openbmc.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: Vernon Mauery <vernon.mauery@linux.intel.com>
To: "Mohammed.Habeeb ISV" <mohammed.habeeb@inventec.com>
Cc: "openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org>
Subject: Re: ipmi lan interface question
Date: Tue, 9 Feb 2021 06:55:51 -0800	[thread overview]
Message-ID: <20210209145446.GA20035@mauery.jf.intel.com> (raw)
In-Reply-To: <PS2PR02MB35415290A2191B61F232947990B69@PS2PR02MB3541.apcprd02.prod.outlook.com>

On 01-Feb-2021 11:29 PM, Mohammed.Habeeb ISV wrote:
>Hi
>
>I am trying to test the ipmi lan interface for the first time. However, I see setting Authtype is failing. Please review the below logs and let me know if any inputs.
>OpenBMC Version is 2.9 .
>
>Setup:
>Openbmc machince 2.7(seahawk) ------openbmc machine 2.9(transformers)
>
>
>Below is the command outputs.
>
>/* 10.41.8.50 is transformers 2.9 BMC IP.*/
>seahawk:/# ipmitool -H 10.41.8.50 -U test -P test123 lan print -vvv

The default interface type (-I parameter) is lan, or in IPMI language, 
RMCP 1/1.5 connection. OpenBMC does not support this type of connection 
because it is terribly insecure. Make sure you choose RMCP+ (-I lanplus) 
as your interface type and cipher suite 17 (-C 17).

On newer versions of ipmitool, it will automatically negotiate the best 
cipher suite, but on older versions, it is best to choose 17.

--Vernon

>Sending IPMI/RMCP presence ping packet
>send_packet (12 bytes)
>06 00 ff 06 00 00 11 be 80 00 00 00
>ipmi_lan_send_cmd:opened=[1], open=[474656]
>>> IPMI Request Session Header (level 0)
>>>   Authtype   : NONE
>>>   Sequence   : 0x00000000
>>>   Session ID : 0x00000000
>>> IPMI Request Message Header
>>>   Rs Addr    : 20
>>>   NetFn      : 06
>>>   Rs LUN     : 0
>>>   Rq Addr    : 81
>>>   Rq Seq     : 01
>>>   Rq Lun     : 0
>>>   Command    : 38
>send_packet (23 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 09 20 18
>c8 81 04 38 0e 04 31
>recv_packet (31 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c
>63 20 04 38 00 01 80 04 02 00 00 00 00 1d 00
>ipmi message header (31 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c
>63 20 04 38 00 01 80 04 02 00 00 00 00 1d 00
><< IPMI Response Session Header
><<   Authtype   : NONE
><<   Sequence   : 0x00000000
><<   Session ID : 0x00000000
><< IPMI Response Message Header
><<   Rq Addr    : 81
><<   NetFn      : 07
><<   Rq LUN     : 0
><<   Rs Addr    : 20
><<   Rq Seq     : 01
><<   Rs Lun     : 0+
><<   Command    : 38
><<   Compl Code : 0x00
>get_auth_capabilities (9 bytes)
>01 80 04 02 00 00 00 00 1d
>Channel 01 Authentication Capabilities:
>  Privilege Level : ADMINISTRATOR
>  Auth Types      :
>  Per-msg auth    : enabled
>  User level auth : enabled
>  Non-null users  : enabled
>  Null users      : disabled
>  Anonymous login : disabled
>
>Authentication type NONE not supported
>Error: Unable to establish LAN session
>Error: Unable to establish IPMI v1.5 / RMCP session
>seahawk:/#
>
>Since , AuthType NONE is not supported tried to set the auth type to MD5 but it fails.
>sysadmin@transformers:~# ipmitool lan set 1 auth Admin MD5,PASSWORD -vvv
>Loading IANA PEN Registry...
>Running Get PICMG Properties my_addr 0x20, transit 0, target 0
>Error response 0xc1 from Get PICMG Properties
>Running Get VSO Capabilities my_addr 0x20, transit 0, target 0
>Invalid completion code received: Invalid command
>Acquire IPMB address
>Discovered IPMB address 0x0
>Interface address: my_addr 0x20 transit 0:0 target 0x20:0 ipmb_target 0
>
>Channel type: 802.3 LAN
>Auth Type Enable        : callback=0x00 user=0x00 operator=0x00 admin=0x00 oem=0x00
>authtype data (5 bytes)
>00 00 00 14 00
>Warning: Set LAN Parameter failed: Unknown (0x82)
>sysadmin@transformers:~#
>
>sysadmin@transformers:~# ipmitool channel getaccess 1 4
>Maximum User IDs     : 15
>Enabled User IDs     : 4
>
>User ID              : 4
>User Name            : test
>Fixed Name           : No
>Access Available     : callback
>Link Authentication  : enabled
>IPMI Messaging       : enabled
>Privilege Level      : ADMINISTRATOR
>Enable Status        : enabled
>sysadmin@transformers:~#

      parent reply	other threads:[~2021-02-09 14:58 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-01 23:29 ipmi lan interface question Mohammed.Habeeb ISV
2021-02-02  1:24 ` Troy Lee
2021-02-09 14:55 ` Vernon Mauery [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210209145446.GA20035@mauery.jf.intel.com \
    --to=vernon.mauery@linux.intel.com \
    --cc=mohammed.habeeb@inventec.com \
    --cc=openbmc@lists.ozlabs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).