close

How to set OpenBMC to link with Windows AD Server

Ex: AD Server informaiton

Secret Username: Administrator
Secret Password: abcd!1234
AD Server User Domain Name: gary.qt
AD Server IP: 192.168.20.93


Server URI ldap://192.168.20.93 (AD Server IP)
Bind DN=CN=Administrator,CN=Users,DC=gary,DC=qt (AD Server Admin)
Bind password=abcd!1234 (Administrator password)
Base DN=DC=gary,DC=qt
User ID attribute - (optional)=sAMAccountName (optional)
Group ID attribute - (optional)=primaryGroupID (optional)

Role groups: 
Group name=Domain Users
Group privilege=(Test what you need)

After setup link external user service, login with the AD-user who is in Group(Domain Users)

=======================================================================

Get CA Certificate and sign "HTTPS/LDAP - CSR" for OpenBMC 
(Setup CA Environment, please refer "More detail" at end of blog.)
----------------------------------------------------------------------------------------------------
Export the "Domain CA" from the Certificate Export Wizard.
Server Manager -> Tools -> "Certificate Authority"
, In "Certificate Authority": Choose "your Doman" -> "Issued Certificates"
   -> Choose "Domain Controller" by check column "Cerificate Template"
   -> double left click it (or right click "Open") -> change "Details" page
   -> select "Copy to File" to open "Certificate Export Wizard"
In "Certificate Export Wizard":
   -> Format "Base-64 encoded X.509 (.CER)"
   -> Save to file. (ex: "Domain Certificate CA Certificate.CER")
----------------------------------------------------------------------------------
Then load "Domain Certificate CA Certificate.CER" to OpenBMC WebUI CA Certificate
======================================================================================
4. Sign CSR with windows CA:
On OpenBMC WebUI, generate CSR for LDAP(AD) and download it. 
   -> OpenBMC-CSR-certificate.txt
CMD: certreq -submit -attrib “CertificateTemplate:SubCA” OpenBMC-CSR-certificate.txt
Then select your CA in pop-window.
And Save certificate as “LDAP_certificate_after_sign.cer”.
----------------------------------------------------------------------------------
Then load “LDAP_certificate_after_sign.cer” to OpenBMC WebUI CA Certificate

More detail, please refer:
https://virtuallythere.blog/2018/04/24/making-things-a-bit-more-secure-part-1/
https://www.youtube.com/watch?v=h3sxduUt5a8

arrow
arrow
    文章標籤
    OpenBMC AD AD Server AD Secure
    全站熱搜

    吾給力 發表在 痞客邦 留言(4) 人氣()

    E-mail轉寄