Manualshelf

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory HOWTO

ManualsBrandsHP ManualsComputer AccessoriesHP Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers
11121314151617181920
14
WARNING: pType and account type do not match. This might cause
problems.
Key created.
Output keytab to iloexample.keytab:
Keytab version: 0x502
keysize 69 HTTP/iloexample.example.net@EXAMPLE.NET ptype 3 (KRB5
_NT_SRV_HST) vno 3 etype 0x17 (RC4-HMAC) keylength 16
(0x5a5c7c18ae23559acc2
9d95e0524bf23)
Note that ktpass may prompt that it is unable to set the UPN. This is acceptable because the iLO
interface is a service, and not a user. The ktpass command may also prompt that it is OK to change
the password on the object. Ultimately, the system generates the keytab file.
Do NOT use the -kvno option with ktpass. That would make the knvo in the keytab file out of sync with
the kvno in Active Directory.
Use the SetSPN command to assign the Kerberos SPN to the computer object:
SetSPN -A HTTP/iloexample.example.net iloexample
If SetSPN gives an error, use MMC with the ADSIEdit snap-in, find the computer object for the iLO,
and set the dNSHostName property to the iLO's DNS name. The iLO's DN will be something like this:
cn=iloexample,ou=us,ou=clients,dc=example,dc=net
Use command "SetSPN -L iloexample" to show the SPNs and DN for the iLO3. Verify that the
"HTTP/iloexample.example.net" service is listed.