freeipmi-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3:


From: Al Chu
Subject: Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
Date: Tue, 16 Nov 2010 13:37:18 -0800

Hey Peter,

Hopefully I can get a patch out to you later this afternoon.  Just as a
follow up (this is more for IPMI developers on this mailing list).

>> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [              55h] = reserved[ 8b]
> >> [               5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> >> [               5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> >
> > This is supposed to tell us what the maximum privilege level for those 4
> > cipher suites are, but the command only returns 2.  Uh oh ...

What I spoke of above was incorrect.  According to the IPMI spec, the
motherboard should always return all 16 entries, not just the number it
supports.  So the bug is slightly different than what I said before.

Al


On Mon, 2010-11-15 at 21:34 -0800, Peter Selby wrote:
> Thanks!  Let me know if you need any more info...
> 
> On Mon, Nov 15, 2010 at 4:10 PM, Al Chu <address@hidden> wrote:
> > Hi Peter,
> >
> > It's as I suspected:
> >
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [               4h] = cipher_suite_entry_count[ 4b]
> >> [               0h] = reserved[ 4b]
> >
> > This says there are 4 cipher suites to read.
> >
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [               0h] = reserved[ 8b]
> >> [               0h] = cipher_suite_id_entry_A[ 8b]
> >> [               1h] = cipher_suite_id_entry_B[ 8b]
> >> [               2h] = cipher_suite_id_entry_C[ 8b]
> >> [               3h] = cipher_suite_id_entry_D[ 8b]
> >
> > This shows which ones are supported, and it properly shows 4 of them.
> >
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [              55h] = reserved[ 8b]
> >> [               5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> >> [               5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> >
> > This is supposed to tell us what the maximum privilege level for those 4
> > cipher suites are, but the command only returns 2.  Uh oh ...
> >
> > I'll need to think about how to work around this.  Maybe if this
> > happens, I could have bmc-config output "Unknown" or something, and it's
> > up to the user to force the configuration of something.  Let me think
> > about this and get back to you with a patch ...
> >
> > Al
> >
> > On Mon, 2010-11-15 at 16:00 -0800, Peter Selby wrote:
> >> Thanks for the quick response!
> >>
> >> ipmiping doesn't work, either from the host or from a neighbour.  I'm
> >> pretty sure it's not a network issue, but I'll double-check, and try a
> >> hard-reset.
> >>
> >> Here's the output of debug:
> >>
> >> bmc-config --checkout --section=Rmcpplus_Conf_Privilege --debug
> >> =====================================================
> >> Get Device ID Request
> >> =====================================================
> >> [               1h] = cmd[ 8b]
> >> =====================================================
> >> Get Device ID Response
> >> =====================================================
> >> [               1h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               0h] = device_id[ 8b]
> >> [               3h] = device_revision.revision[ 4b]
> >> [               0h] = device_revision.reserved1[ 3b]
> >> [               0h] = device_revision.sdr_support[ 1b]
> >> [               1h] = firmware_revision1.major_revision[ 7b]
> >> [               0h] = firmware_revision1.device_available[ 1b]
> >> [              22h] = firmware_revision2.minor_revision[ 8b]
> >> [               2h] = ipmi_version_major[ 4b]
> >> [               0h] = ipmi_version_minor[ 4b]
> >> [               1h] = additional_device_support.sensor_device[ 1b]
> >> [               1h] = additional_device_support.sdr_repository_device[ 1b]
> >> [               1h] = additional_device_support.sel_device[ 1b]
> >> [               1h] = additional_device_support.fru_inventory_device[ 1b]
> >> [               1h] = additional_device_support.ipmb_event_receiver[ 1b]
> >> [               0h] = additional_device_support.ipmb_event_generator[ 1b]
> >> [               1h] = additional_device_support.bridge[ 1b]
> >> [               1h] = additional_device_support.chassis_device[ 1b]
> >> [             F85h] = manufacturer_id.id[20b]
> >> [               0h] = manufacturer_id.reserved1[ 4b]
> >> [               0h] = product_id[16b]
> >> =====================================================
> >> Get Channel Info Command Request
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               0h] = channel_number[ 4b]
> >> [               0h] = reserved[ 4b]
> >> =====================================================
