Role Address Restrictions | HP Integrated Lights-Out manual

200 User Guide Integrated Lights-Out

Using DNS-based restrictions can create some security complications. Name service protocols are insecure. Any individual with malicious intent and access to the network can place a rogue DNS service on the network creating fake address restriction criteria. Organizational security policies should be taken into consideration when implementing DNS-based address restrictions.

Role Address Restrictions

Role address restrictions are enforced by the LOM firmware, based on the client's IP network address. When the address restrictions are met for a role, the rights granted by the role apply.

Address restrictions can be difficult to manage if access is attempted across firewalls or through network proxies. Either of these mechanisms can change the apparent network address of the client, causing the address restrictions to be enforced in an unexpected manner.

How Directory Login Restrictions are Enforced

Two sets of restrictions potentially limit a directory user's access to LOM devices. User access restrictions limit a user's access to authenticate to the directory. Role access restrictions limit an authenticated user's ability to receive LOM privileges based on rights specified in one or more Roles.

User restrictions must be met to authenticate to the directory.

And

Enforced by the directory server.

Role restrictions must be met to receive rights granted by 1 or more roles.

Enforced by LOM.

	User	Client	Directory	LOM
		Workstation	Server

11	12 1	11	12 1	11	12 1	1112		1
10	2	10	2	10	2	10		2
9	3	9	3	9	3	9		3
8 7	6 5 4	8 7	6 5 4	8 7	6 5 4	8 7	6	5 4
			User access			Role access
			restrictions			restrictions

Image 200

HP Integrated Lights-Out manual How Directory Login Restrictions are Enforced, Role Address Restrictions

