2010-04-22

IBM IMM integration into AD

This one has nothing to do with Virtualization as such.

All new IBM servers from the M2 series and up have a IMM IBM Integrated Management Module. For you HP'ers - it is the same as ILO.

The same as ILO the IMM comes in two modes - the free integrated version which does not allow Remote Presence (remote console control) and the full version which requires a Virtual Media Key (a physical component on the Motherboard) at an additional cost

By default the IMM comes up with with a DHCP Address.

Default Credentials - USERID/PASSW0RD (the 0 is a ZERO)

So instead of creating a local user for each and every user that was supposed to connect I wanted to configure it for AD authentication. I wanted to allow a group of users to manage the server.

So here is the process.

First we go to the Login Profiles Section and change the default from Local only to
LDAP first, then local. Don't forget to save the settings..

image

We then choose the Network Protocols Section

image

and go to the Lightweight Directory Access Protocol (LDAP) Client section

image

Lets go through each of the the Sections

image

Here you put in the FQDN of you domain controller and the port that DC is listening on.

For example: dc1.maishsk.local - 389

image

Root DN - here you will set the DN where you will search for your group.

UID Search Attribute - What attribute you will use to search on.

Binding Method - This will use the sAMAccountName Attribute

Enhanced role-based security - This I left disabled because the use of this feature requires a lot more intense configuration

Group Filter - Here you use the name of the group that you want to grant access
The format should be CN=<groupname> (and yes - it does not have to be a security group - DG's work as well)

Group Search Attribute - memberOf - this is to see that the user is a member of the group.

Hope you can all make some use of this.