Re: [Ipmitool-devel] authorization problems with SUN smdc card

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

hi Holger, 

thanks for your reply ! I tried the option "-L", but the program does not support it : 

./ipmitool -H 192.168.1.NN -vv -I lan -U OEM -L OEM sunoem fan speed 90
ipmitool: illegal option -- L
ipmitool version 1.8.11

usage: ipmitool [options...] <command>

       -h             This help
       -V             Show version information
       -v             Verbose (can use multiple times)
       -c             Display output in comma separated format
       -d N           Specify a /dev/ipmiN device to use (default=0)
       -I intf        Interface to use
       -H hostname    Remote host name for LAN interface
       -p port        Remote RMCP port [default=623]
       -U username    Remote session username
       -f file        Read remote session password from file
       -S sdr         Use local file for remote SDR cache

It is the "ipmitool" that I got from SourceForge, version (as you can see in its reply) 1.8.11 

Is there some other version that supports this option "-L" ? 

rgds 

Rob

Citeren "Liebig, Holger" <hol...@ts...>: 

> Rob, 
>
> there is a difference between a user's maximum  privilege and the maximum session privilege which is requested during initial session handshake. Ipmitool defaults to a session privilege of administrator. Please try again with the OEM user and add ?L OEM. 
>
> Holger 
>
> FROM: Rob De Langhe [mailto:rob...@tw...] 
> SENT: Monday, November 07, 2011 8:41 PM
> TO: ipm...@li...
> SUBJECT: [Ipmitool-devel] authorization problems with SUN smdc card  
>
> hi all,
>
> this is my first post here, so I hope that I respect this mailing list's policies...
>
> I got a SUN X2100 server with the optional SMDC card, and managed to get it to work : that is, I had to boot off the X2100 Supplementary CD, and configure the card's IP settings and passwords for the 4 default accounts (blank, operator, admin and oem).
>
> Now I can access the card via the Solaris-bundled "/usr/sbin/ipmitool", as well as via the SourceForge "ipmitool". All this on Solaris-10, and using the "lan" interface, not the "bmc" interface.
>
> The main reasons for the SMDC card are:
> - providing me a remote console access to the server : this is fine, works correctly via the "ipmitool"
> - being able to adjust the fan speeds, a topic that has been widely discussed on the web by a vast amount of (deaf, by now) X2100 owners complaining about extreme fan speed/noise. This still doesn't work for me.
>
> The settings of the fan speed, by lack of any documentation, seems to be done via some "ipmitool" command that sets some percentage :
>  /usr/sbin/ipmitool -H 192.168.1.NN -I lan -U OEM sunoem fan speed 90
> Password:
> Sun OEM Set Fan Speed command failed: Insufficient privilege level
>
> Curious, since this "OEM" account has got the highest privilege level for such commands:
>
> % ipmitool -H 192.168.1.NN -I lan -U Admin user list 2
> Password:
> ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
> 1                    true    true       true       USER
> 2   Operator         true    true       true       OPERATOR
> 3   Admin            true    true       true       ADMINISTRATOR
> 4   OEM              true    true       true       OEM
> (the last argument "2" to "ipmitool" is the so-called channel number; the output is the same for channels 0 and 1)
>
> However, when I ask more verbose output from the command, I see that it doesn't use the "OEM" user, but instead the "Administrator" user, which obviously hasn't the right privileges to make such fan adjustments:
>
> % ipmitool -H 192.168.1.NN -vv -I lan -U OEM sunoem fan speed 90
> Password:
> ipmi_lan_send_cmd:opened=[0], open=[134824980]
> IPMI LAN host 192.168.1.NN port 623
> Sending IPMI/RMCP presence ping packet
> Received IPMI/RMCP response packet:
>   IPMI Supported
>   ASF Version 1.0
>   RMCP Version 1.0
>   RMCP Sequence 255
>   IANA Enterprise 4542
>
> ipmi_lan_send_cmd:opened=[1], open=[134824980]
> Channel 02 Authentication Capabilities:
>   Privilege Level : ADMINISTRATOR
>   Auth Types      : MD5 PASSWORD
>   Per-msg auth    : enabled
>   User level auth : enabled
>   Non-null users  : enabled
>   Null users      : enabled
>   Anonymous login : disabled
>
> Proceeding with AuthType MD5
> ipmi_lan_send_cmd:opened=[1], open=[134824980]
> Opening Session
>   Session ID      : 392b5cca
>   Challenge       : .................................
>   Privilege Level : ADMINISTRATOR
>   Auth Type       : MD5
> ipmi_lan_send_cmd:opened=[1], open=[134824980]
>
> Session Activated
>   Auth Type       : MD5
>   Max Priv Level  : ADMINISTRATOR
>   Session ID      : 392b5cca
>   Inbound Seq     : 00000001
>
> ipmi_lan_send_cmd:opened=[1], open=[134824980]
> Set Session Privilege Level to ADMINISTRATOR
>
>         opened=[1], open=[134824980]
> Sun OEM Set Fan Speed command failed: Insufficient privilege level
> ipmi_lan_send_cmd:opened=[1], open=[134824980]
> Closed Session 392b5cca
>
> Do you notice the
>       Privilege Level : ADMINISTRATOR
> line, instead of OEM ?
>
> ==> Has anyone any clue about why this might refuse to consider the OEM user ?
>
> many thanks in advance for any hints or tips
>
> Rob
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.