IBM Remote Management Authentication via Active Directory
викMost high end IBM hardware comes with a RMM (Remote Management Module) if you ever hope to manage the equipment from a location other than right in front of the machine. Managing the local accounts on the system is painful at best, and a more secure method is to integrate in to an already existing LDAP or Active Directory environment to provide single-sign-on access.
To do this within the RMM:
- Log in to the management module’s interface using an administrative account.
- Expand “MM Control”
- Select “Network Protocols”
- Click on “Lightweight Directory Access Protocol (LDAP)”
- Click “Use LDAP Servers for Authentication Only (with local authorization)”. Select “OK” at the pop-up warning.
- Click “Use Pre-Configured Servers” and enter in the IP addresses of your domain controllers (port 389)
- Under “Miscellaneous Parameters”:
- Enter your Root DN. For example, dc=mylocaldomain,dc=com
- Select “w/ Login Credentials”
- Click “Save”
- Under “MM Controls”, click on “Login Profiles”
- Click “Group Profiles”
- Click “Add a Group”
- Enter in an Active Directory group name in to the “Group ID” field. For example, “Domain Admins”
- Under “Role”, select “Custom”
- Move all “Unassigned Roles” to “Assigned Roles” by clicking on each role.
- Make sure the same is done for the “Assigned Scope”
- Click “Save”