Document Information
Using This Documentation
Related Documentation
Documentation Feedback
Product Downloads
Download Product Software and Firmware
Oracle ILOM 3.1 Firmware Version Numbering Scheme
Support and Accessibility
Quick Start
Oracle ILOM 3.1 – Quick Start
Factory Default Settings
Mandatory Setup Tasks
Optional Setup Tasks
Daily Management Tasks
Routine Maintenance Tasks
Initial Setup FAQs
Configuration and Maintenance
Setting Up a Management Connection to Oracle ILOM and Logging In
Establishing a Management Connection to Oracle ILOM
Logging In to Oracle ILOM Server SP or CMM
Configuring Oracle ILOM for Maximum Security
Setting Up and Maintaining User Accounts
Managing User Credentials
Supported User Authentication Configuration Options
Assignable Oracle ILOM User Roles
Single Sign-On Service (Enabled by Default)
Maximum Number of User Sessions Supported
Viewable User Authenticated Sessions per Managed Device
CLI Authentication Using Local User SSH Key
Security Action: Change Default root Account Password
Password Recovery for root Account
Supported File Transfer Methods
Configuring Local User Accounts
Configuring LDAP/SSL
Configuring LDAP
Configuring RADIUS
Modifying Default Settings for Network Deployment and Administration
Network Deployment Principles and Considerations
Modifying Default Management Access Configuration Properties
Modifying Default Connectivity Configuration Properties
Example Setup of Dynamic DNS
Assigning System Identification Information
Setting Properties for SP or CMM Clock
Suggested Resolutions for Network Connectivity Issues
Using Remote KVMS Consoles for Host Server Redirection
First-Time Setup for Oracle ILOM Remote Console
Launching and Using the Oracle ILOM Remote Console
First Time Setup for Oracle ILOM Storage Redirection CLI
Launching and Using the Oracle ILOM Storage Redirection CLI
Starting and Stopping a Host Serial Redirection Session
Host Serial Console Log Properties
Configuring Host Server Management Actions
Controlling Host Power to Server or Blade System Chassis
Setting Host Diagnostic Tests to Run
Setting Next Boot Device on x86 Host Server
Setting Boot Behavior on SPARC Host Server
Overriding SPARC Host Boot Mode
Managing SPARC Host Domains
Setting SPARC Host KeySwitch State
Setting SPARC Host TPM State
Setting Up Alert Notifications and Syslog Server for Event Logging
Configuring Alert Notifications
Configuring Syslog for Event Logging
Setting System Management Power Source Policies
Power-On and Cooling-Down Policies Configurable From the Server SP
System Management Power Supply Policies Configurable From CMM
Setting Power Alert Notifications and Managing System Power Usage
Setting Power Consumption Alert Notifications
Setting CMM Power Grant and SP Power Limit Properties
Setting SP Advanced Power Capping Policy to Enforce Power Limit
Setting SP Power Management Settings for Power Policy (SPARC)
Setting the CMM Power Supply Redundancy Policy
Performing Oracle ILOM Maintenance and Configuration Management Tasks
Performing Firmware Updates
Reset Power to Service Processor or Chassis Monitoring Module
Backing Up, Restoring, or Resetting the Oracle ILOM Configuration
Maintaining x86 BIOS Configuration Parameters
BIOS Configuration Management
Performing BIOS Configuration Tasks From Oracle ILOM
SAS Zoning Chassis Blade Storage Resources
Zone Management for Chassis-Level SAS-2 Capable Resources
Manageable SAS-2 Zoning-Capable Devices
Sun Blade Zone Manager Properties
Important SAS Zoning Allocations Considerations
Enabling Zoning and Creating SAS-2 Zoning Assignments
Managing Existing SAS-2 Storage Resource Allocations
Resetting Sun Blade Zone Manager Allocations to Factory Defaults
Resetting the Zoning Password to Factory Default for Third-Party In-Band Management
User's Guide
Oracle ILOM Overview
About Oracle ILOM
Oracle ILOM Features and Functionality
Supported Management Interfaces
Supported Operating System Web Browsers
Integration With Other Management Tools
Getting Started With Oracle ILOM 3.1
Logging In to Oracle ILOM
Navigating the Redesigned 3.1 Web Interface
Navigating the Command-Line Interface (CLI) Namespace Targets
Collecting System Information, Monitoring Health Status, and Initiating Host Management
Collecting Information, Status, and Initiating Common Actions
Administering Open Problems
Administering Service Actions: Oracle Blade Chassis NEMs
Managing Oracle ILOM Log Entries
