Restricting Roles | HP Integrated Lights-Out specs

198 User Guide Integrated Lights-Out

Creating Roles to Follow Organizational Structure

Often, the administrators within an organization are placed into a hierarchy in which subordinate administrators must assign rights independently of ranking administrators. In this case, it is useful to have one role that represents the rights assigned by higher-level administrators and to allow the subordinate administrators to create and manage their own roles.

Restricting Roles

Restrictions allow administrators to limit the scope of a role. A role only grants rights to those users that satisfy the role's restrictions. Using restricted roles results in users with dynamic rights that change based on the time of day or network address of the client.

For step-by-step instructions on how to create network and time restrictions on a role, refer to "Active Directory Role Restrictions (on page 165)" or "eDirectory Role Restrictions (on page 179, "Role Restrictions" on page 178)" sections.

Role Time Restrictions

Administrators can place time restrictions on LOM roles. Users are granted the rights specified for the LOM devices listed in the role, only if they are members of the role and meet the time restrictions for that role.

LOM devices use local host time to enforce time restrictions. If the LOM device clock is not set, the role time restriction fails unless no time restrictions are specified on the role.

Role-based time restrictions can only be satisfied if the time is set on the LOM device. The time is normally set when the host is booted, and it is maintained by running the agents in the host operating system, which allows the LOM device to compensate for leap year and minimize clock drift with respect to the host. Events, such as unexpected power loss or flashing LOM firmware, can cause the LOM device clock to not be set. Also, the host time must be correct for the LOM device to preserve time across firmware flashes.

Image 198

HP Integrated Lights-Out Creating Roles to Follow Organizational Structure, Restricting Roles, Role Time Restrictions