Contents

HP Integrated Lights-Out User Guide Audience Assumptions Contents User Guide Integrated Lights-Out ILO Security 135 Certificate Services 189 Insight Manager 7 Integration 223 Lights-Out DOS Utility 249 Login Modglobalsettings Moddiagport Settings ILO Parameters 331 Contents Technical Support 397 This Section Operational OverviewNew in This Version Usage Model Network Connection Overview Supported Server Operating System Software Supported Browsers Linux Browser Configuration Configuring Linux Font SizePage Configuring iLO ILO Configuration Options ILO Rbsu Browser-Based Setup Installing iLO Device Drivers Scripted Setup ILO Pre-requisite Files for Microsoft Installing or Updating the iLO Drivers for MicrosoftSelect Software and Drivers ILO Pre-Requisite Files for NetWare Installing or Updating iLO Drivers for NetWareNovell NetWare Server Driver Support Instaling or Updating iLO Linux and SuSE Drivers Red Hat Linux and SuSE Linux Server Driver SupportILO Pre-requisite Files for Red Hat and SuSE Linux Files Enabling iLO Advanced Functionality ILO Advanced License Options Activating iLO Advanced Features Using a BrowserILO Advanced Evaluation License User Guide Integrated Lights-Out ProLiant BL p-Class Configuration Activating iLO Advanced Using Scripting Static IP Bay Configuration ProLiant BL p-Class User Requirements Configuring a ProLiant BL p-Class Blade Enclosure Configuring Static IP Bay Settings User Guide Integrated Lights-Out ProLiant BL p-Class Standard Configuration Parameters ProLiant BL p-Class Advanced Configuration Parameters Enable iLO IP Address Assignment Ribcl Rackinfo Commands Modifying Static IP Bay Configuration Settings Ribcl Rackinfo Command ExamplesGetting Static IP Bay Configuration Settings Integration with Riloe II Accessory Boards Using iLO Logging in to iLO for the First Time Logging in to iLO for the First Time Using a Browser Using iLO User Guide Integrated Lights-Out Using iLO Progressive Delays for Failed Browser Login Attempts Help ILO Status System StatusStatus Summary Server Status ILO Event Log Integrated Management Log Server and iLO Diagnostics Post Diagnostic Results for the Host Server Nvram Environment Variables Listing Virtual NMI Button ILO Self-Test Results Remote Console Remote Console Option Remote Console Information Option Enhanced Features of the Remote Console Recommended Client SettingsOptimizing Performance for Graphical Remote Console Display Properties Remote Console Linux Settings Recommended Server SettingsRemote Console Mouse Properties Microsoft Windows NT 4.0 and Windows 2000 Settings Microsoft Windows Server 2003 Settings Remote Console Hot Keys Red Hat Linux and SuSE Linux Server SettingsNovell NetWare Settings Supported Hot Keys Single- and Dual-Cursor Modes for Graphical Remote Console Remote Console Single-Cursor Remote Console Dual-Cursor Virtual Devices Virtual Power Using iLO Virtual Media Operating System USB Support MS-DOS USB USB CD USB CD2 Select Local Floppy Drive Using iLO Virtual Media DevicesILO Virtual Floppy Click Connect Access iLO through a browser Connect Click Create Disk Image ILO Virtual CD-ROM Select Local CD-ROM Drive Using an Image File Virtual Media CD-ROM Operating System Notes Mounting USB Virtual Media CD in NetWare Mount /dev/scd0 /mnt/cdrom -t iso9660 Virtual Media Composite Device Support Select Local Floppy Drive Virtual Media Scripting Virtual Media Applet TimeoutILO Virtual Media Privilege Command Line Input Result Scripting Web Server Requirements Virtual Media Image Files CGI Helper Application Virtual Indicators Virtual Serial Port Windows EMS Console Security Information Virtual Serial Port and Linux Linux End-to-End Support AdministrationUser Administration Adding a New User Viewing or Modifying an Existing Users Settings Click View/Modify User Deleting a User Global SettingsClick Global Settings User Guide Integrated Lights-Out Network Settings Click Network Settings Using iLO ILO Diagnostic Port Configuration Parameters SNMP/Insight Manager Settings Recovering from a Failed iLO Firmware Update Enabling Snmp Alerts Click Apply Settings Generating Test Alerts Upgrade iLO Firmware Configure Insight Manager Integration Click Send firmware image Certificate Administration Licensing Directory Settings ProLiant BL p-Class Advanced Management User Guide Integrated Lights-Out Rack Settings Power Management Module Server Blade Management Module Redundant Power Management Module ILO Control of ProLiant BL p-Class Server LEDs Insufficient Power Notification Hot-Plug KeyboardKeyboard Definitions Server Post Tracking Hot-Plug Keyboard Troubleshooting Hot-Plug Keyboard Recommended Usage User Guide Integrated Lights-Out Terminal Services Pass-Through Option Terminal Services Client Requirements Windows RDP Pass-Through Service Terminal Services Pass-Through Installation Enabling the Terminal Services Pass-Through Option Windows 2000 Terminal Services Port