As it is known, user account record in AD contains several fields, among these fields there are CN field (common name) which represents in AD full name of user, for example "Sergey …….." and SamAccountName field, which represents some short account name for NTLM style authentication, for example "admin-…". Second one is much more convenient for everyday usage than first long name. Customer reported, that then he was using v 1.51 as iBMC firmware, both AD record fields could be used for iBMC login authentication, but when customer upgraded iBMC of some servers to higher than v 1.51, SamAccountName authentication does not work there, only long CN field can login to iBMC, short account name fails to login.
As it is seen from iBMC log, short SamAccountName login actually fails, but long CN name the same time succeeds.
This has been confirmed as software bug, connected with upgrade of openldap components to solve openldap vulnerability, and after that, the higher than v 1.51 version iBMC with new openldap cause this issue, trigger NTLM user authentication fails.
This issue resolved in iBMC software version v 2.12. Upgrade server iBMC to RH1288 V3-iBMC-V212.zip to resolve this issue.http://support.huawei.com/enterprise/SoftwareVersionActionNew!showVDetailNew?lang=en&idAbsPath=fixnode01|7919749|9856522|21782478|21782482|9901873&pid=9901873&vrc=21000249|21000250|21000252|22020310&from=soft&tab=bz&bz_vr=21000250&bz_vrc=&nbz_vr=null