Contents

HP Integrated Lights-Out User Guide Audience Assumptions Contents User Guide Integrated Lights-Out ILO Security 135 Certificate Services 189 Insight Manager 7 Integration 223 Lights-Out DOS Utility 249 Login Modglobalsettings Moddiagport Settings ILO Parameters 331 Contents Technical Support 397 Operational Overview New in This VersionThis Section Usage Model Network Connection Overview Supported Server Operating System Software Supported Browsers Linux Browser Configuration Configuring Linux Font SizePage Configuring iLO ILO Configuration Options ILO Rbsu Browser-Based Setup Installing iLO Device Drivers Scripted Setup Installing or Updating the iLO Drivers for Microsoft Select Software and DriversILO Pre-requisite Files for Microsoft Installing or Updating iLO Drivers for NetWare Novell NetWare Server Driver SupportILO Pre-Requisite Files for NetWare Red Hat Linux and SuSE Linux Server Driver Support ILO Pre-requisite Files for Red Hat and SuSE Linux FilesInstaling or Updating iLO Linux and SuSE Drivers Enabling iLO Advanced Functionality Activating iLO Advanced Features Using a Browser ILO Advanced Evaluation LicenseILO Advanced License Options User Guide Integrated Lights-Out ProLiant BL p-Class Configuration Activating iLO Advanced Using Scripting Static IP Bay Configuration ProLiant BL p-Class User Requirements Configuring a ProLiant BL p-Class Blade Enclosure Configuring Static IP Bay Settings User Guide Integrated Lights-Out ProLiant BL p-Class Standard Configuration Parameters ProLiant BL p-Class Advanced Configuration Parameters Enable iLO IP Address Assignment Ribcl Rackinfo Commands Ribcl Rackinfo Command Examples Getting Static IP Bay Configuration SettingsModifying Static IP Bay Configuration Settings Integration with Riloe II Accessory Boards Using iLO Logging in to iLO for the First Time Logging in to iLO for the First Time Using a Browser Using iLO User Guide Integrated Lights-Out Using iLO Progressive Delays for Failed Browser Login Attempts Help System Status Status SummaryILO Status Server Status ILO Event Log Integrated Management Log Server and iLO Diagnostics Post Diagnostic Results for the Host Server Nvram Environment Variables Listing Virtual NMI Button ILO Self-Test Results Remote Console Remote Console Option Remote Console Information Option Optimizing Performance for Graphical Remote Console Enhanced Features of the Remote ConsoleRecommended Client Settings Display Properties Remote Console Remote Console Linux SettingsRecommended Server Settings Mouse Properties Microsoft Windows NT 4.0 and Windows 2000 Settings Microsoft Windows Server 2003 Settings Red Hat Linux and SuSE Linux Server Settings Novell NetWare SettingsRemote Console Hot Keys Supported Hot Keys Single- and Dual-Cursor Modes for Graphical Remote Console Remote Console Single-Cursor Remote Console Dual-Cursor Virtual Devices Virtual Power Using iLO Virtual Media Operating System USB Support MS-DOS USB USB CD USB CD2 Using iLO Virtual Media Devices ILO Virtual FloppySelect Local Floppy Drive Click Connect Access iLO through a browser Connect Click Create Disk Image ILO Virtual CD-ROM Select Local CD-ROM Drive Using an Image File Virtual Media CD-ROM Operating System Notes Mounting USB Virtual Media CD in NetWare Mount /dev/scd0 /mnt/cdrom -t iso9660 Virtual Media Composite Device Support Select Local Floppy Drive Virtual Media Applet Timeout ILO Virtual Media PrivilegeVirtual Media Scripting Command Line Input Result Scripting Web Server Requirements Virtual Media Image Files CGI Helper Application Virtual Indicators Virtual Serial Port Windows EMS Console Security Information Virtual Serial Port and Linux Administration User AdministrationLinux End-to-End Support Adding a New User Viewing or Modifying an Existing Users Settings Click View/Modify User Global Settings Click Global SettingsDeleting a User User Guide Integrated Lights-Out Network Settings Click Network Settings Using iLO ILO Diagnostic Port Configuration Parameters SNMP/Insight Manager Settings Recovering from a Failed iLO Firmware Update Enabling Snmp Alerts Click Apply Settings Generating Test Alerts Upgrade iLO Firmware Configure Insight Manager Integration Click Send firmware image Certificate Administration Licensing Directory Settings ProLiant BL p-Class Advanced Management User Guide Integrated Lights-Out Rack Settings Power Management Module Server Blade Management Module Redundant Power Management Module ILO Control of ProLiant BL p-Class Server LEDs Keyboard Definitions Insufficient Power NotificationHot-Plug Keyboard Server Post Tracking Hot-Plug Keyboard Troubleshooting Hot-Plug Keyboard Recommended Usage User Guide Integrated Lights-Out Terminal Services Pass-Through Option Terminal Services Client Requirements Windows RDP Pass-Through Service Terminal Services Pass-Through Installation Enabling the Terminal Services Pass-Through Option Windows 2000 Terminal Services Port