Change Terminal Services Pass-Through Status Terminal Services Warning Message Remote Console and Terminal Services Clients Terminal Services Button Display ManagerMultifunction Adapters Terminal Services TroubleshootingComputerPropertiesRemoteRemote Desktop ViewerApplication HP ProLiant Essentials Rapid Deployment Pack IntegrationTelnet Support Using Telnet Telnet Simple Command Set Supported Key Sequences Telnet Security ILO VT100+ Key Map Altk Altlowerj VT100+ Codes for the F-Keys Linux Codes for the F-Keys Secure Shell Using Secure ShellUsing SSH Using PuTTY ILO Supported SSH FeaturesUsing OpenSSH ILO Shared Network Port ILO Shared Network Port Requirements ILO Shared Management Port Features and Restrictions Enabling the iLO Shared Network Port Feature Select AdministrationNetwork Settings Re-enabling the Dedicated iLO Management Port Command Line Interface Select NetworkNICTCP/IP, and press the Enter key Help CLI CommandsEscape Power Remcons Vsp ExitPage General Security Guidelines Security FeaturesILO Security ILO Security Override Switch Administration Encryption User Accounts Login Security Privileges Password Guidelines Global Security Settings Certificates Securing Rbsu Page Directory Services Benefits of Directory Integration Features Supported by Directory Integration Installing Directory Services Schema Documentation Directory Services Support EDirectory Installation Prerequisites Schema Required Software Schema Installer Schema Preview Setup Directory Services 151 Management Snap-In Installer Results Directory Services for Active Directory Active Directory Installation Prerequisites Directory Services Preparation for Active Directory Start MMC Install the Active Directory Schema snap-in in MMC Snap-In Installation and Initialization for Active Directory Directory Services 157 User Guide Integrated Lights-Out Directory Services 159 User Guide Integrated Lights-Out Directory Services 161 Directory Services Objects Active Directory Snap-Ins HP Devices Members Active Directory Role Restrictions User Guide Integrated Lights-Out Time Restrictions Enforced Client IP Address or DNS Name Access Remove Active Directory Lights-Out Management Directory Services for eDirectory Snap-in Installation and Initialization for eDirectory User Guide Integrated Lights-Out Directory Services 173 Apply Directory Services 175 Directory Services Objects for eDirectory Role Managed Devices Role Restrictions EDirectory Role Restrictions Time Restrictions Delete Lights-Out Management Directory Services 183 Configuring Directory Settings Directory Services 185 Directory Tests User Login Using Directory Services User Guide Integrated Lights-Out Installing Certificate Services Certificate ServicesIntroduction to Certificate Services Verifying Directory Services Configuring Automatic Certificate Request Certificate Services 191 Page Directory-Enabled Remote Management Introduction to Directory-Enabled Remote Management Using Bulk Import Tools Using Existing Groups Using Multiple Roles AdminUserAdminRole Server UserRole Role Time Restrictions Creating Roles to Follow Organizational StructureRestricting Roles DNS-Based Restrictions IP Address Range RestrictionsIP Address and Subnet Mask Restrictions How Directory Login Restrictions are Enforced Role Address Restrictions How User Time Restrictions are Enforced User Address Restrictions Creating Multiple Restrictions and Roles Directory-Enabled Remote Management 203 User Guide Integrated Lights-Out Lights-Out Directories Migration Utilities Introduction to Lights-Out Migration Utilities Pre-Migration Checklist Compatibility HP Lights-Out Directory Package Hpqlomig Operation Finding Management Processors Lights-Out Directories Migration Utilities 209 Enter your Login NamePassword and click Find Upgrading Firmware on Management Processors Lights-Out Directories Migration Utilities 211 Select either Use Network Address or Create Name Using Index Naming Management Processors Configuring Directories Click Update Directory Browse Setting Up Management Processors for Directories Click Configure Hpqlomgc Operation Launching Hpqlomgc Using Application Launch Firmware version is validated and updated if necessaryManagement processor directory settings are updated Directory is updated Lights-Out Directories Migration Utilities 219 Hpqlomgc Command Language Iloconfig Page Insight Manager 7 Integration Integrating iLO with Insight Manager Functional Overview Identification and Association Links StatusQueries Configuring Identification of iLO Receiving Snmp Alerts in Insight Manager Insight Manager 7 Integration 227 Port Matching Insight Manager 7 Integration 229 User Guide Integrated Lights-Out ProLiant BL p-Class Rack Visualization User Guide Integrated Lights-Out Systems Insight Manager Integration Integrating iLO with Systems Insight Manager Systems Insight Manager Functional Overview System Insight Manager Identification and Association