200
Deleting a directory group
Prerequisites
•
Configure iLO Settings privilege
•
An iLO license that supports this feature is installed.
Procedure
1.
Click Administration in the navigation tree, and then click the Directory Groups tab.
2.
Select the check box next to the directory group that you want to delete.
3.
Click Delete.
4.
When prompted to confirm the request, click OK.
Directory group options
Each directory group includes a DN, SID, and account privileges. For Kerberos login, the SIDs of
groups are compared to the SIDs for directory groups configured for iLO. If a user is a member
of multiple groups, the user account is granted the privileges of all the groups.
You can use global and universal groups to set privileges. Domain local groups are not
supported. When you add a directory group to iLO, configure the following values:
•
Group DN (Security Group DN)—Members of this group are granted the privileges set for
the group. The specified group must exist in the directory, and users who need access to iLO
must be members of this group. Enter a DN from the directory (for example, CN=Group1,
OU=Managed Groups, DC=domain, DC=extension).
Shortened DNs are also supported (for example, Group1). The shortened DN is not a unique
match. NEC Corporation recommends using the fully qualified DN.
•
Group SID (Security ID)—Microsoft Security ID is used for Kerberos and directory group
authorization. This value is required for Kerberos authentication. The required format is
S-1-5-2039349. This value does not apply to OpenLDAP servers.
Directory group privileges
The following privileges apply to directory groups:
•
Login— Enables directory users to log in to iLO.
•
Remote Console—Enables directory users to access the host system Remote Console,
including video, keyboard, and mouse control.
Users with this privilege can access the BIOS, and therefore might be able to perform host-
based BIOS, iLO, storage, and network configuration tasks.
•
Virtual Power and Reset—Enables directory users to power-cycle or reset the host system.
These activities interrupt the system availability. A user with this privilege can diagnose the
system by using the Generate NMI to System button.
•
Virtual Media—Enables directory users to use the Virtual Media feature on the host system.
•
Host BIOS—Enables directory users to configure the host BIOS settings by using the UEFI
Summary of Contents for iLO 5
Page 6: ......
Page 27: ...21 ...
Page 67: ...61 ...
Page 117: ...111 Installing license keys iLO Federation group IMPORTANT Do not use this function ...
Page 140: ...134 More Information Configuring iLO access options ...
Page 258: ...252 5 The security message is displayed at the next login ...
Page 314: ...308 Reset iLO ...
Page 334: ......