No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
Atlas 900 Compute Node iBMC (V3.01.00.00 or Later) User Guide 09
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Kerberos Parameters on the iBMC

Configuring the Kerberos Parameters on the iBMC

Scenario

Configure the Kerberos function on User & Security > Kerberos of the iBMC WebUI.

The Kerberos function enables Kerberos users to access the iBMC.

  • Kerberos is a network authentication protocol that provides powerful authentication services for client or server applications using the key system.
  • The iBMC only provides an access interface for Kerberos user.
  • The security policies (password complexity check, password validity period, minimum password age, previous passwords disallowed, and inactive timelimit, and user lockout policy) configured on the authentication server apply to the Kerberos users attempting to log in to the iBMC.

Prerequisites

Data

  • Kerberos server information, including the Kerberos server address, realm name, and Kerberos user group name
  • Key table file generated for the iBMC on the Windows AD. For details about how to generate a key table, see 8 in iBMC Configuring the Directory Server.
  • Password for logging in to the iBMC WebUI

Procedure

  1. Configure the iBMC host name and domain name.

    The host name and domain name must be the same as the host name and domain name configured for the AD domain service. For details about how to configure the host name for the AD domain service, see in 8 in iBMC Configuring the Directory Server.

    1. Log in to the iBMC WebUI. For details, see Getting Started > Login.
    2. Configure the iBMC host name and DNS settings. For details, see Configuring the DNS on the iBMC WebUI.
    3. Configure the iBMC time zone, which must be the same as the time zone of the Kerberos server.
      1. On the iBMC WebUI, choose iBMC Settings > Time & NTP.
      2. Select a value from Region and Time Zone.
      3. Click Save.
    4. Enable NTP.

      Enable NTP to ensure time consistency between the iBMC and the Kerberos server.

      1. On the iBMC WebUI, choose iBMC Settings > Time & NTP.
      2. In the NTP Settings area, set NTP to Enable.
      3. Click Save.

  2. Configure the Kerberos server information.

    1. On the iBMC WebUI, choose User & Security > Kerberos.
    2. Set Kerberos to to enable the Kerberos function.
    3. Set the Kerberos server parameters.

      The following parameters must be configured.

      • Realm: Enter the Kerberos server domain name, for example, ADMIN.COM. This domain name must be the same as the domain name set on the Kerberos server.
      • Kerberos Server Address: Enter the Kerberos server IP address, for example, 192.168.66.66.
      • Kerberos Port: Enter the port number of the Kerberos server.
      • Import the Kerberos key table. For details, see Importing a Key Table in User & Security > Kerberos.
      • Current User Password: Enter the password for logging in to the iBMC.

        Set other parameters based on actual situation. For details about the parameters, see Enabling Kerberos and Configuring the Domain Server User & Security > Kerberos.

    4. Click Save.

  3. Configure the Kerberos group.

    1. On the iBMC WebUI, choose User & Security > Kerberos.
    2. In the Kerberos User Group area, click or Add.
    3. In Current User Password, enter the iBMC user password.
    4. Configure Kerberos group parameters.
      • Kerberos User Group: Enter the Kerberos user group name, for example info_group1 (the Kerberos group name set in iBMC Configuring the Directory Server).
      • Kerberos Group Folder: Enter the name of the folder in which the Kerberos group applications are stored.

        The Kerberos group folder must be the same as the organizational unit set on the Kerberos server, for example, company/department (the organizational unit set in iBMC Configuring the Directory Server).

      • SID: Enter the SID.
      • Role: Assign operation permissions to the user group.
      • Login Rules: Set the login rules.
      • Login Interfaces: Set the login interfaces.
    5. Click Save.

  4. Configure single sign-on (SSO) for the browser that supports this function. You do not need to configure SSO for Google Chrome.

    Enabling SSO in Internet Explorer

    The operations vary depending on the Internet Explorer version. The following uses Internet Explorer 11 as an example.
    1. Enable authentication in Internet Explorer.
      1. Click to open the Internet Options window.
      2. Choose Internet Options > Advanced.
      3. Select Enable Integrated Windows Authentication in Security.
      4. Click OK.
    2. Add the iBMC domain to the Internet zone.
      1. Choose Internet Options > Security.
      2. Click Advanced.
      3. In Add this website to the zone, enter the site, for example *.iBMC.com.
      4. Click Add.
      5. Click Close.
    3. Enable Automatic login only in Intranet zone.
      1. Choose Internet Options > Security.
      2. Click Custom level.
      3. In the User Authentication area, select Automatic login only in Intranet zone.
      4. Click OK.
      5. To close the Internet Options dialog box, click OK.
    4. Close and restart Internet Explorer to make the settings in 1 to 2 take effect.

    Enabling SSO in Firefox

    The operations vary depending on the Firefox version. The following uses Firefox 17.0 as an example.

    1. Enter about:config in the address box and press Enter.
    2. If "This might void your warranty!" is displayed, click I accept the risk!.
    3. In the Search box of the browser, enter network.negotiate.
    4. Double-click network.negotiate-auth.trusted-uris.
    5. Enter the iBMC DNS domain name (for example iBMC.com).
    1. Click OK.

  5. Log in to the iBMC using a Kerberos domain account or SSO.

    Log in to the iBMC using a Kerberos domain account:

    1. Enter the Kerberos user name and password, for example, HWinfo/Admin@9000.

      The user name and password must have been configured on the Kerberos server.

    2. Choose the Kerberos server domain name, for example ADMIN.COM(KRB) , from the domain drop-down list.
    3. Click Log in.

    Log in to the iBMC using SSO:

    1. Open the browser (with the configuration in 4 completed) and enter the iBMC FQDN, for example, https://Host name.Domain name.
    2. Click SSO.

Translation
简体中文
Download
Updated: 2023-08-04

Document ID: EDOC1100152759

Views: 269148

Downloads: 99

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :