal Services Clients Terminal Services Button DisplayTerminal Services Troubleshooting ComputerPropertiesRemoteRemote DesktopManagerMultifunction Adapters HP ProLiant Essentials Rapid Deployment Pack Integration Telnet SupportViewerApplication Using Telnet Telnet Simple Command SetSupported Key Sequences Telnet SecurityILO VT100+ Key Map Altk Altlowerj VT100+ Codes for the F-Keys Linux Codes for the F-KeysUsing Secure Shell Using SSHSecure Shell ILO Supported SSH Features Using OpenSSHUsing PuTTY ILO Shared Network Port ILO Shared Network Port RequirementsILO Shared Management Port Features and Restrictions Enabling the iLO Shared Network Port Feature Select AdministrationNetwork Settings Re-enabling the Dedicated iLO Management Port Command Line Interface Select NetworkNICTCP/IP, and press the Enter keyCLI Commands EscapeHelp Power RemconsVsp ExitPage Security Features ILO SecurityGeneral Security Guidelines ILO Security Override Switch Administration EncryptionUser Accounts Login Security PrivilegesPassword Guidelines Global Security SettingsCertificates Securing Rbsu Page Directory Services Benefits of Directory IntegrationFeatures Supported by Directory Integration Installing Directory Services Schema Documentation Directory Services Support EDirectory Installation Prerequisites Schema Required Software Schema InstallerSchema Preview Setup Directory Services 151 Management Snap-In Installer ResultsDirectory Services for Active Directory Active Directory Installation PrerequisitesDirectory Services Preparation for Active Directory Start MMC Install the Active Directory Schema snap-in in MMC Snap-In Installation and Initialization for Active Directory Directory Services 157 User Guide Integrated Lights-Out Directory Services 159 User Guide Integrated Lights-Out Directory Services 161 Directory Services Objects Active Directory Snap-Ins HP Devices Members Active Directory Role RestrictionsUser Guide Integrated Lights-Out Time Restrictions Enforced Client IP Address or DNS Name Access Remove Active Directory Lights-Out Management Directory Services for eDirectory Snap-in Installation and Initialization for eDirectoryUser Guide Integrated Lights-Out Directory Services 173 Apply Directory Services 175 Directory Services Objects for eDirectory Role Managed Devices Role Restrictions EDirectory Role Restrictions Time Restrictions Delete Lights-Out Management Directory Services 183 Configuring Directory Settings Directory Services 185 Directory Tests User Login Using Directory Services User Guide Integrated Lights-Out Certificate Services Introduction to Certificate ServicesInstalling Certificate Services Verifying Directory Services Configuring Automatic Certificate RequestCertificate Services 191 Page Directory-Enabled Remote Management Introduction to Directory-Enabled Remote ManagementUsing Bulk Import Tools Using Existing Groups Using Multiple Roles AdminUserAdminRole Server UserRole Creating Roles to Follow Organizational Structure Restricting RolesRole Time Restrictions IP Address Range Restrictions IP Address and Subnet Mask RestrictionsDNS-Based Restrictions How Directory Login Restrictions are Enforced Role Address RestrictionsHow User Time Restrictions are Enforced User Address RestrictionsCreating Multiple Restrictions and Roles Directory-Enabled Remote Management 203 User Guide Integrated Lights-Out Lights-Out Directories Migration Utilities Introduction to Lights-Out Migration UtilitiesPre-Migration Checklist CompatibilityHP Lights-Out Directory Package Hpqlomig Operation Finding Management ProcessorsLights-Out Directories Migration Utilities 209 Enter your Login NamePassword and click Find Upgrading Firmware on Management ProcessorsLights-Out Directories Migration Utilities 211 Select either Use Network Address or Create Name Using Index Naming Management ProcessorsConfiguring Directories Click Update Directory BrowseSetting Up Management Processors for Directories Click Configure Hpqlomgc Operation Management processor directory settings are updated Launching Hpqlomgc Using Application LaunchFirmware version is validated and updated if necessary Directory is updatedLights-Out Directories Migration Utilities 219 Hpqlomgc Command Language Iloconfig Page Insight Manager 7 Integration Integrating iLO with Insight ManagerFunctional Overview Identification and AssociationStatus QueriesLinks Configuring Identification of iLO Receiving Snmp Alerts in Insight Manager Insight Manager 7 Integration 227Port Matching Insight Manager 7 Integration 229 User Guide Integrated Lights-Out ProLiant BL p-Class Rack Visualization User Guide Integrated Lights-Out Systems Insight Manager Integration Integrating iLO with Systems Insight ManagerSystems Insight Manager Functional Overview System Insight Manager Identification and Association System Insight Manager StatusConfiguring System Insight Manager Identification of iLO System Insight Manager LinksSystem Insight Manager Systems Lists Receiving Snmp Alerts in Systems Insight Manager System Insight Manager Port Matching Systems Insight Manager Integration 239 Page Group Administration and iLO Scripting Lights-Out Configuration Utility\PROGRAM FILES\INSIGHT MANAGER\HP\SYTEMS Query Definition in Insight Manager Select Management Processor and click OKApplication Launch Using Insight Manager Create a Custom Command Click ToolsCustom CommandsNew Custom CommandCreate a Customized List Create a Task Click either Schedule or Run NowBatch Processing Using the Lights-Out Configuration Utility Lights-Out Configuration Utility ParametersCpqlocfg Lights-Out DOS Utility Overview of the Lights-Out DOS UtilityCommand Line Arguments Cpqlodos Recommended UsageCpqlodos General Guidelines Lights-Out DOS Utility 251 Ribcl XML Commands for Cpqlodos Cpqlodos Runtime ErrorCpqlodos Parameter Adduser Runtime Errors Adduser ParametersSetlicense Runtime Errors Setlicense ParameterUsing Perl with the XML Scripting Interface Perl ScriptingXML Enhancements XML script modification Opening an SSL Connection Sending the XML Header and Script Body Perl Scripting 259 User Guide Integrated Lights-Out Hponcfg Online Configuration Utility HponcfgHponcfg Supported Operating Systems Hponcfg Installation and Usage Hponcfg RequirementsWindows Server Installation Linux Server InstallationHponcfg Command Line Parameters Using HponcfgObtaining an Entire Configuration Hponcfg Usage ModelCreating a User Account Sample adduser.xml input fileHponcfg Online Configuration Utility Page Remote Insight Command Language Overview of the Remote Insight Board Command Language Ribcl and ProLiant BL p-Class ServersRibcl Sample Scripts Ribcl General Guidelines XML HeaderData Types Specific String Response DefinitionsString Boolean StringRibcl Runtime Errors RibclRibcl Parameter Login Login ParametersLogin Runtime Errors Userinfo Runtime Error UserinfoUserinfo Parameter Adduser Adduser ParametersRemote Insight Command Language Adduser Runtime Errors Deleteuser Runtime Errors DeleteuserDeleteuser Parameter Getuser Runtime Errors GetuserGetuser Parameter Moduser Getuser Return MessagesModuser Parameters Moduser Runtime Errors Getallusers Parameters Getallusers Runtime ErrorGetallusers Getallusers Return MessagesGetalluserinfo Runtime Errors GetalluserinfoGetalluserinfo Parameters Ribinfo Getalluserinfo