As an FYI, if ipmitool lan print shows priv max as 'a', 'o', or 'O' be aware a malicious user can go in and turn off your system and all that without your password.
Are you talking about a way once authenticated to get the info or when
trying to establish a session? Since you can display the info if you have
privilege to display (e.g. via KCS during setup)
From: Hank Bruning <h...@jblade.com>
To: "Szabo, Steve G" <steve.g.sz...@tdsecurities.com>,
ipmitool-devel@lists.sourceforge.net
Date: 01/21/2011 02:03 PM
Subject: Re: [Ipmitool-devel] Set Session Privilege Level to
ADMINISTRATOR failed
if your are using IPMI 2.0 RMCP sessions then you must use an OEM way to
find which privilege level is assigned to an IPMI cipher suite.
Often cipher suite 0 can not be used for Administrator or User roles.
What you are asking is outside the spec. In my opinion the spec is faulty
that a privilege level (admin, user, callback, etc)can not be queried for
which cipher suites that are supported. This is a major fail for the IPMI
spec.
Our Retuli product implements a proprietary way to do this. It's not widely
used.
Please ping Dell or Intel on you request. It's not new but more voices
heard might move an iceburg
h...@jblade.com
IPMI Architecture Group
JBlade
On 01/21/2011 10:10 AM, Szabo, Steve G wrote:
Anyone know which privilege is required when accessing ProLiant
BL460c G6?
$ ipmitool -vv -I lanplus -U someguy -H somehost -P somepass channel
info
IPMI LAN host somehost port 623
>> Sending IPMI command payload
>> netfn : 0x06
>> command : 0x38
>> data : 0x8e 0x04
>> SENDING AN OPEN SESSION REQUEST
<<OPEN SESSION RESPONSE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Maximum privilege level : admin
<< Console Session ID : 0xa0a2a3a4
<< BMC Session ID : 0x0086219a
<< Negotiated authenticatin algorithm : hmac_sha1
<< Negotiated integrity algorithm : hmac_sha1_96
<< Negotiated encryption algorithm : aes_cbc_128
>> Console generated random number (16 bytes)
42 21 af 9e be 27 90 14 c0 08 82 00 4d 86 88 65
>> SENDING A RAKP 1 MESSAGE
<<RAKP 2 MESSAGE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Console Session ID : 0xa0a2a3a4
<< BMC random number :
0x3de07bce4ebad1deb8365f560bb22463
<< BMC GUID :
0x3530373737394d585130313030334454
<< Key exchange auth code [sha1] :
0xf102da4902ea7e1e68a2d44882b2c57fcfa70236
session integrity key input (40 bytes)
42 21 af 9e be 27 90 14 c0 08 82 00 4d 86 88 65
3d e0 7b ce 4e ba d1 de b8 36 5f 56 0b b2 24 63
14 06 73 79 73 6f 70 73
Generated session integrity key (20 bytes)
ab 09 95 ee 2f 3d 08 25 20 7f 52 40 52 22 ab 4f
9c e9 17 1a
Generated K1 (20 bytes)
52 ad 59 e4 f9 14 89 ed 68 97 cc bd 5d 86 4f 0b
0c 8f f9 b8
Generated K2 (20 bytes)
8b 9e f8 b4 d7 00 f4 68 c2 34 57 fd e4 16 21 1c
ac 8b d1 99
>> SENDING A RAKP 3 MESSAGE
<<RAKP 4 MESSAGE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Console Session ID : 0xa0a2a3a4
<< Key exchange auth code [sha1] : 0x6d9720c5ac3de5e28e47fedc
IPMIv2 / RMCP+ SESSION OPENED SUCCESSFULLY
>> Sending IPMI command payload
>> netfn : 0x06
>> command : 0x3b
>> data : 0x04
Set Session Privilege Level to ADMINISTRATOR failed: Unknown (0x81)
Error: Unable to establish IPMI v2 / RMCP+ session
Unable to Get Channel Info
Cheers
-------------------------------------------------------------------------
NOTICE: Confidential message which may be privileged. Unauthorized
use/disclosure prohibited. If received in error, please go to
www.td.com/legal for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié.
Utilisation/divulgation interdites sans permission. Si reçu par
erreur, prière d'aller au www.td.com/francais/avis_juridique pour des
instructions.
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better
price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better
price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
<<inline: graycol.gif>>
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
