Topic
  • 9 replies
  • Latest Post - ‏2013-12-11T10:39:29Z by Arks
Aitor Abad
Aitor Abad
2 Posts

Pinned topic IMM v2 to Active Directory

‏2013-09-09T09:47:30Z |

Hello,

When configuring IMM v2 to AD (x3250 M4) I am having issues with authorization. I am able to authenticate succesfully using AD credentials but I get read only access so I can't make any configuration changes. This is advised in every IMM page with the following warning: "Some features on this page are disabled because your user id does not have appropriate privileges to use them."

The configuration is mirrored from another server (x3650 M2 with IMM v1) wich is working as expected, so it seems to be some kind of change in the IMMv2 LDAP Client.

Does somebody deal with this issue?

Thanks in advance. Best regards.

  • twoj
    twoj
    3 Posts

    Re: IMM v2 to Active Directory

    ‏2013-09-26T18:47:06Z  

    Hi

    This is a known issue for IMMv2 - my firmware was originally 1.97 - they released firmware 2.50 and it wasn't listed in the fixes nor did it fix the issue. I just installed the 3.10 firmware today which does say it should fix the problem - however i am on the phone with support right now because it not only doesn't seem to work with AD at all now - it has also caused the local USERID account to have read-only permissions!!

    So a BIG WARNING - you may lock yourself out of IMM if you try the 3.10 firmware update!

    I wish these guys could get their act together to actually fix something and not screw things up even more!

     

  • PPriit
    PPriit
    4 Posts

    Re: IMM v2 to Active Directory

    ‏2013-09-27T09:50:24Z  
    • twoj
    • ‏2013-09-26T18:47:06Z

    Hi

    This is a known issue for IMMv2 - my firmware was originally 1.97 - they released firmware 2.50 and it wasn't listed in the fixes nor did it fix the issue. I just installed the 3.10 firmware today which does say it should fix the problem - however i am on the phone with support right now because it not only doesn't seem to work with AD at all now - it has also caused the local USERID account to have read-only permissions!!

    So a BIG WARNING - you may lock yourself out of IMM if you try the 3.10 firmware update!

    I wish these guys could get their act together to actually fix something and not screw things up even more!

     

    Hi,

    I'm assisting you in this problem with IMMv2 firmware 3.10

    I flashed it to 1 our x3650 M4 and having now the same issue with restricted privileges with both AD and local account, which previously had administrator rights.

    Although on an 1 x3550M4 this problem didn't occur and all permissions were preserved.

    Waiting for IBM statement about this issue before continuing with other servers.

     

    Priit

  • trauprich
    trauprich
    2 Posts

    Re: IMM v2 to Active Directory

    ‏2013-10-17T12:41:34Z  

    Same problem here with a x3500 M4. Initially starting with Firmware 2.50, we configured AD auth and all went fine. I just upgraded IMMv2 to firmware version 3.10 and now everything is screwed up. Local admin user doesn't have any right to change something or even start remote control or change the firmware bank!

    So, if there are any news about this topic, please tell us. I will open a support case now, too.

  • trauprich
    trauprich
    2 Posts

    Re: IMM v2 to Active Directory

    ‏2013-10-18T07:26:41Z  

    Same problem here with a x3500 M4. Initially starting with Firmware 2.50, we configured AD auth and all went fine. I just upgraded IMMv2 to firmware version 3.10 and now everything is screwed up. Local admin user doesn't have any right to change something or even start remote control or change the firmware bank!

    So, if there are any news about this topic, please tell us. I will open a support case now, too.

    Problem solved:

    We just had to wait a few more minutes after the firmware update. After logging in again with local admin or configured AD users, everything is fine now.

