Hi Mike,Yes, the LDAP search is set up using Avocent defaults.Query Mode Appliance: Group AttributeQuery Mode Server: Group AttributeGroup Container: GroupsGroup Container Mask: ou=%1Target Mask: cn=%1Access Control Attribute: infoI created a group called 'KVM Users' under Groups, and put a test user in there. When I tested, i would get 'Access cannot be granted due to authentication server errors.' To do a sanity check, I flipped to User Attribute on both Q.M. Appliance and Q.M. Server, and am able to authenticate/authorize when I put 'KVM User Admin' in the info field on my user.
Iv) XSCF firmware update is completed. V) When the firmware update completes, the active and the standby states of the XSCF unit have become the opposite of original state. For instance, if the firmware update is executed on XSCFU#0, when completing the command, XSCFU#1 would become the active side. Avocent AlterPath Cyclades ACS48 Setup While looking for an inexpensive console switch for my lab, I ran across a few recommendations for the Cyclades line, so I purchased a pair of Cyclades ACS48's on eBay. (3.3.0.16) and still on Avocent's FTP site. You can also locate user manuals and other files from this FTP site.
So either the Query function is not working right, or I just don't understand how to set it up.Thanks! OK here is what we have setup in our test lab (we have a 3016 fwiw).Use LDAP Authentication checkedUse Local First checkedon the server tabSet the primary and secondary servers to the ip address of your AD controllersAccess type LDAP for both.on the search tabSearch DN: the full LDAP path to an account used for authentication. This needs to be a valid user account, with only domain login rights. The user account should look something like cn=Test User,ou=Users,dc=company,dc=comThe password should be the valid password for this account.Search base could be something like dc=company,dc=com or based on a certain OU like ou=Administrators,ou=US,dc=company,dc=com when it searches it will only look for users in this group.The UID mask is sAMAccountName=%1on the query tabUse basic for both, all settings are default. Hi George, that's basically what I have. Incidentally, I have no problem with Local First or LDAP First, so I know it's trying.X Use LDAP Authentication(.) Use Local FirstServerIP Address = 12.34.45.56Port ID = 389Access Type = LDAP(no secondary)SearchSearch DN: cn=LDAPUser,cn=Users,dc=my,dc=domain,dc=comSearch Password: YesSearch Base: dc=my,dc=domain,dc=comUID Mask = sAMAccountName=%1QueryQuery ModeAppliance: (.) Group AttributeServer: (.) Group AttributeGroup Container: GroupsGroup Container Mask: ou=%1Target Mask: cn=%1Access Control Attribute: info.
MikeHSCC wrote:Search DN: cn=LDAPUser,cn=Users,dc=my,dc=domain,dc=comIt should work then (yes, you are here because it doesn't) The thing that confused us for a while was the above structure. We ended up using a ldapsearch tool to get the correct DN name and format.
If you are using the stock AD structure then cn=Users is correct. If you created your own structure (if you are a big organization) then ou=Users may be correct. It was a pain with a lot of guessing until we used the ldapsearch tool to get the exact structure of the user DN.
It would have been nice for them to include a test tool to make sure you get it right before logging out.Edit OK I peeked into a few others we have. I found that if you have an override administrator account setup (shows under users branch) they AD doesn't work.
I only have one KVM switch that has this account, and this is the only one where AD login did not work. All others with the same settings work as I outlined. I need to get with our tech guys and find out whats up with this one KVM /Edit. MikeHSCC wrote:I realized you're setting your Query Mode to 'Basic'.
This authorizes anyone who has valid LDAP credentials. If I set Basic, my account also authorizes. But that's not quite what I'm after.
I only want to authorize users in a specific group.Gotcha, we have admin users in their own OU since our admin accounts are different than our everyday user account. But you know the mechanics are working of LDAP authorization. If I remember correctly you need to use the member of filter to ensure users are in a specific group. Hi there,I'm having the same issue, I think the problem is that the avocent doesn't support group based auth. Only 'does user exist in given OU' and also, it seems, 'is there a note of 'X ' in the users notes field' Both of which are a terrible way to handle authentication.If anyone knows a way to have these boxes authenticate users based on security group membership, please chime in. Otherwise I think I have to add 'KVM admin group' to the notes field to the users I want to grant access.-Aaron.
.Version 3.6.0.14 or 3.6.6.14 (depending on product) This document outlines: 1. Update Instructions 2. Firmware Version and Language Support Information 3.
Enhancements 4. Known Issues 6. Flash Update Failure Recovery Please refer to your user manual for detailed instructions to update the switch. Important Note: If the DSR switch currently has a firmware version earlier than 3.2.0.17 (or 3.6.2.17 for DSR1020, DSR2020, or DSR4020 switches) then the switch must first be upgraded to 3.2.0.17 (or 3.6.2.17 for.Note: This feature requires DSView 3 software version 3.6 or later. Added support for the Avocent iKVM switch integrated into the Dell® PowerEdge® M1000e Modular Blade Enclosure to provide seamless access to each of 16 server blades and the Dell Chassis Management Controller (CMC).1800 characters per minute. Resolved issue where portions of the DSR switch’s Avocent-proprietary SNMP MIB were readable via an SNMP walk utility.
The entire Avocent-proprietary MIB is now only accessible via DSView 3 software.