Change Terminal Services Pass-Through Status Terminal Services Warning Message Remote Console and Terminal Services Clients Terminal Services Button Display Terminal Services Troubleshooting ComputerPropertiesRemoteRemote DesktopManagerMultifunction Adapters HP ProLiant Essentials Rapid Deployment Pack Integration Telnet SupportViewerApplication Using Telnet Telnet Simple Command Set Supported Key Sequences Telnet Security ILO VT100+ Key Map Altk Altlowerj VT100+ Codes for the F-Keys Linux Codes for the F-Keys Using Secure Shell Using SSHSecure Shell ILO Supported SSH Features Using OpenSSHUsing PuTTY ILO Shared Network Port ILO Shared Network Port Requirements ILO Shared Management Port Features and Restrictions Enabling the iLO Shared Network Port Feature Select AdministrationNetwork Settings Re-enabling the Dedicated iLO Management Port Command Line Interface Select NetworkNICTCP/IP, and press the Enter key CLI Commands EscapeHelp Power Remcons Vsp ExitPage Security Features ILO SecurityGeneral Security Guidelines ILO Security Override Switch Administration Encryption User Accounts Login Security Privileges Password Guidelines Global Security Settings Certificates Securing Rbsu Page Directory Services Benefits of Directory Integration Features Supported by Directory Integration Installing Directory Services Schema Documentation Directory Services Support EDirectory Installation Prerequisites Schema Required Software Schema Installer Schema Preview Setup Directory Services 151 Management Snap-In Installer Results Directory Services for Active Directory Active Directory Installation Prerequisites Directory Services Preparation for Active Directory Start MMC Install the Active Directory Schema snap-in in MMC Snap-In Installation and Initialization for Active Directory Directory Services 157 User Guide Integrated Lights-Out Directory Services 159 User Guide Integrated Lights-Out Directory Services 161 Directory Services Objects Active Directory Snap-Ins HP Devices Members Active Directory Role Restrictions User Guide Integrated Lights-Out Time Restrictions Enforced Client IP Address or DNS Name Access Remove Active Directory Lights-Out Management Directory Services for eDirectory Snap-in Installation and Initialization for eDirectory User Guide Integrated Lights-Out Directory Services 173 Apply Directory Services 175 Directory Services Objects for eDirectory Role Managed Devices Role Restrictions EDirectory Role Restrictions Time Restrictions Delete Lights-Out Management Directory Services 183 Configuring Directory Settings Directory Services 185 Directory Tests User Login Using Directory Services User Guide Integrated Lights-Out Certificate Services Introduction to Certificate ServicesInstalling Certificate Services Verifying Directory Services Configuring Automatic Certificate Request Certificate Services 191 Page Directory-Enabled Remote Management Introduction to Directory-Enabled Remote Management Using Bulk Import Tools Using Existing Groups Using Multiple Roles AdminUserAdminRole Server UserRole Creating Roles to Follow Organizational Structure Restricting RolesRole Time Restrictions IP Address Range Restrictions IP Address and Subnet Mask RestrictionsDNS-Based Restrictions How Directory Login Restrictions are Enforced Role Address Restrictions How User Time Restrictions are Enforced User Address Restrictions Creating Multiple Restrictions and Roles Directory-Enabled Remote Management 203 User Guide Integrated Lights-Out Lights-Out Directories Migration Utilities Introduction to Lights-Out Migration Utilities Pre-Migration Checklist Compatibility HP Lights-Out Directory Package Hpqlomig Operation Finding Management Processors Lights-Out Directories Migration Utilities 209 Enter your Login NamePassword and click Find Upgrading Firmware on Management Processors Lights-Out Directories Migration Utilities 211 Select either Use Network Address or Create Name Using Index Naming Management Processors Configuring Directories Click Update Directory Browse Setting Up Management Processors for Directories Click Configure Hpqlomgc Operation Management processor directory settings are updated Launching Hpqlomgc Using Application LaunchFirmware version is validated and updated if necessary Directory is updated Lights-Out Directories Migration Utilities 219 Hpqlomgc Command Language Iloconfig Page Insight Manager 7 Integration Integrating iLO with Insight Manager Functional Overview Identification and Association Status QueriesLinks Configuring Identification of iLO Receiving Snmp Alerts in Insight Manager Insight Manager 7 Integration 227 Port Matching Insight Manager 7 Integration 229 User Guide Integrated Lights-Out ProLiant BL p-Class Rack Visualization User Guide Integrated Lights-Out Systems Insight Manager Integration Integrating iLO with Systems Insight Manager Systems Insight Manager Functional Overview System Insight Manager Identification and Association