System Insight Manager Status System Insight Manager Systems Lists Configuring System Insight Manager Identification of iLOSystem Insight Manager Links Receiving Snmp Alerts in Systems Insight Manager System Insight Manager Port Matching Systems Insight Manager Integration 239 Page Group Administration and iLO Scripting Lights-Out Configuration Utility \PROGRAM FILES\INSIGHT MANAGER\HP\SYTEMS Query Definition in Insight Manager Select Management Processor and click OK Application Launch Using Insight Manager Create a Customized List Create a Custom CommandClick ToolsCustom CommandsNew Custom Command Create a Task Click either Schedule or Run Now Batch Processing Using the Lights-Out Configuration Utility Lights-Out Configuration Utility Parameters Cpqlocfg Lights-Out DOS Utility Overview of the Lights-Out DOS Utility Cpqlodos General Guidelines Command Line ArgumentsCpqlodos Recommended Usage Lights-Out DOS Utility 251 Cpqlodos Parameter Ribcl XML Commands for CpqlodosCpqlodos Runtime Error Adduser Runtime Errors Adduser Parameters Setlicense Runtime Errors Setlicense Parameter XML Enhancements Using Perl with the XML Scripting InterfacePerl Scripting XML script modification Opening an SSL Connection Sending the XML Header and Script Body Perl Scripting 259 User Guide Integrated Lights-Out Hponcfg Supported Operating Systems Hponcfg Online Configuration UtilityHponcfg Hponcfg Installation and Usage Hponcfg Requirements Windows Server Installation Linux Server Installation Hponcfg Command Line Parameters Using Hponcfg Obtaining an Entire Configuration Hponcfg Usage Model Creating a User Account Sample adduser.xml input file Hponcfg Online Configuration Utility Page Remote Insight Command Language Overview of the Remote Insight Board Command Language Ribcl and ProLiant BL p-Class Servers Data Types Ribcl Sample Scripts Ribcl General GuidelinesXML Header Response Definitions StringSpecific String Boolean String Ribcl Parameter Ribcl Runtime ErrorsRibcl Login Runtime Errors LoginLogin Parameters Userinfo Parameter Userinfo Runtime ErrorUserinfo Adduser Adduser Parameters Remote Insight Command Language Adduser Runtime Errors Deleteuser Parameter Deleteuser Runtime ErrorsDeleteuser Getuser Parameter Getuser Runtime ErrorsGetuser Moduser Getuser Return Messages Moduser Parameters Moduser Runtime Errors Getallusers Runtime Error GetallusersGetallusers Parameters Getallusers Return Messages Getalluserinfo Parameters Getalluserinfo Runtime ErrorsGetalluserinfo Ribinfo Getalluserinfo Return Messages Resetrib Ribinfo Runtime ErrorsResetrib Parameters Resetrib Runtime Errors Getnetworksettings Getnetworksettings ParametersGetnetworksettings Runtime Errors Getnetworksettings Return Messages Modnetworksettings Dhcpwinsserver VALUE=Y Regwinsserver VALUE=Y Modnetworksettings /RIBINFO Login Ribcl Modnetworksettings Parameters User Guide Integrated Lights-Out Getglobalsettings Parameters GetglobalsettingsModnetworksettings Runtime Errors Getglobalsettings Return Messages ModglobalsettingsGetglobalsettings Runtime Errors Modglobalsettings Parameters User Guide Integrated Lights-Out Remote Insight Command Language Getsnmpimsettings Modglobalsettings Runtime ErrorsGetsnmpimsettings Parameters Getsnmpimsettings Runtime Errors Modsnmpimsettings Modsnmpimsettings Parameters Modsnmpimsettings Runtime Errors Cleareventlog Parameters Cleareventlog Runtime ErrorsCleareventlog Updateribfirmware Runtime Errors UpdateribfirmwareUpdateribfirmware Parameters Getfwversion Runtime Errors GetfwversionGetfwversion Parameters Getfwversion Return Messages Hotkeyconfig Hotkeyconfig Parameters Hotkeyconfig Runtime Errors License License Runtime Errors License Parameters Getdirconfig Dirinfo Runtime ErrorsDirinfo Dirinfo Parameters Getdirconfig Return Messages Getdirconfig ParametersGetdirconfig Runtime Errors Moddirconfig Moddirconfig Parameters Moddirconfig Runtime Errors Rackinfo Rackinfo Parameters Rackinfo Runtime ErrorsModbladerack Modbladerack Parameters Getdiagportsettings Modbladerack Runtime ErrorsGetdiagportsettings Parameters Getdiagportsettings Runtime Errors Moddiagportsettings Parameters ModdiagportsettingsGetdiagportsettings Return Messages Moddiagportsettings Runtime Errors Gettopology Gettopology Return Message ServerinfoGettopology Parameters Serverinfo Parameter GethostpowerstatusServerinfo Runtime Errors Sethostpower Gethostpowerstatus ParametersGethostpowerstatus Runtime Errors Gethostpowerstatus Return Messages Sethostpower Runtime Errors ResetserverSethostpower Parameters Resetserver Parameters Resetserver ErrorsPresspwrbtn Presspwrbtn Parameters Presspwrbtn Runtime Errors Holdpwrbtn Runtime ErrorsHoldpwrbtn Holdpwrbtn Parameters Coldbootserver Runtime Errors ColdbootserverColdbootserver Parameters Warmbootserver Warmbootserver ParametersWarmbootserver Runtime Errors Getuidstatus Getuidstatus Response UidcontrolGetuidstatus Parameters Uidcontrol Errors