From: Vernon Mauery <vernon.mauery@linux.intel.com>
To: "Mohammed.Habeeb ISV" <mohammed.habeeb@inventec.com>
Cc: "openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org>
Subject: Re: ipmi lan interface question
Date: Tue, 9 Feb 2021 06:55:51 -0800 [thread overview]
Message-ID: <20210209145446.GA20035@mauery.jf.intel.com> (raw)
In-Reply-To: <PS2PR02MB35415290A2191B61F232947990B69@PS2PR02MB3541.apcprd02.prod.outlook.com>
On 01-Feb-2021 11:29 PM, Mohammed.Habeeb ISV wrote:
>Hi
>
>I am trying to test the ipmi lan interface for the first time. However, I see setting Authtype is failing. Please review the below logs and let me know if any inputs.
>OpenBMC Version is 2.9 .
>
>Setup:
>Openbmc machince 2.7(seahawk) ------openbmc machine 2.9(transformers)
>
>
>Below is the command outputs.
>
>/* 10.41.8.50 is transformers 2.9 BMC IP.*/
>seahawk:/# ipmitool -H 10.41.8.50 -U test -P test123 lan print -vvv
The default interface type (-I parameter) is lan, or in IPMI language,
RMCP 1/1.5 connection. OpenBMC does not support this type of connection
because it is terribly insecure. Make sure you choose RMCP+ (-I lanplus)
as your interface type and cipher suite 17 (-C 17).
On newer versions of ipmitool, it will automatically negotiate the best
cipher suite, but on older versions, it is best to choose 17.
--Vernon
>Sending IPMI/RMCP presence ping packet
>send_packet (12 bytes)
>06 00 ff 06 00 00 11 be 80 00 00 00
>ipmi_lan_send_cmd:opened=[1], open=[474656]
>>> IPMI Request Session Header (level 0)
>>> Authtype : NONE
>>> Sequence : 0x00000000
>>> Session ID : 0x00000000
>>> IPMI Request Message Header
>>> Rs Addr : 20
>>> NetFn : 06
>>> Rs LUN : 0
>>> Rq Addr : 81
>>> Rq Seq : 01
>>> Rq Lun : 0
>>> Command : 38
>send_packet (23 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 09 20 18
>c8 81 04 38 0e 04 31
>recv_packet (31 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c
>63 20 04 38 00 01 80 04 02 00 00 00 00 1d 00
>ipmi message header (31 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c
>63 20 04 38 00 01 80 04 02 00 00 00 00 1d 00
><< IPMI Response Session Header
><< Authtype : NONE
><< Sequence : 0x00000000
><< Session ID : 0x00000000
><< IPMI Response Message Header
><< Rq Addr : 81
><< NetFn : 07
><< Rq LUN : 0
><< Rs Addr : 20
><< Rq Seq : 01
><< Rs Lun : 0+
><< Command : 38
><< Compl Code : 0x00
>get_auth_capabilities (9 bytes)
>01 80 04 02 00 00 00 00 1d
>Channel 01 Authentication Capabilities:
> Privilege Level : ADMINISTRATOR
> Auth Types :
> Per-msg auth : enabled
> User level auth : enabled
> Non-null users : enabled
> Null users : disabled
> Anonymous login : disabled
>
>Authentication type NONE not supported
>Error: Unable to establish LAN session
>Error: Unable to establish IPMI v1.5 / RMCP session
>seahawk:/#
>
>Since , AuthType NONE is not supported tried to set the auth type to MD5 but it fails.
>sysadmin@transformers:~# ipmitool lan set 1 auth Admin MD5,PASSWORD -vvv
>Loading IANA PEN Registry...
>Running Get PICMG Properties my_addr 0x20, transit 0, target 0
>Error response 0xc1 from Get PICMG Properties
>Running Get VSO Capabilities my_addr 0x20, transit 0, target 0
>Invalid completion code received: Invalid command
>Acquire IPMB address
>Discovered IPMB address 0x0
>Interface address: my_addr 0x20 transit 0:0 target 0x20:0 ipmb_target 0
>
>Channel type: 802.3 LAN
>Auth Type Enable : callback=0x00 user=0x00 operator=0x00 admin=0x00 oem=0x00
>authtype data (5 bytes)
>00 00 00 14 00
>Warning: Set LAN Parameter failed: Unknown (0x82)
>sysadmin@transformers:~#
>
>sysadmin@transformers:~# ipmitool channel getaccess 1 4
>Maximum User IDs : 15
>Enabled User IDs : 4
>
>User ID : 4
>User Name : test
>Fixed Name : No
>Access Available : callback
>Link Authentication : enabled
>IPMI Messaging : enabled
>Privilege Level : ADMINISTRATOR
>Enable Status : enabled
>sysadmin@transformers:~#
prev parent reply other threads:[~2021-02-09 14:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-01 23:29 ipmi lan interface question Mohammed.Habeeb ISV
2021-02-02 1:24 ` Troy Lee
2021-02-09 14:55 ` Vernon Mauery [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210209145446.GA20035@mauery.jf.intel.com \
--to=vernon.mauery@linux.intel.com \
--cc=mohammed.habeeb@inventec.com \
--cc=openbmc@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).