System Insight Manager Status Configuring System Insight Manager Identification of iLO System Insight Manager LinksSystem Insight Manager Systems Lists Receiving Snmp Alerts in Systems Insight Manager System Insight Manager Port Matching Systems Insight Manager Integration 239 Page Group Administration and iLO Scripting Lights-Out Configuration Utility \PROGRAM FILES\INSIGHT MANAGER\HP\SYTEMS Query Definition in Insight Manager Select Management Processor and click OK Application Launch Using Insight Manager Create a Custom Command Click ToolsCustom CommandsNew Custom CommandCreate a Customized List Create a Task Click either Schedule or Run Now Batch Processing Using the Lights-Out Configuration Utility Lights-Out Configuration Utility Parameters Cpqlocfg Lights-Out DOS Utility Overview of the Lights-Out DOS Utility Command Line Arguments Cpqlodos Recommended UsageCpqlodos General Guidelines Lights-Out DOS Utility 251 Ribcl XML Commands for Cpqlodos Cpqlodos Runtime ErrorCpqlodos Parameter Adduser Runtime Errors Adduser Parameters Setlicense Runtime Errors Setlicense Parameter Using Perl with the XML Scripting Interface Perl ScriptingXML Enhancements XML script modification Opening an SSL Connection Sending the XML Header and Script Body Perl Scripting 259 User Guide Integrated Lights-Out Hponcfg Online Configuration Utility HponcfgHponcfg Supported Operating Systems Hponcfg Installation and Usage Hponcfg Requirements Windows Server Installation Linux Server Installation Hponcfg Command Line Parameters Using Hponcfg Obtaining an Entire Configuration Hponcfg Usage Model Creating a User Account Sample adduser.xml input file Hponcfg Online Configuration Utility Page Remote Insight Command Language Overview of the Remote Insight Board Command Language Ribcl and ProLiant BL p-Class Servers Ribcl Sample Scripts Ribcl General Guidelines XML HeaderData Types Specific String Response DefinitionsString Boolean String Ribcl Runtime Errors RibclRibcl Parameter Login Login ParametersLogin Runtime Errors Userinfo Runtime Error UserinfoUserinfo Parameter Adduser Adduser Parameters Remote Insight Command Language Adduser Runtime Errors Deleteuser Runtime Errors DeleteuserDeleteuser Parameter Getuser Runtime Errors GetuserGetuser Parameter Moduser Getuser Return Messages Moduser Parameters Moduser Runtime Errors Getallusers Parameters Getallusers Runtime ErrorGetallusers Getallusers Return Messages Getalluserinfo Runtime Errors GetalluserinfoGetalluserinfo Parameters Ribinfo Getalluserinfo Return Messages Resetrib Parameters ResetribRibinfo Runtime Errors Resetrib Runtime Errors Getnetworksettings Runtime Errors GetnetworksettingsGetnetworksettings Parameters Getnetworksettings Return Messages Modnetworksettings Dhcpwinsserver VALUE=Y Regwinsserver VALUE=Y Modnetworksettings /RIBINFO Login Ribcl Modnetworksettings Parameters User Guide Integrated Lights-Out Getglobalsettings Modnetworksettings Runtime ErrorsGetglobalsettings Parameters Modglobalsettings Getglobalsettings Runtime ErrorsGetglobalsettings Return Messages Modglobalsettings Parameters User Guide Integrated Lights-Out Remote Insight Command Language Getsnmpimsettings Parameters GetsnmpimsettingsModglobalsettings Runtime Errors Getsnmpimsettings Runtime Errors Modsnmpimsettings Modsnmpimsettings Parameters Modsnmpimsettings Runtime Errors Cleareventlog Runtime Errors CleareventlogCleareventlog Parameters Updateribfirmware Updateribfirmware ParametersUpdateribfirmware Runtime Errors Getfwversion Parameters Getfwversion Runtime ErrorsGetfwversion Getfwversion Return Messages Hotkeyconfig Hotkeyconfig Parameters Hotkeyconfig Runtime Errors License License Runtime Errors License Parameters Dirinfo GetdirconfigDirinfo Runtime Errors Dirinfo Parameters Getdirconfig Parameters Getdirconfig Runtime ErrorsGetdirconfig Return Messages Moddirconfig Moddirconfig Parameters Moddirconfig Runtime Errors Rackinfo Rackinfo Runtime Errors ModbladerackRackinfo Parameters Modbladerack Parameters Getdiagportsettings Parameters GetdiagportsettingsModbladerack Runtime Errors Getdiagportsettings Runtime Errors Moddiagportsettings Getdiagportsettings Return MessagesModdiagportsettings Parameters Moddiagportsettings Runtime Errors Gettopology Serverinfo Gettopology ParametersGettopology Return Message Gethostpowerstatus Serverinfo Runtime ErrorsServerinfo Parameter Gethostpowerstatus Runtime Errors SethostpowerGethostpowerstatus Parameters Gethostpowerstatus Return Messages Resetserver Sethostpower ParametersSethostpower Runtime Errors Presspwrbtn Resetserver ParametersResetserver Errors Presspwrbtn Parameters Holdpwrbtn Presspwrbtn Runtime ErrorsHoldpwrbtn Runtime Errors Holdpwrbtn Parameters Coldbootserver Coldbootserver ParametersColdbootserver Runtime Errors Warmbootserver Runtime Errors WarmbootserverWarmbootserver Parameters Getuidstatus Uidcontrol Getuidstatus ParametersGetuidstatus Response Uidcontrol Parameters Uidcontrol