Onboard Administrator (OA) loses Sign-on capabilities to iLO. (640 Views)
Neighborhood Admin
Posts: 3,336
Registered: ‎01-09-2007
Message 1 of 1 (640 Views)

Onboard Administrator (OA) loses Sign-on capabilities to iLO.

Trung had an iLO and OA question:




OA loses Sign-on capabilities to iLO when directory services (LDAP) is turn on and local accounts turned off in iLO


I have a customer who has gone full LDAP directory services and disabled the local accounts on iLO. They have also done this on the OA. What they are finding is that they can no longer log into the iLO via the OA. The iLO appears to be still trying to use a local account which has been turned off so it has a login failure. When they check iLO users they can see the OAtmp account with their LDAP user account as a suffix in the local users (see screen shot below).




Is this by design?  Do you require Local Accounts to be enabled for OA->iLO Single Sign on functionality?  Is there something they are doing wrong.  I cannot find any documentation on this in the iLO or OA user’s guides.


iLO works fine when they sign in with their LDAP account directly and they have iLO advance blade license installed.




Info from Monty:




You are correct – the Onboard Administrator single-sign-on to iLO for an OA user account requires that all the iLO have local user accounts enabled.


If the iLO local user accounts have been disabled, the OA will continue to be able to support power and cooling of the server blade and some simple information from the server including mezz cards will still be available.


However, the OA will not be able to provide extended server info, nor features like Enclosure Firmware Management, Enclosure DVD, Enclosure KVM, OA CLI hponcfg and connect server commands will not work.




Comments or questions?

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.