Performing Commonly Used Host Management Actions (Web)
Applying Host and System Management Actions
Administering Host Management Configuration Actions
Administering System Management Configuration Actions
Troubleshooting Oracle ILOM Managed Devices
Network Connection Issues: Oracle ILOM Interfaces
Tools for Observing and Debugging System Behavior
Enabling and Running Oracle ILOM Diagnostic Tools
Real-Time Power Monitoring Through Oracle ILOM Interfaces
Monitoring Power Consumption
Monitoring Power Allocations
Analyzing Power Usage Statistics
Comparing Power History Performance
Managing Oracle Hardware Faults Through the Oracle ILOM Fault Management Shell
Protecting Against Hardware Faults: Oracle ILOM Fault Manager
Oracle ILOM Fault Management Shell
Using fmadm to Administer Active Oracle Hardware Faults
Using fmdump to View Historical Fault Management Logs
Using fmstat to View the Fault Management Statistics Report
Using the Command-Line Interface
About the Command-Line Interface (CLI)
CLI Reference For Supported DMTF Syntax, Command Verbs, Options
CLI Reference For Executing Commands to Change Properties
CLI Reference For Mapping Management Tasks to CLI Targets
CLI Reference
Basic CLI Command Reference for Oracle ILOM 3.1
System Information and Management
Host and System Control
Oracle ILOM Initial Setup
System Monitoring and Status
System Inventory
Oracle ILOM Maintenance
Oracle ILOM Configuration Management
Oracle ILOM Help
SNMP, IPMI, CIM, WS-MAN Protocol Management
SNMP Overview
About Simple Network Management Protocol
SNMP Components
Oracle ILOM SNMP MIBs
SNMP Command-Line Syntax Examples
Configuring SNMP Settings in Oracle ILOM
Managing SNMP Read and Write Access, User Accounts, and SNMP Trap Alerts (CLI)
Managing SNMP Read and Write Access, User Accounts, and SNMP Trap Alerts (Web)
Downloading SNMP MIBs Using Oracle ILOM
Manage User Accounts Using SNMP
Before You Begin – User Accounts (SNMP)
Configuring Oracle ILOM User Accounts (SNMP)
Configuring Oracle ILOM for Active Directory (SNMP)
Manage DNS Name Server Settings (SNMP)
Configuring Oracle ILOM for LDAP (SNMP)
Configuring Oracle ILOM for LDAP/SSL (SNMP)
Configuring Oracle ILOM for RADIUS (SNMP)
Manage Component Information and Email Alerts (SNMP)
Before You Begin – Component Information (SNMP)
Viewing Component Information (SNMP)
Managing Clock Settings, Event Log, Syslog Receiver, and Alert Rules (SNMP)
Configuring SMTP Client for Email Alert Notifications (SNMP)
Configuring Email Alert Settings (SNMP)
Monitor and Manage System Power (SNMP)
Before You Begin – Power Management (SNMP)
Monitoring the Power Consumption Interfaces (SNMP)
Maintaining System Power Policy (SNMP)
Managing System Power Properties (SNMP)
Manage Oracle ILOM Firmware Updates (SNMP)
Update Oracle ILOM Firmware (SNMP)
Manage Oracle ILOM Backup and Restore Configurations (SNMP)
View and Configure Backup and Restore Properties (SNMP)
Manage SPARC Diagnostics, POST, and Boot Mode Operations (SNMP)
Before You Begin – Manage SPARC Hosts (SNMP)
Managing SPARC Diagnostic, POST, and Boot Mode Properties (SNMP)
Server Managment Using IPMI
Intelligent Platform Management Interface (IPMI)
Configuring the IPMI Service
Using IPMItool to Run ILOM CLI Commands
Performing System Management Tasks (IPMItool)
IPMItool Utility and Command Summary
Server Management Using WS-Management and CIM
WS-Management and CIM Overview
Configuring Support for WS-Management in Oracle ILOM
Supported DMTF SMASH Profiles, CIM Classes and CIM Indications
Oracle's Sun-Supported CIM Classes
Document Conventions for Oracle's Sun-Supported CIM Classes
Oracle_AssociatedIndicatorLED
Oracle_AssociatedSensor
Oracle_Chassis
Oracle_ComputerSystem
Oracle_ComputerSystemPackage
Oracle_Container
Oracle_ElementCapabilities
Oracle_ElementConformsToProfile
Oracle_EnabledLogicalElementCapabilities
Oracle_HWCompErrorOkIndication
Oracle_IndicatorLED
Oracle_InstCreation
Oracle_InstDeletion
Oracle_LogEntry
Oracle_LogManagesRecord
Oracle_Memory
Oracle_NumericSensor
Oracle_PhysicalAssetCapabilities
Oracle_PhysicalComponent
Oracle_PhysicalElementCapabilities
Oracle_PhysicalMemory
Oracle_PhysicalPackage
Oracle_Processor
Oracle_ProcessorChip
Oracle_Realizes
Oracle_RegisteredProfile
Oracle_RecordLog
Oracle_ReferencedProfile
Oracle_Sensor
Oracle_SpSystemComponent
Oracle_SystemDevice
Oracle_ThresholdIndication
Oracle_UseOfLog
SNMP Command Examples
snmpget Command
snmpwalk Command
snmpbulkwalk Command
snmptable Command