InsertvirtualmediaUidcontrol Parameters Insertvirtualmedia Parameters Insertvirtualfloppy Runtime Errors Ejectvirtualmedia Parameters Ejectvirtualmedia Runtime ErrorsEjectvirtualmedia Getvmstatus Runtime Errors GetvmstatusGetvmstatus Parameters Getvmstatus Return Messages Setvmstatus Setvmstatus Parameters Setvmstatus Runtime Errors ILO Parameters ILO Parameters Table Global Settings ILO Parameters 333 SNMP/Insight Manager Settings ILO Parameters 335 ILO Status Server ID Server Status ParametersServer Name User Administration Parameters Password Administer User AccountsRemote Console Access Virtual Power and Reset Idle Connection Timeout Minutes Enable Lights-Out FunctionalityEnable iLO Rbsu Pass-Through Configuration Require Login for iLO Rbsu Remote Console Port ConfigurationShow iLO During Post Remote Console Data Encryption Terminal Services Port Web Server Non-SSL PortWeb Server SSL Port Virtual Media Port Serial Command Line Interface Status Serial Command Line Interface Speed bits/secondMinimum Password Length Network Settings Parameters Enable NIC Shared Network PortTransceiver Speed Autoselect Speed Registering with Wins Server Registering with DNS ServerPing Gateway on Startup ILO IP Address ILO Gateway IP Address ILO Subsystem NameDomain Name Dhcp Server SNMP/Insight Manager Settings Parameters Enable iLO Snmp AlertsEnable Snmp Pass-Through Snmp Alert Destinations ILO Advanced License Activation Settings Insight Manager Web Agent URLLevel of Data Returned ILO Advanced Pack License Key Rack Name Enclosure NameBay Name Bay Power Source Enable Automatic Power OnEnable Rack Alert Logging IML Directory Settings Parameters Enable Directory Authentication Enable Local User AccountsLOM Object Password Directory Server Address Click Start Test Testing Directory SettingsClick Test Settings Directory Services Schema HP Management Core Ldap OID Classes and AttributesCore Classes Core Attributes HpqRole Core Class DefinitionsHpqTarget Core Attribute Definitions HpqPolicyHpqPolicyDN HpqRoleMembership HpqRoleIPRestrictions HpqRoleIPRestrictionDefaultHpqTargetMembership HpqRoleTimeRestriction Directory Services Schema 357 Lights-Out Management Classes Lights-Out Management Attributes HpqLOMv100 Lights-Out Management Class DefinitionsLights-Out Management Attribute Definitions HpqLOMRightVirtualMedia HpqLOMRightLoginHpqLOMRightRemoteConsole HpqLOMRightConfigureSettings HpqLOMRightServerResetHpqLOMRightLocalUserAdmin Page Troubleshooting iLO Minimum Requirements ILO Post LED Indicators Troubleshooting iLO 365 Event Log Entries FEH Code Consistency Check Explanation Troubleshooting iLO 367 User Guide Integrated Lights-Out Troubleshooting iLO 369 MS-DOS Error Codes Hardware and Software Link-Related Issues Software Login IssuesHardware Directory User Premature Logout Login Name and Password Not AcceptedILO Management Port Not Accessible by Name ILO Rbsu Unavailable after iLO and Server Reset Inability to Access the Login Inability to Connect to the iLO Diagnostic Port Inability to Access iLO Using TelnetInability to Connect to iLO after Changing Network Settings Inability to Connect to the iLO Processor through the NIC Firewall Issues Troubleshooting Alert and Trap Problems Proxy Server Issues ILO Security Override Switch Authentication Code Error Message Troubleshooting Mouse Problems Local USB Mouse and Linux Mouse Issue Using SuSE Linux Remote Console Mouse Control Issue Linux Remote Console Troubleshooting Remote Console ProblemsEmulating a PS/2 Keyboard in a Headless Server Environment User Guide Integrated Lights-Out Remote Console Text Window not Updating Properly Troubleshooting SSH and Telnet Problems Remote Console Turns Grey or BlackInitial PuTTY Input Slow PuTTY Client Unresponsive with Shared Network Port Troubleshooting Terminal Services Problems Terminal Services Button Is Not WorkingTerminal Services Proxy Stops Responding SSH Text Support from a Remote Conosle Session Troubleshooting Video and Monitor Problems General GuidelinesTelnet Displays Incorrectly in DOS Video Applications not Displaying in the Remote Console Troubleshooting Virtual Media Problems Troubleshooting Miscellaneous ProblemsVirtual Drive Listing Virtual Media Applet has a Red X and Will Not Display Cookie Order Behavior Cookie Sharing Between Browser Instances and iLOShared Instances Troubleshooting iLO 389 Preventing Cookie-Related User Issues Displaying the Current Session Cookie Inability to Upgrade iLO Firmware ILO Network Flash RecoveryDiagnostic Steps Incorrect Time or Date of the Entries in the Event Log Flash Recovery Process ROMPaq Testing SSL ILO Does Not Respond to SSL Requests Resetting iLO Request New Certificate Troubleshooting a Remote Host Server Name Still Present after Erase Utility is Executed Before You Contact HP Technical SupportHP Contact Information User Guide Integrated Lights-Out Acronyms and Abbreviations DAV ILO JVM MTU RDP SSL Page Index LAN Index Uidcontrol