Return MessagesResetrib Parameters ResetribRibinfo Runtime Errors Resetrib Runtime ErrorsGetnetworksettings Runtime Errors GetnetworksettingsGetnetworksettings Parameters Getnetworksettings Return MessagesModnetworksettings Dhcpwinsserver VALUE=Y Regwinsserver VALUE=YModnetworksettings /RIBINFO Login Ribcl Modnetworksettings Parameters User Guide Integrated Lights-Out Getglobalsettings Modnetworksettings Runtime ErrorsGetglobalsettings Parameters Modglobalsettings Getglobalsettings Runtime ErrorsGetglobalsettings Return Messages Modglobalsettings Parameters User Guide Integrated Lights-Out Remote Insight Command Language Getsnmpimsettings Parameters GetsnmpimsettingsModglobalsettings Runtime Errors Getsnmpimsettings Runtime ErrorsModsnmpimsettings Modsnmpimsettings ParametersModsnmpimsettings Runtime Errors Cleareventlog Runtime Errors CleareventlogCleareventlog Parameters Updateribfirmware Updateribfirmware ParametersUpdateribfirmware Runtime Errors Getfwversion Parameters Getfwversion Runtime ErrorsGetfwversion Getfwversion Return MessagesHotkeyconfig Hotkeyconfig ParametersHotkeyconfig Runtime Errors LicenseLicense Runtime Errors License ParametersDirinfo GetdirconfigDirinfo Runtime Errors Dirinfo ParametersGetdirconfig Parameters Getdirconfig Runtime ErrorsGetdirconfig Return Messages Moddirconfig Moddirconfig ParametersModdirconfig Runtime Errors RackinfoRackinfo Runtime Errors ModbladerackRackinfo Parameters Modbladerack Parameters Getdiagportsettings Parameters GetdiagportsettingsModbladerack Runtime Errors Getdiagportsettings Runtime ErrorsModdiagportsettings Getdiagportsettings Return MessagesModdiagportsettings Parameters Moddiagportsettings Runtime Errors GettopologyServerinfo Gettopology ParametersGettopology Return Message Gethostpowerstatus Serverinfo Runtime ErrorsServerinfo Parameter Gethostpowerstatus Runtime Errors SethostpowerGethostpowerstatus Parameters Gethostpowerstatus Return MessagesResetserver Sethostpower ParametersSethostpower Runtime Errors Presspwrbtn Resetserver ParametersResetserver Errors Presspwrbtn ParametersHoldpwrbtn Presspwrbtn Runtime ErrorsHoldpwrbtn Runtime Errors Holdpwrbtn ParametersColdbootserver Coldbootserver ParametersColdbootserver Runtime Errors Warmbootserver Runtime Errors WarmbootserverWarmbootserver Parameters GetuidstatusUidcontrol Getuidstatus ParametersGetuidstatus Response Uidcontrol Parameters Uidcontrol ErrorsInsertvirtualmedia Insertvirtualmedia ParametersInsertvirtualfloppy Runtime Errors Ejectvirtualmedia Runtime Errors EjectvirtualmediaEjectvirtualmedia Parameters Getvmstatus Parameters Getvmstatus Runtime ErrorsGetvmstatus Getvmstatus Return MessagesSetvmstatus Setvmstatus ParametersSetvmstatus Runtime Errors ILO Parameters ILO Parameters TableGlobal Settings ILO Parameters 333 SNMP/Insight Manager Settings ILO Parameters 335 ILO Status Server Status Parameters Server NameServer ID User Administration Parameters Remote Console Access PasswordAdminister User Accounts Virtual Power and ResetEnable iLO Rbsu Idle Connection Timeout MinutesEnable Lights-Out Functionality Pass-Through ConfigurationShow iLO During Post Require Login for iLO RbsuRemote Console Port Configuration Remote Console Data EncryptionWeb Server SSL Port Terminal Services PortWeb Server Non-SSL Port Virtual Media PortMinimum Password Length Serial Command Line Interface StatusSerial Command Line Interface Speed bits/second Network Settings ParametersTransceiver Speed Autoselect Enable NICShared Network Port SpeedPing Gateway on Startup Registering with Wins ServerRegistering with DNS Server ILO IP AddressDomain Name ILO Gateway IP AddressILO Subsystem Name