snmpset Command
snmptrapd Command
Feature Updates and Release Notes
Feature Enhancements as of Oracle ILOM 3.1
Feature Enhancements Summary
Updates to Oracle ILOM 3.1.x Firmware
Initial 3.1 Point Releases for Servers and Sun Blade 6000 CMM
Deprecation Notice for WS-Man as of Oracle ILOM 3.2.1
Oracle ILOM 3.1 Known Issues
Documentation Titles in Translated Documents
Glossary
Index
Configuring Active Directory
System administrators can optionally configure Oracle ILOM to use the Microsoft Windows Active
Directory service to authenticate Oracle ILOM users, as well as define user authorization
levels for using the features within Oracle ILOM. This service is based on
a client-server query model that uses the assigned user password to authenticate Active Directory
users.
The property for the Active Directory service state, in Oracle ILOM, is disabled
by default. To enable the Active Directory service state and configure Oracle ILOM
as an Active Directory client, see the following tables:
Table 16 Enabling Active Directory Authentication
|
|
|
|
|
Disabled |
Disabled | EnabledTo configure Oracle ILOM as an Active Directory client,
set the State property to enabled. When the State property is enabled, and the
Strict Certificate Mode property is disabled, Oracle ILOM over a secure channel provides some
validation of the Active Directory service certificate at the time of user authentication. When
the State property is enabled, and the Strict Certificate Mode property is enabled,
Oracle ILOM over a secure channel fully verifies the Active Directory service certificate
for digital signatures at the time of user authentication. CLI State Syntax: set /SP|CMM/clients/activedirectory/ state=disabled|enabled |
|
None (server authorization) |
Administrator | Operator | Advanced
| None (server authorization)To define which features in Oracle ILOM are accessible to Active Directory authenticated
users, set the default Role property to one of the four property values
accepted: Administrator (a|u|c|r|o), Operator (c|r|o), Advanced (a|u|c|r|o|s), or None (server authorization). When the Default Role
property is set to an Oracle ILOM user role, authorization levels for using
features within Oracle ILOM are dictated by the privileges granted by the configured
Oracle ILOM user role. For a description of privileges assigned, see the user role
and user profile topics listed in the Related Information section below. When the Role
property is set to None (server authorization), and Oracle ILOM is configured to use
Active Directory Groups, the authorization levels for using features within Oracle ILOM are
dictated by the Active Directory Group. For further configuration details, see the Active Directory
Group topic listed in the Related Information section below. CLI Roles Syntax: set /SP|CMM/clients/activedirectory/ defaultrole=administrator|operator|a|u|c|r|o|s|none Related Information:
|
|
0.0.0.0 |
IP address| DNS host name
(Active Directory Server) To configure the Active Directory server network address, populate the Address
property with the Active Directory server IP address or DNS host name. If
a DNS host name is used, then the DNS configuration properties in Oracle
ILOM must be properly configured and operational. CLI Address Syntax: set /SP|CMM/clients/activedirectory/ address=active_directory_server ip_address|active_directory_server_dns_host_name Related Information:
|
|
0 (Auto-select) |
0 Auto-select | Non-standard TCP portA standard TCP port
is used by Oracle ILOM to communicate with the Active Directory server. When
the Port Auto-select property is enabled, the Port number is set to 0
by default. When the Port Auto-select property is disabled, the Port number property
in the web interface becomes user-configurable. A configurable Port property is provided
in the unlikely event of Oracle ILOM needing to use a non-standard TCP
port. CLI Port Syntax: set /SP|CMM/clients/activedirectory/ port=number |
|
4 seconds |
4 | user-specifiedThe Timeout property designates the number of seconds to wait for
an individual transaction to complete. The value does not represent the total time
for all transactions to complete since the number of transactions can differ depending
on the configuration. The Timeout property is set to 4 seconds by
default. If necessary, adjust this property value as needed to fine tune the
response time for when the Active Directory server is unreachable or not responding.