ErrorsInsertvirtualmedia Insertvirtualmedia Parameters Insertvirtualfloppy Runtime Errors Ejectvirtualmedia Runtime Errors EjectvirtualmediaEjectvirtualmedia Parameters Getvmstatus Parameters Getvmstatus Runtime ErrorsGetvmstatus Getvmstatus Return Messages Setvmstatus Setvmstatus Parameters Setvmstatus Runtime Errors ILO Parameters ILO Parameters Table Global Settings ILO Parameters 333 SNMP/Insight Manager Settings ILO Parameters 335 ILO Status Server Status Parameters Server NameServer ID User Administration Parameters Remote Console Access PasswordAdminister User Accounts Virtual Power and Reset Enable iLO Rbsu Idle Connection Timeout MinutesEnable Lights-Out Functionality Pass-Through Configuration Show iLO During Post Require Login for iLO RbsuRemote Console Port Configuration Remote Console Data Encryption Web Server SSL Port Terminal Services PortWeb Server Non-SSL Port Virtual Media Port Minimum Password Length Serial Command Line Interface StatusSerial Command Line Interface Speed bits/second Network Settings Parameters Transceiver Speed Autoselect Enable NICShared Network Port Speed Ping Gateway on Startup Registering with Wins ServerRegistering with DNS Server ILO IP Address Domain Name ILO Gateway IP AddressILO Subsystem Name Dhcp Server Enable Snmp Pass-Through SNMP/Insight Manager Settings ParametersEnable iLO Snmp Alerts Snmp Alert Destinations Level of Data Returned ILO Advanced License Activation SettingsInsight Manager Web Agent URL ILO Advanced Pack License Key Bay Name Rack NameEnclosure Name Bay Enable Rack Alert Logging IML Power SourceEnable Automatic Power On Directory Settings Parameters LOM Object Password Enable Directory AuthenticationEnable Local User Accounts Directory Server Address Testing Directory Settings Click Test SettingsClick Start Test Core Classes Directory Services SchemaHP Management Core Ldap OID Classes and Attributes Core Attributes Core Class Definitions HpqTargetHpqRole HpqPolicyDN Core Attribute DefinitionsHpqPolicy HpqRoleMembership HpqRoleIPRestrictionDefault HpqTargetMembershipHpqRoleIPRestrictions HpqRoleTimeRestriction Directory Services Schema 357 Lights-Out Management Classes Lights-Out Management Attributes Lights-Out Management Class Definitions Lights-Out Management Attribute DefinitionsHpqLOMv100 HpqLOMRightLogin HpqLOMRightRemoteConsoleHpqLOMRightVirtualMedia HpqLOMRightServerReset HpqLOMRightLocalUserAdminHpqLOMRightConfigureSettings Page Troubleshooting iLO Minimum Requirements ILO Post LED Indicators Troubleshooting iLO 365 Event Log Entries FEH Code Consistency Check Explanation Troubleshooting iLO 367 User Guide Integrated Lights-Out Troubleshooting iLO 369 MS-DOS Error Codes Hardware and Software Link-Related Issues Login Issues HardwareSoftware Login Name and Password Not Accepted ILO Management Port Not Accessible by NameDirectory User Premature Logout ILO Rbsu Unavailable after iLO and Server Reset Inability to Access the Login Inability to Access iLO Using Telnet Inability to Connect to iLO after Changing Network SettingsInability to Connect to the iLO Diagnostic Port Inability to Connect to the iLO Processor through the NIC Firewall Issues Troubleshooting Alert and Trap Problems Proxy Server Issues ILO Security Override Switch Authentication Code Error Message Troubleshooting Mouse Problems Local USB Mouse and Linux Mouse Issue Using SuSE Linux Remote Console Mouse Control Issue Troubleshooting Remote Console Problems Emulating a PS/2 Keyboard in a Headless Server EnvironmentLinux Remote Console User Guide Integrated Lights-Out Remote Console Text Window not Updating Properly Initial PuTTY Input Slow Troubleshooting SSH and Telnet ProblemsRemote Console Turns Grey or Black PuTTY Client Unresponsive with Shared Network Port Terminal Services Proxy Stops Responding Troubleshooting Terminal Services ProblemsTerminal Services Button Is Not Working SSH Text Support from a Remote Conosle Session Telnet Displays Incorrectly in DOS Troubleshooting Video and Monitor ProblemsGeneral Guidelines Video Applications not Displaying in the Remote Console Virtual Drive Listing Troubleshooting Virtual Media ProblemsTroubleshooting Miscellaneous Problems Virtual Media Applet has a Red X and Will Not Display Cookie Sharing Between Browser Instances and iLO Shared InstancesCookie Order Behavior Troubleshooting iLO 389 Preventing Cookie-Related User Issues Displaying the Current Session Cookie Diagnostic Steps Inability to Upgrade iLO FirmwareILO Network Flash Recovery Incorrect Time or Date of the Entries in the Event Log Flash Recovery Process ROMPaq Testing SSL ILO Does Not Respond to SSL Requests Resetting iLO Request New Certificate Troubleshooting a Remote Host Server Name Still Present after Erase Utility is Executed Technical Support HP Contact InformationBefore You Contact HP User Guide Integrated Lights-Out Acronyms and Abbreviations DAV ILO JVM MTU RDP SSL Page Index LAN Index Uidcontrol