Dhcp ServerEnable Snmp Pass-Through SNMP/Insight Manager Settings ParametersEnable iLO Snmp Alerts Snmp Alert DestinationsLevel of Data Returned ILO Advanced License Activation SettingsInsight Manager Web Agent URL ILO Advanced Pack License KeyBay Name Rack NameEnclosure Name BayEnable Rack Alert Logging IML Power SourceEnable Automatic Power On Directory Settings ParametersLOM Object Password Enable Directory AuthenticationEnable Local User Accounts Directory Server AddressTesting Directory Settings Click Test SettingsClick Start Test Core Classes Directory Services SchemaHP Management Core Ldap OID Classes and Attributes Core AttributesCore Class Definitions HpqTargetHpqRole HpqPolicyDN Core Attribute DefinitionsHpqPolicy HpqRoleMembershipHpqRoleIPRestrictionDefault HpqTargetMembershipHpqRoleIPRestrictions HpqRoleTimeRestriction Directory Services Schema 357Lights-Out Management Classes Lights-Out Management AttributesLights-Out Management Class Definitions Lights-Out Management Attribute DefinitionsHpqLOMv100 HpqLOMRightLogin HpqLOMRightRemoteConsoleHpqLOMRightVirtualMedia HpqLOMRightServerReset HpqLOMRightLocalUserAdminHpqLOMRightConfigureSettings Page Troubleshooting iLO Minimum RequirementsILO Post LED Indicators Troubleshooting iLO 365 Event Log Entries FEH Code Consistency Check ExplanationTroubleshooting iLO 367 User Guide Integrated Lights-Out Troubleshooting iLO 369 MS-DOS Error Codes Hardware and Software Link-Related IssuesLogin Issues HardwareSoftware Login Name and Password Not Accepted ILO Management Port Not Accessible by NameDirectory User Premature Logout ILO Rbsu Unavailable after iLO and Server Reset Inability to Access the LoginInability to Access iLO Using Telnet Inability to Connect to iLO after Changing Network SettingsInability to Connect to the iLO Diagnostic Port Inability to Connect to the iLO Processor through the NIC Firewall Issues Troubleshooting Alert and Trap Problems Proxy Server IssuesILO Security Override Switch Authentication Code Error MessageTroubleshooting Mouse Problems Local USB Mouse and LinuxMouse Issue Using SuSE Linux Remote Console Mouse Control IssueTroubleshooting Remote Console Problems Emulating a PS/2 Keyboard in a Headless Server EnvironmentLinux Remote Console User Guide Integrated Lights-Out Remote Console Text Window not Updating Properly Initial PuTTY Input Slow Troubleshooting SSH and Telnet ProblemsRemote Console Turns Grey or Black PuTTY Client Unresponsive with Shared Network PortTerminal Services Proxy Stops Responding Troubleshooting Terminal Services ProblemsTerminal Services Button Is Not Working SSH Text Support from a Remote Conosle SessionTelnet Displays Incorrectly in DOS Troubleshooting Video and Monitor ProblemsGeneral Guidelines Video Applications not Displaying in the Remote ConsoleVirtual Drive Listing Troubleshooting Virtual Media ProblemsTroubleshooting Miscellaneous Problems Virtual Media Applet has a Red X and Will Not DisplayCookie Sharing Between Browser Instances and iLO Shared InstancesCookie Order Behavior Troubleshooting iLO 389 Preventing Cookie-Related User Issues Displaying the Current Session CookieDiagnostic Steps Inability to Upgrade iLO FirmwareILO Network Flash Recovery Incorrect Time or Date of the Entries in the Event LogFlash Recovery Process ROMPaq Testing SSL ILO Does Not Respond to SSL RequestsResetting iLO Request New CertificateTroubleshooting a Remote Host Server Name Still Present after Erase Utility is ExecutedTechnical Support HP Contact InformationBefore You Contact HP User Guide Integrated Lights-Out Acronyms and Abbreviations DAV ILO JVM MTU RDP SSL Page Index LAN Index Uidcontrol