IBM Remote Management Authentication via Active Directory

викMost high end IBM hardware comes with a RMM (Remote Management Module) if you ever hope to manage the equipment from a location other than right in front of the machine.  Managing the local accounts on the system is painful at best, and a more secure method is to integrate in to an already existing LDAP or Active Directory environment to provide single-sign-on access.

To do this within the RMM:

  • Log in to the management module’s interface using an administrative account.
  • Expand “MM Control”
  • Select “Network Protocols”
    • Click on “Lightweight Directory Access Protocol (LDAP)”
    • Click “Use LDAP Servers for Authentication Only (with local authorization)”.  Select “OK” at the pop-up warning.
    • Click “Use Pre-Configured Servers” and enter in the IP addresses of your domain controllers (port 389)
      • Under “Miscellaneous Parameters”:
      • Enter your Root DN.  For example, dc=mylocaldomain,dc=com
      • Select “w/ Login Credentials”
    • Click “Save”
  • Under “MM Controls”, click on “Login Profiles”
    • Click “Group Profiles”
    • Click “Add a Group”
      • Enter in an Active Directory group name in to the “Group ID” field.  For example, “Domain Admins”
      • Under “Role”, select “Custom”
      • Move all “Unassigned Roles” to “Assigned Roles” by clicking on each role.
      • Make sure the same is done for the “Assigned Scope”
      • Click “Save”

Leave a Reply