> >> Get Channel Info Command Response
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               0h] = actual_channel_number[ 4b]
> >> [               0h] = actual_channel_number.reserved[ 4b]
> >> [               1h] = channel_medium_type[ 7b]
> >> [               0h] = channel_medium_type.reserved[ 1b]
> >> [               1h] = channel_protocol_type[ 5b]
> >> [               0h] = channel_protocol_type.reserved[ 3b]
> >> [               0h] = active_session_count[ 6b]
> >> [               0h] = session_support[ 2b]
> >> [            1BF2h] = vendor_id[24b]
> >> [            FFFFh] = auxiliary_channel_info[16b]
> >> =====================================================
> >> Get Channel Info Command Request
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               1h] = channel_number[ 4b]
> >> [               0h] = reserved[ 4b]
> >> =====================================================
> >> Get Channel Info Command Response
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [              CCh] = comp_code[ 8b]
> >> [               0h] = actual_channel_number[ 4b]
> >> [               0h] = actual_channel_number.reserved[ 4b]
> >> [               1h] = channel_medium_type[ 7b]
> >> [               0h] = channel_medium_type.reserved[ 1b]
> >> [               1h] = channel_protocol_type[ 5b]
> >> [               0h] = channel_protocol_type.reserved[ 3b]
> >> [               0h] = active_session_count[ 6b]
> >> [               0h] = session_support[ 2b]
> >> [            1BF2h] = vendor_id[24b]
> >> [            FFFFh] = auxiliary_channel_info[16b]
> >> =====================================================
> >> Get Channel Info Command Request
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved[ 4b]
> >> =====================================================
> >> Get Channel Info Command Response
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               2h] = actual_channel_number[ 4b]
> >> [               0h] = actual_channel_number.reserved[ 4b]
> >> [               4h] = channel_medium_type[ 7b]
> >> [               0h] = channel_medium_type.reserved[ 1b]
> >> [               1h] = channel_protocol_type[ 5b]
> >> [               0h] = channel_protocol_type.reserved[ 3b]
> >> [               0h] = active_session_count[ 6b]
> >> [               2h] = session_support[ 2b]
> >> [            1BF2h] = vendor_id[24b]
> >> [            FFFFh] = auxiliary_channel_info[16b]
> >> =====================================================
> >> Get User Access Command Request
> >> =====================================================
> >> [              44h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved1[ 4b]
> >> [               1h] = user_id[ 6b]
> >> [               0h] = reserved2[ 2b]
> >> =====================================================
> >> Get User Access Command Response
> >> =====================================================
> >> [              44h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               3h] = max_channel_user_ids[ 6b]
> >> [               0h] = reserved1[ 2b]
> >> [               2h] = current_channel_user_ids[ 6b]
> >> [               0h] = user_id_enable_status[ 2b]
> >> [               1h] = current_channel_fixed_names[ 6b]
> >> [               0h] = reserved2[ 2b]
> >> [               2h] = user_privilege_level_limit[ 4b]
> >> [               1h] = user_ipmi_messaging[ 1b]
> >> [               1h] = user_link_authentication[ 1b]
> >> [               0h] = user_restricted_to_callback[ 1b]
> >> [               0h] = reserved3[ 1b]
> >> #
> >> # Section Rmcpplus_Conf_Privilege Comments
> >> #
> >> # If your system supports IPMI 2.0 and Serial-over-LAN (SOL),cipher suite 
> >> IDs
> >> # may be configurable below. In the Rmcpplus_Conf_Privilege section, 
> >> maximum
> >> # user privilege levels allowed for authentication under IPMI 2.0 
> >> (including
> >> # Serial-over-LAN) are set for each supported cipher suite ID. Each
> >> cipher suite
> >> # ID supports different sets of authentication, integrity, and encryption
> >> # algorithms for IPMI 2.0. Typically, the highest privilege level any 
> >> username
> >> # configured should set for support under a cipher suite ID. This is 
> >> typically
> >> # "Administrator".
> >> #
> >> Section Rmcpplus_Conf_Privilege
> >> =====================================================
> >> Get LAN Configuration Parameters Request
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved1[ 3b]
> >> [               0h] = get_parameter[ 1b]
> >> [              16h] = parameter_selector[ 8b]
> >> [               0h] = set_selector[ 8b]
> >> [               0h] = block_selector[ 8b]
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [               4h] = cipher_suite_entry_count[ 4b]
