Menu
▾
▴
Re: [Ipmitool-devel] SOL activation - error in activate payload
|
From: yugender y. <red...@gm...> - 2007-05-24 13:28:48
|
Hi , yes, sol is activating now, by without mentioning cipher cuite. thanks for the help Holger. And i have few more doubts. 1. How to redirect the console? The redirection is enabled in the target system's BIOS. but i cudnt see the prompt. I saw in one of the archives that the below line to be added in /etc/inittab co:2345:respawn:/sbin/agetty ttyS1 9600 vt100-nav and run the command "/sbin/telinit q". I wonder this has to be done on the host or target. My target has only DOS, and I suppose this has to be added in host only. correct me, if i am wrong. 2. what does every parameter in this actually mean? co:2345:respawn:/sbin/agetty ttyS1 9600 vt100-nav 3. what command does ipmitool sends to BMC to request console redirection? and via which session and packet formats? Thanks yugender On 5/21/07, Liebig, Holger <Hol...@fu...> wrote: > > > ------------------------------ > > Hi, > I am using ipmitool v1.8.8 in Red Hat Enterprise Linux. I have a > doubt regarding SOL in lanplus. > ipmitool -v -v -v -A MD5 -o intelplus -C 0 -I lanplus -H > 192.168.3.81 sol activate > > RMCP+ open session request negotiates with BMC for authentication > NONE. After successful RAKP(1-4) messages, the Activate Payload command is > sent requesting for SOL payload activation with encryption and > authentication. This cannot be done as per the IPMIv2.0 specifications, > right? > > There are two things to be noted, > 1. I am specifying the authentication type as MD5. But while opening the > session, it doesn't go for it. > [Liebig, Holger] MD5 Authentication is only valid for IPMI 1.5 sessions. > This option is ignored for lanplus, only the Ciphersuite -C n is > evaluated. There are ciphersuites defined which use HMAC-MD5 for > Authentication and HMAC-MD5-128 or MD5-128 for integrity, but these are not > mandatory for a BMC to implement. > 2. Encryption cannot be done alone, it should be accompanied by > authentication too. So how can it ask for encryption while the > authentication is negotiated for none. > [Liebig, Holger] See above, the -C 0 command line parameter specifies no > auth / no integrity / no encryption. > For these reasons, the payload activation is getting rejected. > [Liebig, Holger] As far as I remember, the sol activate command always > uses encryption and authentication for this payload type, independend from > the specified ciphersuite. Even if you modify ipmitool to evaluate/match > the generic session settings, the BMC can decide that the SOL payload needs > to be activated with encryption. The ipmi spec also defines for SOL, that if > you use encryption, you also need to use authentication. > > Please try again without specifying a ciphersuite, which will default to > Ciphersuite 3. > > Best regards, > Holger > > > > |