I don’t know if you’re talking about LeSI systems or not, but we bought a bunch of Lenovo equipment as part of one of these solutions recently and the username is admin with the password being in the form of the LeROM number and being provided with the paperwork about the cluster.
We’ve gotten bitten by all the rest of it as well, re: the 90 day expirations (nothing has been installed within 90 days of the password being set this year due to pandemic-related delays). We actually use Warewulf for our cluster (I’m on this list because of DSS-Gs), but the 24 hour password change thing usually bites us as well, as all of the settings are reapplied on boot, and sometimes we boot a node more than once a day. The nodes are less of a problem, but the SMM are tricky due to reduced access to them (nodes are simple as they are up and you can change settings via ipmitool and ASU). -- #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - novos...@rutgers.edu<mailto:novos...@rutgers.edu> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark `' On Feb 12, 2021, at 09:06, Jarrod Johnson <jjohns...@lenovo.com> wrote: So, for reference, there has been some adapting in the confluent out of band discovery to follow the password situation. In theory, in-band bmcsetup should be fine. An ipmi over kcs password change should count, and doesn't check old password. However it rejects by default: -Too simple passwords -Passwords shorter than 10 characters -More than one password change in 24 hours Out of band, confluent knows how to negotiate the first password change. It also has the bmc settings with password policies: # nodeconfig d1 bmc d1: bmc.ipv4_address: 172.30.83.1/16 d1: bmc.ipv4_method: Static d1: bmc.ipv4_gateway: d1: bmc.hostname: d1: bmc.password_change_interval: 0 d1: bmc.password_complexity: 1 d1: bmc.password_expiration: 90 d1: bmc.password_lockout_period: 60 d1: bmc.password_login_failures: 5 d1: bmc.password_min_length: 10 d1: bmc.password_reuse_count: 5 d1: bmc.presence_assert: Disable d1: bmc.smm: Enable d1: bmc.smm_ip: 172.30.230.3 I have a python script to remotely unexpire passwords: https://github.com/lenovo/confluent/blob/master/misc/fixexpiry.py [https://avatars.githubusercontent.com/u/13356730?s=400&v=4]<https://github.com/lenovo/confluent/blob/master/misc/fixexpiry.py> lenovo/confluent<https://github.com/lenovo/confluent/blob/master/misc/fixexpiry.py> xCAT confluent - replacement of conserver and eventually xcatd - lenovo/confluent github.com ________________________________ From: mark.berg...@uphs.upenn.edu <mark.berg...@uphs.upenn.edu> Sent: Thursday, February 11, 2021 8:23 PM To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net> Subject: Re: [xcat-user] 回复: [External] running bmc setup and the USERID password In the message dated: Fri, 12 Feb 2021 00:48:10 +0000, The pithy ruminations from peter CZ1 Peng on [[xcat-user] =?utf-8?b?5Zue5aSNOiBbRXh0ZXJuYWxdICAgcnVubmluZyBi?= =?utf-8?q?mc_setup_and_the_USERID_password?=] were: => Hi ,Damir The new policy implementation due to California PASSWORD Law => requirement ,so if you want to keep the default USERID/PASSW0RD ,so IMM => settings should be update (please be note that if you load default IMM, => the settings would be default as below ) => => => => IMM.ComplexPassword=Enabled => IMM.FirstAccessPwChange=Enabled => IMM.PasswordReuse=5 Passwords => IMM.PasswordAge=90 => IMM.MinPasswordLen=10 => IMM.DefPasswordExp=Enabled => IMM.ComplexPassword=Enabled Yes, we got bitten by that as well -- did an automated password change, then 90days later they were all expired. :( Does the "-n" option to bncdiscover also reset the complexity & password expiration rules? Thanks, Mark => => => => => => => => Best wishes, => => Peter CZ Peng 彭成柱 Global Engineering - Complex Solutions => TE Lenovo systems Technology (Shenzhen) Co., Ltd 1/F,3# Tower => , Great Wall Technology Building, Nanshan District science => and Technology Park, Shenzhen, China Phone: +86 181 2997 7350 => peng...@lenovo.com<mailto:peng...@lenovo.com> => _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
