HP iLO 3 Scripting and Command Line Guide

ManualsBrandsHP ManualsComputer AccessoriesHP Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers

141

142

143

144

145

146

147

148

149

150

Role names are used to associate iLO privileges. The specified privileges are set accordingly for

that role, and a privilege that is omitted is unchanged. Enable a privilege for the role using the

argument Y and disable the privilege for the role using the argument N.

There are three roles for privilege assignment. Omitting a role leaves the current assignment

unchanged:

• USER_ROLE—Privileges associated with User

• OPERATOR_ROLE—Privileges associated with Operator

• ADMINISTRATOR_ROLE—Privileges associated with Administrator

For each role, you can manipulate multiple privileges. The privilege is specified within the role

tag. If a privilege is omitted, the current value is unchanged. Each privilege assignment is Boolean

and can be set to Y (privilege granted) or N (privilege denied). For more details on account

privileges, see the User Administration section of the HP iLO User Guide on the HP website at

http://www.hp.com/go/ilo3 and click More iLO Documentation.

• LOGIN_PRIV—Allows login for this role.

• REMOTE_CONS_PRIV—Grants access to remote console resources.

• RESET_SERVER_PRIV—Grants access to power and reset controls.

• VIRTUAL_MEDIA_PRIV—Grants access to virtual media resources.

• CONFIG_ILO_PRIV—Allows settings modification.

• ADMIN_PRIV—Allows local user account modification.

MOD_SSO_SETTINGS runtime errors

Possible MOD_SSO_SETTINGS error messages include:

• Incorrect firmware version. SSO is only supported on iLO 3 v1.05

firmware or later.

• User does not have correct privilege for action. CONFIG_ILO_PRIV

required.

• SSO_INFO must be in write mode.

SSO_SERVER

The SSO_SERVER command is used to create HP SIM Trusted SSO Server records. For this command

to parse correctly, it must appear within an SSO_INFO command block, and SSO_INFO MODE

must be set to write. You must have the Configure iLO Settings privilege to execute this command.

This command can be combined with MOD_SSO_SETTINGS.

You can specify multiple SSO server records by using multiple instances of this command. The

servers are added in the order that the records are specified. Duplicate records might be rejected

and generate an error. The number of records stored by the lights-out processor depends on the

size of the entries because certificates do not have a fixed size. Multiple certificates can normally

be stored.

There are three ways to add an HP SIM Trusted Server record using the SSO_SERVER command:

• The server can be specified by network name (requires SSO trust level set to trust by name or

trust all, but is not supported for trust by certificate). Use the fully qualified network name.

• The server certificate can be imported by iLO 3 (the LOM processor requests the certificate

from the specified HP SIM server using anonymous HTTP request). The iLO 3 processor must

be able to contact the HP SIM server on the network at the time this command is processed

for this method to work.

• The server certificate can be directly installed on iLO 3. However, you must obtain the x.509

certificate in advance. This method enables you to configure the iLO 3 in advance of placing

SSO_INFO 147