Select Page

Supermicro IPMI and Active Directory Integration

Supermicro IPMI has the capability to use Active Directory to authenticate users without having to add each individual user to the IPMI system on each server device.   Instead of authenticating a user against the internal IPMI user database, the IPMI BMC can query Active Directory.   Users with authorization to login are identified by a specific security group.   Any user which is a member of the security group is granted access.

The login precedence is:

  1. Authenticate against the internal IPMI database
  2. Authenticate against other repositories, in this case Active Directory

Configuration steps to perform

  1. Create USER Account in Active Directory
  2. Create GROUP to give users access to Supermicro systems via IPMI
  3. Add the Active Directory group to IPMI
  4. Configure IPMI for your Active Directory Server
  5. Test access to your Supermicro system

Create USER Account in Active Directory

In this example we will create a typical user.   There is nothing special about the user details as any user account will work.

Create the user account on Active Directory.

Create Active Directory User

 

Create User Details

In this example we set Password Never Expires for simplicity.  This is not typical and not required.  Create the user account with your IT standard procedure.

Create User Account Finish

Create Active Directory Group

Create a group to identify IPMI users with authorization to log into IPMI.

Active Directory Users and Groups >> Users >> New >> Group

Create AD Group

In this example, we user the group name IPMILogin.    Any group name will work.

Create AD Group

Create AD Group

Add the Group to Active Directory User Account

Active Directory Users and Computers >> <user> >> Properties (right click)

Add to IPMI

Select “Members Of” Tab

Add Group to AD User

Click on OK

Add to IPMI Group

Click on Add

Add to IPMI Group

Enter your group and click Check Names then OK

Add to IPMI Group

And the user is now a member of the IPMI login group.

Add the Active Directory group to IPMI

Now we will configure the server by adding the Active Directory group to the IPMI system.

Note:  This must be done on every server as the IPMI database is local to the server firmware.

Log into the server via IPMI via the built-in IPMI account.

The default is:

user: ADMIN
password: ADMIN

Add group to IPMI

Click on Configuration

Add group to IPMI

Select the Active Directory configuration button.Add group to IPMI

On the Active Directory IPMI configuration screen, there are a set of rows available to configure.

Add group to IPMI

Click on the first available row.

Add group to IPMI

Add group to IPMI

Then click on the Add Role Group button.

Add group to IPMI

Fill in the form and press OK.

The resultant for row 1 should be something like this example.

Notice the Group Domain.   This should be the fully qualified domain for your Active Directory system.

Configure IPMI for your Active Directory Server

The IPMI system will need to be configured with the details to find your Active Directory server.

Select Advance Settings

Advanced Settings

Enter the Details of your Active Directory, such as the AD fully qualified domain.  This should match your user configuration.

Then click on Save.

The system should be configured.

Test access to your Supermicro IPMI BMC

Login to IPMI, this time use your Active Directory user credentials.

In this example

Username:   johndoe@newdom.newco.com
Password:   <created in Active Directory>

Test Access

If login is successful, you should see your AD username in the Identification at the top.

Test Access

Test access

Was this article helpful?

Submit a Comment

Your email address will not be published. Required fields are marked *