Hi Al, On Mit, 2016-06-08 at 10:22 -0700, Albert Chu wrote: > Hey Werner, > > Thanks for the report, it appears there was a bug in FreeIPMI that would > have made the bug easier to understand. you're most welcome. Thank you again very much for for great and outstanding support!
> According to your dump, 'set session privilege level' is reporting a > completion code of 0x80. The "bad completion code" error message is > because it doesn't recognize the error code. Looking deeper I have: > [...] > So I don't have a macro for 0x80. It ends up, this is in error. I > off-by-oned each of the above macros. They are supposed to be 0x80-0x82 > instead of 0x81-0x83. > > So I'll need to fix that. I've pushed this into the > freeipmi-1-5-0-stable branch if you could try it out? (github mirror > https://github.com/chu11/freeipmi-mirror). Unfortunately, my systems > can't reproduce this error (likely b/c they are not implementing IPMI > security correctly). Thank you. I have forwarded the info to the admin of the system. > But onto your error, so instead of "bad completion code" it should have > given you a cleaner error message of something like "privilege level > cannot be obtained". I bet that the new firmware fixed this security > flaw, which is now leading to this problem. > > It likely means that you are trying to connect to a IPMI user on the > system that has too low of a privilege level for what ipmi-sel requires. > ipmi-sel defaults to OPERATOR privilege so I bet the IPMI user has a max > privilege of USER. So if you connect to a user with appropriate > privileges, it should work. > > You may be able to get away with setting "--privilege-level=USER" on > ipmi-sel. IIRC the OPERATOR privileges are needed for some more > advanced features, which you may not need/be using. Thank you. I've also forwarded this info to the admin. I'll be out-of-office the rest of the day and tomorrow, so I'll probably give feedback on Monday how it worked. Al, thank you again for your help, best regards, Werner > > Al > > On Wed, 2016-06-08 at 15:00 +0200, Werner Fischer wrote: > > Hi Al, > > > > after an update of the IPMI firmware (from v3.15 to 3.40) on four > > systems with Supermicro X9DR7-LN4F mainboard, IPMI queries with ipmi-sel > > or ipmi-sensors via LAN fail with the following error: > > > > ipmi_ctx_open_outofband_2_0: bad completion code > > > > We have already tried to upload the firmware again (without preserving > > configuration), but this did not help. > > > > We are using this command (ipmi.cfg has username/password): > > /usr/sbin/ipmi-sel -h [IP] --config-file /etc/ipmi/ipmi.cfg > > --driver-type=LAN_2_0 --output-event-state --interpret-oem-data > > --entity-sensor-names --sensor-types=all > > > > We also executed the command with --debug. I've attached the output > > (partially, because I'm not sure whether there may be sensitive data in > > it as RAKP can be brute-force attacked). > > > > Of course we could try to remove power down the servers and pull power > > chords, and test again. But as these are production systems I'd want to > > ask whether you have any idea or if there is a workaround. > > > > PS: with firmware v3.15 we had no issues. I have tested the firmware > > 3.40 on another system with X9SCM-F, but I do not get any errors there. > > > > Thanks for your help, > > best regards, > > Werner > > _______________________________________________ > > Freeipmi-users mailing list > > Freeipmi-users@gnu.org > > https://lists.gnu.org/mailman/listinfo/freeipmi-users > _______________________________________________ Freeipmi-users mailing list Freeipmi-users@gnu.org https://lists.gnu.org/mailman/listinfo/freeipmi-users
