Re: LDAP/ActiveDirectory on RMM4

IRuet · ‎02-07-2019

Hi

I can't bring the RMM4 module together with the MS AD via LDAP. We like to authenticate the users via LDAP for the RMM4 module.

Is there anybody with a success story and how?

Ivo

Jeremias_A_Intel · ‎02-07-2019

Hello Ivo, Thank you for contacting Intel Technical Support. I understand that you are looking to configure the Intel(R) Remote Management Module 4 with Microsoft Active Directory via LDAP. In an effort to better assist you, can you please confirm the following: - What is the configuration you have tried to set up the LDAP? - What is the error message you are getting during the configuration? - Have you tried configuring the LDAP using the Integrated BMC Console? Looking forward to your comments. If you have any question please let me know. Best regards, Jeremiah A. Technical Support Representative, Server Specialist, Server Products Support Under contract to Intel

IRuet · ‎02-07-2019

Hi Jeremiah

I use the Integrated BMC Console via web browser to configure the LDAP service.

http://rmm4IP/
Login using an admin account
Configuration --> LDAP
- Enable LDAP Authentication
- Port: 389
- IP Adress: 10.0.0.4 (IP of MS AD DC)
- Searchbase: OU=Users,OU=ORA,OU=Nuts,DC=nuts,DC=gray,DC=ch
- Bind DN: CN=OPS0016,OU=Users,OU=ORA,OU=Nuts,DC=nuts,DC=gray,DC=ch
Save

If I try to login i got "Login failed. Please try again."

PS C:\Users\OPS0016> Get-ADUser -Filter * -SearchBase "OU=Users,OU=ORA,OU=Nuts,DC=nuts,DC=gray,DC=ch"

DistinguishedName : CN=OPS0013,OU=Users,OU=ORA,OU=Nuts,DC=nuts,DC=gray,DC=ch

Enabled : True

GivenName :

Name : OPS0013

ObjectClass : user

ObjectGUID : f5c6b47b-701b-49cf-b6a9-cc3dd22321ec

SamAccountName : OPS0013

SID : S-1-5-21-1891574002-4011538111-2181539958-1761

Surname :

UserPrincipalName : OPS0013@nuts.gray.ch

PS C:\Users\OPS0016>

Ivo

Franklin_S_Intel · ‎02-08-2019

Hello IRuet Could you try the following: Searchbase: "dc=nuts, dc=gray, dc=ch" Bind DN: "cn=ops0013, dc=nuts, dc=gray, dc=ch" Thank you, Franklin S. Intel Customer Support Technician Under Contract to Intel Corporation

IRuet · ‎02-08-2019

No, it doesn't help, same error.

Franklin_S_Intel · ‎02-09-2019

IRuet, I will go ahead and do some research about your issue on this end. As soon as I get an update I will get back in contact with you. Regards, Franklin S. Intel Customer Support Technician Under Contract to Intel Corporation

IRuet · ‎02-11-2019

That's great thanks a lot.

Franklin_S_Intel · ‎02-13-2019

IRuet, We’re sorry about the delay on getting back with you. We might need more information in order to understand what is causing the error. Could you please run Intel System Information Retrieval Utility to obtain some logs from your server? You can find instructions on how to use it here https://www.intel.com/content/www/us/en/support/articles/000023940/server-products/server-boards.html Basically you have to extract the utility to the root of a fat 32 formated usb key and boot into uefi console. Then run sysinfo.efi. Further instructions can be found in the section 3.1 of the pdf file. On the other hand, is the username you are trying to use for LDAP authentication ops0013 or ops0016? Is that user account currently active and not asking for a password change? Can other machines from the network the server is located at authenticate to your LDAP server? Regards, Franklin S. Intel Customer Support Technician Under Contract to Intel Corporation

Franklin_S_Intel · ‎02-22-2019

Hello IRuet, Were you able to connect to your LDAP server from RMM4? Regards, Franklin S. Intel Customer Support Technician Under Contract to Intel Corporation