Hello,
(Quoting a lot of data because this mail is really old) On Friday 28 July 2006, alle 15:16, Duncan Laurie wrote: > >I've a problem with the user access. I would like to add an OPERATOR priv > >to > >an user, but I've got this error: > > > >[EMAIL PROTECTED] sbin]# ipmitool user list 1 > >ID Name Callin Link Auth IPMI Msg Channel Priv Limit > >1 true false true ADMINISTRATOR > >2 ADMIN true true true ADMINISTRATOR > >3 operator true true true NO ACCESS > >[EMAIL PROTECTED] sbin]# ipmitool user priv 3 OPERATOR 1 > >Set Privilege Level command failed (user 3) > >[EMAIL PROTECTED] sbin]# ipmitool -vvvv user priv 3 OPERATOR 1 > >Set IPMB address to 0x20 > >OpenIPMI Request Message (3 bytes) > >0e 03 00 > >Sending request to System Interface > >Set Privilege Level command failed (user 3) > > > >Have you any idea? > > There are a couple of problems with this command as it is now... > > First, ipmitool is not interpreting the text-based privilege limits for the > "user priv" command at the moment, so use the numeric version (USER=2, > OPERATOR=3, ADMIN=4) instead. > > Second many many BMCs seem to require the optional 4th byte and will error > out if it is not provided so I am adding this byte in for the next release. > > Third, and this doesn't affect you because you specified the channel number, > but many BMCs seem to dislike using the default channel of 14 and will error > out if the actual number is not provided. > > Since I have not yet put fixes in a release you may construct a raw command > to acheive this command: > > raw 0x6 0x43 0x1 0x3 0x3 0x0 I've noticed that with this command some BMCs stop to works. The machine sends packets to the BMC, the BMC receive packets and sends, but stop to work reading the SDR. (I've only SuperMicro BMC, the AOC-IPMI20-E). For example: higgs:~# ipmitool -vvvvI lan -H lxdev14.cern.ch -P kPwwvtI9 sensor Querying SDR for sensor list ipmi_lan_send_cmd:opened=[0], open=[134708000] IPMI LAN host lxdev14.cern.ch port 623 Sending IPMI/RMCP presence ping packet send_packet (12 bytes) 06 00 ff 06 00 00 11 be 80 00 00 00 Received IPMI/RMCP response packet: IPMI Supported ASF Version 1.0 RMCP Version 1.0 RMCP Sequence 255 IANA Enterprise 4542 ipmi_lan_send_cmd:opened=[1], open=[134708000] >> IPMI Request Session Header >> Authtype : NONE >> Sequence : 0x00000000 >> Session ID : 0x00000000 >> IPMI Request Message Header >> Rs Addr : 20 >> NetFn : 06 >> Rs LUN : 0 >> Rq Addr : 81 >> Rq Seq : 00 >> Rq Lun : 0 >> Command : 38 send_packet (23 bytes) 06 00 ff 07 00 00 00 00 00 00 00 00 00 09 20 18 c8 81 00 38 0e 04 35 ipmi message header (30 bytes) 06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c 63 20 00 38 00 01 04 06 00 00 00 00 00 9d << IPMI Response Session Header << Authtype : NONE << Sequence : 0x00000000 << Session ID : 0x00000000 << IPMI Response Message Header << Rq Addr : 81 << NetFn : 07 << Rq LUN : 0 << Rs Addr : 20 << Rq Seq : 00 << Rs Lun : 0 << Command : 38 << Compl Code : 0x00 IPMI Request Match found get_auth_capabilities (8 bytes) 01 04 06 00 00 00 00 00 Channel 01 Authentication Capabilities: Privilege Level : ADMINISTRATOR Auth Types : MD5 Per-msg auth : enabled User level auth : enabled Non-null users : enabled Null users : enabled Anonymous login : disabled Proceeding with AuthType MD5 ipmi_lan_send_cmd:opened=[1], open=[134708000] >> IPMI Request Session Header >> Authtype : MD5 >> Sequence : 0x00000000 >> Session ID : 0x00000000 >> IPMI Request Message Header >> Rs Addr : 20 >> NetFn : 06 >> Rs LUN : 0 >> Rq Addr : 81 >> Rq Seq : 01 >> Rq Lun : 0 >> Command : 39 send_packet (38 bytes) 06 00 ff 07 00 00 00 00 00 00 00 00 00 18 20 18 c8 81 04 39 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 ipmi message header (42 bytes) 06 00 ff 07 00 00 00 00 00 00 00 00 00 1c 81 1c 63 20 04 39 00 01 08 00 02 9f 46 07 5e 9c 43 04 68 8c 33 f4 6a 6a 11 d2 4c 4d << IPMI Response Session Header << Authtype : NONE << Sequence : 0x00000000 << Session ID : 0x00000000 << IPMI Response Message Header << Rq Addr : 81 << NetFn : 07 << Rq LUN : 0 << Rs Addr : 20 << Rq Seq : 01 << Rs Lun : 0 << Command : 39 << Compl Code : 0x00 IPMI Request Match found get_session_challenge (20 bytes) 01 08 00 02 9f 46 07 5e 9c 43 04 68 8c 33 f4 6a 6a 11 d2 4c Opening Session Session ID : 02000801 Challenge : 9f46075e9c4304688c33f46a6a11d24c Privilege Level : ADMINISTRATOR Auth Type : MD5 ipmi_lan_send_cmd:opened=[1], open=[134708000] >> IPMI Request Session Header >> Authtype : MD5 >> Sequence : 0x00000000 >> Session ID : 0x02000801 >> IPMI Request Message Header >> Rs Addr : 20 >> NetFn : 06 >> Rs LUN : 0 >> Rq Addr : 81 >> Rq Seq : 02 >> Rq Lun : 0 >> Command : 3a MD5 AuthCode : a698192cc831dff2c31187bfce26c95b send_packet (59 bytes) 06 00 ff 07 02 00 00 00 00 01 08 00 02 a6 98 19 2c c8 31 df f2 c3 11 87 bf ce 26 c9 5b 1d 20 18 c8 81 08 3a 02 04 9f 46 07 5e 9c 43 04 68 8c 33 f4 6a 6a 11 d2 4c cc 66 c5 c9 2c send_packet (59 bytes) 06 00 ff 07 02 00 00 00 00 01 08 00 02 a6 98 19 2c c8 31 df f2 c3 11 87 bf ce 26 c9 5b 1d 20 18 c8 81 08 3a 02 04 9f 46 07 5e 9c 43 04 68 8c 33 f4 6a 6a 11 d2 4c cc 66 c5 c9 2c send_packet (59 bytes) 06 00 ff 07 02 00 00 00 00 01 08 00 02 a6 98 19 2c c8 31 df f2 c3 11 87 bf ce 26 c9 5b 1d 20 18 c8 81 08 3a 02 04 9f 46 07 5e 9c 43 04 68 8c 33 f4 6a 6a 11 d2 4c cc 66 c5 c9 2c send_packet (59 bytes) 06 00 ff 07 02 00 00 00 00 01 08 00 02 a6 98 19 2c c8 31 df f2 c3 11 87 bf ce 26 c9 5b 1d 20 18 c8 81 08 3a 02 04 9f 46 07 5e 9c 43 04 68 8c 33 f4 6a 6a 11 d2 4c cc 66 c5 c9 2c No response from remote controller Activate Session command failed Error: Unable to establish LAN session ipmi_lan_send_cmd failed to open intf Get Device ID command failed Unable to open SDR for reading -- Massimiliano Masi http://www.comunidelchianti.it/~max ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
