Hey Werner, Thanks for the report, it appears there was a bug in FreeIPMI that would have made the bug easier to understand.
According to your dump, 'set session privilege level' is reporting a completion code of 0x80. The "bad completion code" error message is because it doesn't recognize the error code. Looking deeper I have: ---- /* IPMI_CMD_SET_SESSION_PRIVILEGE_LEVEL */ #define IPMI_COMP_CODE_SET_SESSION_PRIVILEGE_LEVEL_REQUESTED_LEVEL_NOT_AVAILABLE_FOR_USER 0x81 #define IPMI_COMP_CODE_SET_SESSION_PRIVILEGE_LEVEL_REQUESTED_LEVEL_EXCEEDS_USER_PRIVILEGE_LIMIT 0x82 #define IPMI_COMP_CODE_SET_SESSION_PRIVILEGE_LEVEL_CANNOT_DISABLE_USER_LEVEL_AUTHENTICATION 0x83 ---- So I don't have a macro for 0x80. It ends up, this is in error. I off-by-oned each of the above macros. They are supposed to be 0x80-0x82 instead of 0x81-0x83. So I'll need to fix that. I've pushed this into the freeipmi-1-5-0-stable branch if you could try it out? (github mirror https://github.com/chu11/freeipmi-mirror). Unfortunately, my systems can't reproduce this error (likely b/c they are not implementing IPMI security correctly). But onto your error, so instead of "bad completion code" it should have given you a cleaner error message of something like "privilege level cannot be obtained". I bet that the new firmware fixed this security flaw, which is now leading to this problem. It likely means that you are trying to connect to a IPMI user on the system that has too low of a privilege level for what ipmi-sel requires. ipmi-sel defaults to OPERATOR privilege so I bet the IPMI user has a max privilege of USER. So if you connect to a user with appropriate privileges, it should work. You may be able to get away with setting "--privilege-level=USER" on ipmi-sel. IIRC the OPERATOR privileges are needed for some more advanced features, which you may not need/be using. Al On Wed, 2016-06-08 at 15:00 +0200, Werner Fischer wrote: > Hi Al, > > after an update of the IPMI firmware (from v3.15 to 3.40) on four > systems with Supermicro X9DR7-LN4F mainboard, IPMI queries with ipmi-sel > or ipmi-sensors via LAN fail with the following error: > > ipmi_ctx_open_outofband_2_0: bad completion code > > We have already tried to upload the firmware again (without preserving > configuration), but this did not help. > > We are using this command (ipmi.cfg has username/password): > /usr/sbin/ipmi-sel -h [IP] --config-file /etc/ipmi/ipmi.cfg > --driver-type=LAN_2_0 --output-event-state --interpret-oem-data > --entity-sensor-names --sensor-types=all > > We also executed the command with --debug. I've attached the output > (partially, because I'm not sure whether there may be sensitive data in > it as RAKP can be brute-force attacked). > > Of course we could try to remove power down the servers and pull power > chords, and test again. But as these are production systems I'd want to > ask whether you have any idea or if there is a workaround. > > PS: with firmware v3.15 we had no issues. I have tested the firmware > 3.40 on another system with X9SCM-F, but I do not get any errors there. > > Thanks for your help, > best regards, > Werner > _______________________________________________ > Freeipmi-users mailing list > Freeipmi-users@gnu.org > https://lists.gnu.org/mailman/listinfo/freeipmi-users -- Albert Chu ch...@llnl.gov Computer Scientist High Performance Systems Division Lawrence Livermore National Laboratory _______________________________________________ Freeipmi-users mailing list Freeipmi-users@gnu.org https://lists.gnu.org/mailman/listinfo/freeipmi-users