if your are using IPMI 2.0 RMCP sessions then you must use an OEM way to
find which privilege level is assigned to an IPMI cipher suite.
Often cipher suite 0 can not be used for Administrator or User roles.
What you are asking is outside the spec. In my opinion the spec is
faulty that a privilege level (admin, user, callback, etc)can not be
queried for which cipher suites that are supported. This is a major fail
for the IPMI spec.
Our Retuli product implements a proprietary way to do this. It's not
widely used.
Please ping Dell or Intel on you request. It's not new but more voices
heard might move an iceburg
h...@jblade.com
IPMI Architecture Group
JBlade
On 01/21/2011 10:10 AM, Szabo, Steve G wrote:
Anyone know which privilege is required when accessing ProLiant BL460c G6?
$ ipmitool -vv -I lanplus -U someguy -H somehost -P somepasschannel info
IPMI LAN host somehost port 623
>> Sending IPMI command payload
>> netfn : 0x06
>> command : 0x38
>> data : 0x8e 0x04
>> SENDING AN OPEN SESSION REQUEST
<<OPEN SESSION RESPONSE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Maximum privilege level : admin
<< Console Session ID : 0xa0a2a3a4
<< BMC Session ID : 0x0086219a
<< Negotiated authenticatin algorithm : hmac_sha1
<< Negotiated integrity algorithm : hmac_sha1_96
<< Negotiated encryption algorithm : aes_cbc_128
>> Console generated random number (16 bytes)
42 21 af 9e be 27 90 14 c0 08 82 00 4d 86 88 65
>> SENDING A RAKP 1 MESSAGE
<<RAKP 2 MESSAGE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Console Session ID : 0xa0a2a3a4
<< BMC random number : 0x3de07bce4ebad1deb8365f560bb22463
<< BMC GUID : 0x3530373737394d585130313030334454
<< Key exchange auth code [sha1] :
0xf102da4902ea7e1e68a2d44882b2c57fcfa70236
session integrity key input (40 bytes)
42 21 af 9e be 27 90 14 c0 08 82 00 4d 86 88 65
3d e0 7b ce 4e ba d1 de b8 36 5f 56 0b b2 24 63
14 06 73 79 73 6f 70 73
Generated session integrity key (20 bytes)
ab 09 95 ee 2f 3d 08 25 20 7f 52 40 52 22 ab 4f
9c e9 17 1a
Generated K1 (20 bytes)
52 ad 59 e4 f9 14 89 ed 68 97 cc bd 5d 86 4f 0b
0c 8f f9 b8
Generated K2 (20 bytes)
8b 9e f8 b4 d7 00 f4 68 c2 34 57 fd e4 16 21 1c
ac 8b d1 99
>> SENDING A RAKP 3 MESSAGE
<<RAKP 4 MESSAGE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Console Session ID : 0xa0a2a3a4
<< Key exchange auth code [sha1] : 0x6d9720c5ac3de5e28e47fedc
IPMIv2 / RMCP+ SESSION OPENED SUCCESSFULLY
>> Sending IPMI command payload
>> netfn : 0x06
>> command : 0x3b
>> data : 0x04
Set Session Privilege Level to ADMINISTRATOR failed: Unknown (0x81)
Error: Unable to establish IPMI v2 / RMCP+ session
Unable to Get Channel Info
Cheers
-------------------------------------------------------------------------
NOTICE: Confidential message which may be privileged. Unauthorized
use/disclosure prohibited. If received in error, please go to
www.td.com/legal for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié.
Utilisation/divulgation interdites sans permission. Si reçu par
erreur, prière d'aller au www.td.com/francais/avis_juridique pour des
instructions.
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
