freeipmi-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Freeipmi-devel] Re: [llnl-devel] How to enable users on the BMC

From: brian . lavender
Subject: [Freeipmi-devel] Re: [llnl-devel] How to enable users on the BMC
Date: Tue, 23 Dec 2003 18:12:35 -0800 (PST)
User-agent: SquirrelMail/1.4.0 
Hmm, I applied your patch, and when I verified with Intel's SMU utility, I
get  "Password is clear" for that user. Are you sure you just didn't set a
user with no password?

I tried Ian's latest, and we still have disabled users.

brian

> Hey Brian,
>
> Try my following uhhh "diff" ... (+ is new line, - is remove line)
>
>      //  Now enable the user
> +    pkt[0] = ipmi_netfn2byte (net_fn);
> +    pkt[1] = IPMI_CMD_SET_USER_PASSWORD_CMD;
> -    pkt[2] = 0x01;
> +    pkt[2] = (unsigned)uid;
> +     pkt[3] = 0x01;
>       // no need to put data in password buffer
> -     memset (pkt + 4, 0, 16);
>
>
> Al
>
> --
> Albert Chu
> address@hidden
> Lawrence Livermore National Laboratory
>
> ----- Original Message -----
> From: address@hidden
> Date: Tuesday, December 23, 2003 4:07 pm
> Subject: Re: [llnl-devel] How to enable users on the BMC
>
>> Albert,
>>
>> I can't quite figure out your changes. AB is working on it, but I was
>> hoping to apply them myself. Can you send a diff to bmc-make-user.c ?
>>
>> Here is what I came up with, but it doesn't work.
>>
>> brian
>>
>> > Hey Ian,
>> >
>> > I figured it out and I was able to enable a user on one of our test
>> > nodes and was able to successfully power status that node with
>> that user.
>> >
>> > The bug is in your bmc-make-user program.
>> >
>> > If you take a look at the set-user-password command on 18.27 of
>> the IPMI
>> > spec, you need to execute the set-user-password command TWICE.
>> >
>> > One time, you set the user-password by setting the second byte of
>> the> command 0x02...
>> >
>> > Then, you have to call set-user-password again, setting the
>> second byte
>> > of the command to 0x01.
>> >
>> > Here's what I did to make it work on our system (after I used your
>> > bmc-make-user command to setup a user):
>> >
>> >
>> >   net_fn_t net_fn;
>> >   u_int8_t pkt[20];
>> >
>> >   net_fn.fn  = IPMI_NET_FN_APP_RQ;
>> >   net_fn.lun = IPMI_BMC_IPMB_LUN_BMC;
>> >
>> >   pkt[0] = ipmi_netfn2byte (net_fn);
>> >   pkt[1] = IPMI_CMD_SET_USER_PASSWORD_CMD;
>> >   pkt[2] = 0x02;
>> >   pkt[3] = 0x01;
>> >   // no need to put data in password buffer
>> >
>> >   if (ipmi_kcs_write (pkt, 20) == -1)
>> >     {
>> >       printf("Error writing cmd\n");
>> >       exit(1);
>> >     }
>> >
>> >   if (ipmi_kcs_read (pkt, 3) == -1)
>> >     {
>> >       printf("Error reading cmd\n");
>> >       exit(1);
>> >     }
>> >
>> >   if (pkt[2] != IPMI_COMMAND_SUCCESS)
>> >     {
>> >       printf("Command did not succeed\n");
>> >       exit(1);
>> >     }
>> >
>> > Al
>> >
>> > --
>> > Albert Chu
>> > address@hidden
>> > Lawrence Livermore National Laboratory
>> >
>> > ----- Original Message -----
>> > From: Albert Chu <address@hidden>
>> > Date: Tuesday, December 23, 2003 1:25 pm
>> > Subject: [llnl-devel] enabling BMC users
>> >
>> >> Hey Ian,
>> >>
>> >> I got some of your code.  I've been playing with it.  I tried
>> the "get
>> >> user access command" for the user we use to power off/power on our
>> >> testcluster.   And the results I got were:
>> >>
>> >> bit 7 - reserved
>> >> bit 6 - user access available during call-in or callback direction
>> >> communication
>> >> bit 5 - user enabled for link authentication
>> >> bit 4 - user disabled for IPMI messaging
>> >> bit3-0: 0xF (no access).
>> >>
>> >> This is a username that we definitely use on our test cluster.  So
>> >> needless to say, the data I got back was surprising.  So perhaps
>> >> the set
>> >> user access command isn't the right command to use?
>> >>
>> >> I'll keep playing around, see what I can come up with.  Let me know
>> >> howthings are going for you.
>> >>
>> >> Al
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Albert Chu
>> >> address@hidden
>> >> Lawrence Livermore National Laboratory
>> >>
>> >>
>> >> _______________________________________________
>> >> llnl-devel mailing list
>> >> address@hidden
>> >> http://californiadigital.com/cgi-bin/mailman/listinfo/llnl-devel
>> >>
>> >
>> >
>> > _______________________________________________
>> > llnl-devel mailing list
>> > address@hidden
>> > http://californiadigital.com/cgi-bin/mailman/listinfo/llnl-devel
>> >
>>
>
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]