One tip I have in general is to change both username and password if you leave
the password lockout policy alone. That way USERID getting locked would not
matter because that's not the name you would use anyway.
I suspect that you have an override in ipmi table. nodels (nodes) ipmi --blame
That may show an override that was forgotten.
Incidentally that password expiry and lockout behaviors are available through
confluent discovery and nodeconfig. Additionally automatic handling of the
initial force password change is in the confluent remote discovery, though xcat
bmcsetup also should suffice.
________________________________
From: mark.berg...@uphs.upenn.edu <mark.berg...@uphs.upenn.edu>
Sent: Friday, February 14, 2020 7:14:37 PM
To: xCAT Users Mailing list
Subject: [External] [xcat-user] changed xcc password via ssh; xCAT (rpower,
etc) & XClarity fail to connect, now XCC ssh server locked on each node
On each node in our cluster, I changed the XClarity password via:
ssh USERID@nodename-xcc
and entering the command:
users -1 -p NewPassword
After that, I confirmed that I could successfully connect to the xcc
interface on each of the nodes via ssh using the new password.
I then updated the xCAT 'passwd' table with tabch, specifying the new
password in plain-text for both the 'impi' and 'blade' keys. The 'tabdump'
command seems to show that the table is correct.
However, connections to multiple nodes via xCAT utilities (ie.,
rpower) and the XClarity web interface both fail (with the new & old
passwords). The rpower command returns the error:
ERROR: Unauthorised role or privilege level requested
After those failures (particularly the XClarity web interface trying to
get the power & temp data from every cluster node) the XCC ssh server
on multiple nodes is now denying connections with:
Too many unsuccessful login attempts.
Please contact system administrator for any further questions
I'm running xCAT Version 2.14.6.lenovo4 (git commit
06d7097f42eca03db70c9eb93b8abeaf8ca1c2be, built Mon Dec 16 17:18:02
UTC 2019).
Any suggestions?
================================
[root@management ~]# ssh USERID@compute-001-xcc users -1
Password:
system> -n USERID
-a Read/Write
90 day(s)
-sauth none
-spriv none
-sacc Get
-strap none
system>
[root@management ~]#
[root@management ~]#
[root@management ~]# ssh USERID@compute-002-xcc users -1
^C
[root@management ~]# # previous SSH command hung
[root@management ~]#
[root@management ~]#
[root@management ~]# ssh USERID@compute-003-xcc users -1
Too many unsuccessful login attempts.
Please contact system administrator for any further questions
Received disconnect from 10.29.105.3 port 22:2: Too many authentication failures
Authentication failed.
[root@management ~]#
[root@management ~]#
[root@management ~]#
[root@management ~]# rpower compute-001 state
compute-001: on
[root@management ~]# rpower compute-002 state
compute-002: [management]: Error: ERROR: Incorrect password provided
[root@management ~]# rpower compute-003 state
compute-003: [management]: Error: ERROR: Unauthorised role or privilege level
requested
=============================================
Thanks,
Mark
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