CLI Timeout Syntax: set /SP|CMM/clients/activedirectory/ timeout=number_of_seconds |
Strict Certificate Mode (strictcertmode=) |
Disabled |
Disabled | EnabledWhen the Strict Certificate Mode property is enabled, Oracle ILOM
fully verifies the digital signatures in the Active Directory certificate at the time
of authentication. When the Strict Certificate Mode property is disabled, Oracle ILOM provides limited
validation of the server certificate at the time of authentication over a secure
channel.
| Caution - The Active Directory server certificate must be loaded prior to enabling the
Strict Certificate Mode property.
|
CLI Strict Certificate Mode Syntax: set /SP|CMM/clients/activedirectory/ strictcertmode=disabled|enabled Related Information:
|
DNS Locator Mode (/dnslocatorqueries) |
Disabled |
Disabled | EnabledTo configure Oracle ILOM
to use DNS Locator Queries to obtain a list of Active Directory servers,
set the DNS Locator Mode property to enabled. CLI DNS Locator Mode Syntax: set /SP|CMM/clients/activedirectory/ dnslocatorqueries/1=disabled|enabled Related Information:
|
Expanded Search Mode (expsearchmode=) |
Disabled |
Disabled | EnabledTo configure
Oracle ILOM to use additional search options for locating Active Directory user entries,
set the Expanded Search Mode property to enabled. When the Expanded Search Mode
property is disabled, Oracle ILOM will use the userPrincipleName to search for user entries.
In which case, the userPrincipleName must have a fully qualified domain name (FQDN)
suffix. CLI Expanded Search Mode Syntax: set /SP|CMM/clients/activedirectory/ expsearchmode=disabled|enabled |
Strict Credential Error Mode (strictcredentialerrormode=) |
Disabled |
Disabled | EnabledWhen the Strict Credential Error Mode property is
enabled, and user credential errors are reported from any server, Oracle ILOM fails those
user credentials. When the Strict Credential Error Mode property is disabled, Oracle ILOM presents
the user credential to other Active Directory servers for authentication (configured as alternate
servers or found by DNS Locator Queries). CLI Strict Certificate Mode Configuration Syntax: set /SP|CMM/clients/activedirectory/ strictcredentialerrormode=disabled|enabled Related Information:
|
|
None |
None | High | Medium | Low
| TraceTo specify the amount of diagnostic information recorded in the Oracle ILOM event
log for Active Directory events, set the Log Detail property to one of
the accepted property values. CLI Log Detail Configuration Syntax: set /SP|CMM/clients/activedirectory/ logdetail=none|high|medium|low|trace |
Save |
|
Web interface – To apply changes made to
properties within the Active Directory Settings page, you must click Save. |
|
Table 17 Uploading or Removing an Active Directory Certificate File
|
|
|
|
Certificate File Status (certstatus=) |
Read-only |
Certificate present | Certificate not presentThe Certificate File Status property indicates whether an Active Directory
certificate has been uploaded to Oracle ILOM.
| Caution - The Active Directory certificate file must be
uploaded to Oracle ILOM prior to enabling the Strict Certificate Mode property.