  • Aitor Abad
    Aitor Abad
    2 Posts

    Re: IMM v2 to Active Directory

    ‏2013-10-21T08:21:03Z  
    • twoj
    • ‏2013-09-26T18:47:06Z

    Hi

    This is a known issue for IMMv2 - my firmware was originally 1.97 - they released firmware 2.50 and it wasn't listed in the fixes nor did it fix the issue. I just installed the 3.10 firmware today which does say it should fix the problem - however i am on the phone with support right now because it not only doesn't seem to work with AD at all now - it has also caused the local USERID account to have read-only permissions!!

    So a BIG WARNING - you may lock yourself out of IMM if you try the 3.10 firmware update!

    I wish these guys could get their act together to actually fix something and not screw things up even more!

     

    Hi,

    After upgrading IMM to 3.10 authentication and authorization is working fine with local and AD accounts.

    Aitor.

  • twoj
    twoj
    3 Posts

    Re: IMM v2 to Active Directory

    ‏2013-10-21T16:16:29Z  

    I just logged into the server again and the local user, USERID, is back to a supervisor status, ie has administrative privileges now.

    However, the AD users are still NOT working. Plus when I do a reboot of the IMM the 'User Authentication method' goes from 'Local first, then LDAP' to 'Local only'.

    To me the issue is still not fixed. I would appreciate if someone that had / has the issue could verify if their User Authentication Method reverts back to the default, 'Local Only'.

      

  • Douglas74
    Douglas74
    1 Post

    Re: IMM v2 to Active Directory - Try Web Compatibility on browser and adding individual roles instead of using "Super" role

    ‏2013-11-20T05:24:35Z  
    Two issues after upgrading IMMv2 firmware to version 3.10 on a x3650 M4 
    1. Using Internet Explorer 11 (version 11.0.9600.16428) would not show the list of users from the IMM Management menu until i enabled compatibility view for my web browser for console ip address. earlier version of the firmware didn't need web compatibility mode for the users to be correctly be displayed in the web console.
    2. the local users "USERID"  with supervisor access provided was read only in the web console.  i created a new admin user in ssh with all the attributes.. since the "super" role didn't seem to work to spite being read / write.  for example command: users -2 -n admin -p password -a custom:am|rca|rcvma|pr|cel|bc|nsc|ac  created an admin user that has all of the Super functions...instead of  users -2 -n admin -p password -a super which didn't work.

    i couldn't find anything in the documentation regarding the change to super or the need for compatibility view,but that doesn't mean it wasnt there...

  • DaveQ
    DaveQ
    132 Posts

    Re: IMM v2 to Active Directory - Try Web Compatibility on browser and adding individual roles instead of using "Super" role

    ‏2013-11-20T22:56:47Z  
    • Douglas74
    • ‏2013-11-20T05:24:35Z
    Two issues after upgrading IMMv2 firmware to version 3.10 on a x3650 M4 
    1. Using Internet Explorer 11 (version 11.0.9600.16428) would not show the list of users from the IMM Management menu until i enabled compatibility view for my web browser for console ip address. earlier version of the firmware didn't need web compatibility mode for the users to be correctly be displayed in the web console.
    2. the local users "USERID"  with supervisor access provided was read only in the web console.  i created a new admin user in ssh with all the attributes.. since the "super" role didn't seem to work to spite being read / write.  for example command: users -2 -n admin -p password -a custom:am|rca|rcvma|pr|cel|bc|nsc|ac  created an admin user that has all of the Super functions...instead of  users -2 -n admin -p password -a super which didn't work.

    i couldn't find anything in the documentation regarding the change to super or the need for compatibility view,but that doesn't mean it wasnt there...

    I think using IE 11 this soon after its release would fall under the "at your own risk" category; I doubt it's supported yet. Just my .02.

     

  • Arks
    Arks
    1 Post

    Re: IMM v2 to Active Directory

    ‏2013-12-11T10:39:29Z  

    To deal with IMM behaviors, I suggest you start with "Restart IMM" under IMM Management. it will take 3-5 minutes to complete. To ensure restart is complete, verify ping to IMM IP.