> >> [               0h] = reserved[ 4b]
> >> =====================================================
> >> Get LAN Configuration Parameters Request
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved1[ 3b]
> >> [               0h] = get_parameter[ 1b]
> >> [              17h] = parameter_selector[ 8b]
> >> [               0h] = set_selector[ 8b]
> >> [               0h] = block_selector[ 8b]
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [               0h] = reserved[ 8b]
> >> [               0h] = cipher_suite_id_entry_A[ 8b]
> >> [               1h] = cipher_suite_id_entry_B[ 8b]
> >> [               2h] = cipher_suite_id_entry_C[ 8b]
> >> [               3h] = cipher_suite_id_entry_D[ 8b]
> >> =====================================================
> >> Get LAN Configuration Parameters Request
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved1[ 3b]
> >> [               0h] = get_parameter[ 1b]
> >> [              18h] = parameter_selector[ 8b]
> >> [               0h] = set_selector[ 8b]
> >> [               0h] = block_selector[ 8b]
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [              55h] = reserved[ 8b]
> >> [               5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> >> [               5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> >>
> >> On Mon, Nov 15, 2010 at 3:55 PM, Al Chu <address@hidden> wrote:
> >> > Hi Peter,
> >> >
> >> > Assuming you're using a recent version of FreeIPMI, there's probably
> >> > some IPMI non-compliance going on on your motherboard.  The short guess
> >> > is that the motherboard isn't properly reporting things to bmc-config
> >> > correctly, and bmc-config gets confused and gives up.  There's been a
> >> > few IPMI issues for the HP DL145 already reported to me. Lets see if we
> >> > can figure out what's going on.  Can you send me the --debug output.
> >> > Since the problem appears just in that section, how about running this
> >> > to shorten the output
> >> >
> >> > bmc-config --checkout --section=Rmcpplus_Conf_Privilege --debug
> >> >
> >> >> Any idea what could be wrong, or how to fix it?  And could this be the
> >> >> reason the network won't come up?
> >> >
> >> > Although it's always possible, it's unlikely this is the cause of IPMI
> >> > over LAN not working.  Can you get an ipmiping (/usr/sbin/ipmiping) to
> >> > work?  If yes that would point to it being an authentication problem
> >> > (e.g. username/password/privilege, etc.), if no, possibly a more basic
> >> > networking issue (subnetting, routing, etc.).
> >> >
> >> > I haven't played with this motherboard specifically, but a few recent
> >> > ones I've encountered require you to hard-reset (e.g. power button push)
> >> > the motherboard for configuration changes to "stick".  It certainly
> >> > can't hurt to try.
> >> >
> >> > Al
> >> >
> >> > On Mon, 2010-11-15 at 15:29 -0800, Peter Selby wrote:
> >> >> Hi guys,
> >> >>
> >> >> I'm trying to configure the BMC on an HP ProLiant DL145 G2 using
> >> >> bmc-config.  IPMI over LAN is not working; it should have a fixed IP,
> >> >> but it won't respond to anything.
> >> >>
> >> >> When I try to dump the BMC config, I get:
> >> >>
> >> >> $ bmc-config --checkout
> >> >> ...
> >> >> Section Rmcpplus_Conf_Privilege
> >> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> >> >> $
> >> >>
> >> >> Everything prior to that dumps okay.  Adding the section (and
> >> >> subsequent SOL_Conf section) manually, I get two possible results:
> >> >>
> >> >>  * Empty Rmcpplus_Conf_Privilege:  Config commits successfully, but a
> >> >> checkout results in the same problem
> >> >>  * Rmcpplus_Conf_Privilege filled in based on the bmc-config.conf
> >> >> manpage (with Maximum_Privilege_Cipher_Suite_Id_0-through-4 or 12):  I
> >> >> get the same error, fiid_obj_get:
> >> >> maximum_privilege_for_cipher_suite_3: no data set
> >> >>
> >> >> Any idea what could be wrong, or how to fix it?  And could this be the
> >> >> reason the network won't come up?
> >> >>
> >> >> Thanks,
> >> >>
> >> >> Peter
> >> >>
> >> >> _______________________________________________
> >> >> Freeipmi-devel mailing list
> >> >> address@hidden
> >> >> http://BLOCKEDBLOCKEDBLOCKEDlists.gnu.org/mailman/listinfo/freeipmi-devel
> >> >>
> >> > --
> >> > Albert Chu
> >> > address@hidden
> >> > Computer Scientist
> >> > High Performance Systems Division
> >> > Lawrence Livermore National Laboratory
> >> >
> >> >
> >>
> > --
> > Albert Chu
> > address@hidden
> > Computer Scientist
> > High Performance Systems Division
> > Lawrence Livermore National Laboratory
> >
> >
-- 
Albert Chu
address@hidden
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory




reply via email to

[Prev in Thread] Current Thread [Next in Thread]