|
CLI Certificate Show Syntax: show /SP|CMM/clients/activedirectory/cert |
File Transfer
Method |
Browser (web interface only) |
Browser| TFTP| FTP| SCP| PasteFor a detailed description of each file transfer method,
see File Transfer Methods . |
Load Certificate (load_uri=) |
|
Web interface – Click the Load Certificate button to upload the Active
Directory Certificate file that is defined in the File Transfer Method properties. CLI Certificate Load Syntax: load_uri=file_transfer_method://host_address/file_path/filename |
Remove Certificate (clear_action=true) |
|
Web interface
– Click the Remove Certificate Button to remove the Active Directory Certificate file presently
stored in Oracle ILOM. When prompted, type y (Yes) to delete or n
(No) to cancel the action. CLI Remove Certificate Syntax: set /SP|CMM/clients/activedirectory/cert clear_action=true -or- reset /SP|CMM/clients/activedirectory/cert When prompted, type y to delete or n
to cancel the action. |
|
Table 18 Optionally Configuring Active Directory Groups
|
|
|
Admin Groups (/admingroups/1|2|3|4|5) |
A system administrator can optionally configure Admin Group
properties instead of the Role properties in Oracle ILOM to provide user authorization. Oracle
ILOM supports the configuration of up to five Admin Groups. When Admin Group
properties are enabled in Oracle ILOM, a user's group membership is checked for
any matching groups defined in the admin table. If a match occurs, the
user is granted Administrator-level access. Note – Oracle ILOM grants a group member one or more
authorization levels based on the matching groups (Operator, Administrator, or Custom) found in each
configured group table. Use the following possible values to populate the configuration properties for
each Active Directory Admin Group in Oracle ILOM:
DN format: CN=admingroup,OU=groups,DC=domain,DC=company,DC=com
NT Domain format: domain\admingroup
Full Domain format: DC=domain,DC=company,DC=com\admingroup
Simple Name format: admingroup (Up to 128 characters)
CLI Configuration Syntax for Admin Groups: set /SP|CMM/clients/activedirectory/admingroups/n name=string Example Syntax: set /SP/clients/activedirectory/admingroups/1/ name=CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com Set 'name' to 'CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle, DC=com' |
Operator Groups (/operatorgroups/1|2|3|4|5) |
A system administrator can
optionally configure Operator Group properties instead of the Role properties in Oracle ILOM to
provide user authorization. Oracle ILOM supports the configuration of up to five Operator Groups.
When Operator Group properties are enabled in Oracle ILOM, a user's group membership
is checked for any matching groups defined in the operator table. If a
match occurs, the user is granted Operator-level access. Note – Oracle ILOM grants a group member
one or more authorization levels based on the matching groups (Operator, Administrator, or
Custom) found in each configured group table. Use the following possible values to populate
the configuration properties for each Operator Group in Oracle ILOM:
DN format: CN=operatorgroup,OU=groups,DC=domain,DC=company,DC=com
NT Domain format: domain\operatorgroup
Full Domain format: DC=domain,DC=company,DC=com\operatorgroup
Simple Name format: operatorgroup (Up to 128 characters)
CLI Configuration Syntax for Operator Groups: set /SP|CMM/clients/activedirectory/operatorgroups/n name=string Example Syntax: set /SP/clients/activedirectory/operatorgroups/1 name=CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com Set 'name' to 'CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC= com'' |
Custom Groups (/customgroups/1|2|3|4|5) |
A system administrator
can optionally configure up to five Custom Group properties in Oracle ILOM to provide
user authorization. Oracle ILOM uses the Custom Group properties to determine the appropriate
user roles to assign when authenticating users who are members of a Custom
Group. When enabling the use of Custom Groups in Oracle ILOM, both the
Roles property and the Custom Groups property must be configured. For further information
about the configuration properties for Roles, see the Roles property in Enabling Active Directory Authentication . Note – Oracle ILOM grants
a group member one or more authorization levels based on the matching groups
(Operator, Administrator, or Custom) found in each configured group table. Use the following possible
values to populate the configuration properties for each Custom Group in Oracle ILOM:
User role: administrator |operator|advanced (a|u|c|r|o|s)
DN format: CN=customgroup,OU=groups,DC=domain,DC=company,DC=com
NT Domain format: domain\customgroup
Full Domain format: DC=domain,DC=company,DC=com\customgroup
Simple Name format: customgroup (Up to 128 characters)
CLI Configuration Syntax for Custom Groups: set /SP|CMM/clients/activedirectory/customgroups/n name=string roles=administrator|operator|a|u|c|r|o|s Example Syntax: set /SP/clients/activedirectory/customgroups/1 name=CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com roles=au Set 'name' to 'CN=spSuperOper,OU=Groups,DC=sales,DC=oracle,DC=com'' roles' to 'au' Related Information:
|
Save |
Web interface – To apply changes made to properties
in the Admin, Operator, or Custom Group dialogs, you must click Save. |
|
Table 19 Configuring Active Directory User Domains
|
|
|
|
A system administrator can optionally configure up to five User Domains. When
one or more user domains are defined, Oracle ILOM uses these properties in
sequence until it is able to authenticate the Active Directory user. Use the following
possible values to populate configuration properties for each User Domain in Oracle ILOM:
UPN format: <USERNAME>@domain.company.com
DN format: CN=<USERNAME>,CN=Users,DC=domain,DC=company,DC=com
Note - You can use <USERNAME> as a literal. When <USERNAME> is used as a
literal Oracle ILOM replaces the <USERNAME> during user authentication with the current login
name entered.
CLI User Domains Syntax: set /SP|CMM/clients/activedirectory/userdomains/n name=string Example 1: name=CN=<USERNAME> set /SP/clients/activedirectory/userdomains/1/name=CN<USERNAME>, OU=Groups, DC=sales, DC-Oracle, DC=com Set 'name' to 'CN=<USERNAME>,OU=Groups,DC=sales,DC=oracle,DC=com' Example 2: name=CN=spSuperAdmin set /SP/clients/activedirectory/userdomains/1/ name=CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle,DC=com Set 'name' to 'CN=spSuperAdmin,OU=Groups,DC=sales,DC=oracle, DC=com' |
Save |
Web interface – To apply changes made
to properties in the Active Directory User Domains dialog, you must click Save. |
|
Table 20 Optionally Configuring Active Directory Alternate Servers
|
|
|
Alternate Servers (/1|2|3|4|5) |
Oracle ILOM enables a system administrator to configure up to five
Active Directory alternate servers. Alternate servers provide authentication redundancy, as well as a choice of
different Active Directory servers to use when you need to isolate domains. Each
Active Directory alternate server uses the same user authorization rules and requirements as
the primary Active Directory server. For example, Oracle ILOM will use the configured
user roles in the Roles property to authenticate users. However, if the Roles property
is not configured, Oracle ILOM will query the authentication server for the appropriate
authorization roles. Each Active Directory alternate server has its own properties for network
address, port, certificate status, and commands for uploading and removing a certificate. When
an Active Directory certificate is not supplied, but is required, Oracle ILOM will
use the top-level primary Active Directory server certificate.
Note - If the alternate servers are being
used to provide authentication redundancy, the property for Strict Credential Error Mode can
be optionally enabled. However, if the alternate servers are being used to span disjoint
domains, then the property for Strict Credential Error Mode should be disabled. For
configuration properties for Strict Credential Error Mode, see Enabling Active Directory Authentication .
CLI Alternate Server Address and Port syntax: set /SP|CMM/clients/activedirectory/alternateservers/n address=sting port=string CLI Alternate Server Certificate Syntax: show /SP|CMM/clients/activedirectory/alternateservers/n/cert load_uri=file_transfer_method://host_address/file_path/filename set /SP|CMM/clients/activedirectory/alternateservers/n/cert clear_action=true |
Save |
Web interface – To apply changes made
to properties in the Active Directory Alternate Servers dialog, you must click Save. |
|
Table 21 Optionally Editing DNS Locator Queries
|
|
|
|
|
_ldap._tcp.gc._msdcs.<DOMAIN>.<PORT:3269> |
Oracle ILOM enables you to configure up
to five DNS Locator Queries. A DNS locator query identifies the named
DNS service and the port ID. The port ID is generally part of
the record, but you can override it by using the format <PORT:636>. Additionally,
you can override the named DNS service for a specific domain by using
the <DOMAIN> substitution marker. CLI Show and Edit DNS Locator Queries Syntax: show /SP|CMM/clients/activedirectory/dnslocatorqueries/1 set /SP|CMM/clients/activedirectory/dnslocatorqueries/1 service = string Example DNS Locator Queries Syntax for service= string : service =_ldap._tcp.gc._msdcs.<DOMAIN>.<PORT:nnnn> |
|
_ldap._tcp.dc._msdcs.<DOMAIN>.<PORT:636> |
Save |
|
Web interface –
To apply changes made to properties in the Active Directory DNS Locator Queries dialog,
you must click Save. |
|
Table 22 Guidelines for Troubleshooting Active Directory Authentication
Refer to the following guidelines when troubleshooting Active Directory authentication
and authorization attempts in Oracle ILOM.
To test and diagnose Active Directory authentication, follow these steps: 1: Set the Active Directory Log Details property to trace. 2: Attempt an authentication to Oracle ILOM to generate events. 3: Review the Oracle ILOM event log file.
Ensure that the user groups and user domains configured on the Active Directory server match the user groups and user domains configured in Oracle ILOM.
The Oracle ILOM Active Directory Client does not manage clock settings. The clock settings in Oracle ILOM are configurable manually or through an NTP server. Note. When the clock settings in Oracle ILOM are configured using an NTP server, Oracle ILOM performs an ntpdate using the NTP server(s) before starting the NTP daemon.
|
|
|