[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3:
|
From: |
Al Chu |
|
Subject: |
Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set |
|
Date: |
Wed, 17 Nov 2010 11:26:02 -0800 |
Hi Peter,
http://download.gluster.com/pub/freeipmi/qa-release/freeipmi-0.8.12.beta1.tar.gz
I realized the workaround in beta0 fixed the --checkout part for this
issue on your motherboard, but I had a bug in the --commit portion of
the workaround. Could you check out the above instead? Thanks.
Al
On Tue, 2010-11-16 at 17:23 -0800, Al Chu wrote:
> Hi Peter,
>
> I believe I have something that should workaround your problem, can you
> try out this test tar.gz to see? Without a motherboard to try this on,
> I don't know if it works for sure, but I'm confident it will. The
> tar.gz is here;
>
> http://download.gluster.com/pub/freeipmi/qa-release/freeipmi-0.8.12.beta0.tar.gz
>
> It is quite newer than what you were running before, hope that's ok.
>
> Normal ./configure ; make ; make install to install, or you can run
> bmc-config out of the local build bmc-config/src/.
>
> If it doesn't work, please send the --debug output like before.
>
> Thanks,
> Al
>
> On Mon, 2010-11-15 at 21:34 -0800, Peter Selby wrote:
> > Thanks! Let me know if you need any more info...
> >
> > On Mon, Nov 15, 2010 at 4:10 PM, Al Chu <address@hidden> wrote:
> > > Hi Peter,
> > >
> > > It's as I suspected:
> > >
> > >> =====================================================
> > >> Get LAN Configuration Parameters Response
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 1h] = present_revision[ 4b]
> > >> [ 1h] = oldest_revision_parameter[ 4b]
> > >> [ 4h] = cipher_suite_entry_count[ 4b]
> > >> [ 0h] = reserved[ 4b]
> > >
> > > This says there are 4 cipher suites to read.
> > >
> > >> =====================================================
> > >> Get LAN Configuration Parameters Response
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 1h] = present_revision[ 4b]
> > >> [ 1h] = oldest_revision_parameter[ 4b]
> > >> [ 0h] = reserved[ 8b]
> > >> [ 0h] = cipher_suite_id_entry_A[ 8b]
> > >> [ 1h] = cipher_suite_id_entry_B[ 8b]
> > >> [ 2h] = cipher_suite_id_entry_C[ 8b]
> > >> [ 3h] = cipher_suite_id_entry_D[ 8b]
> > >
> > > This shows which ones are supported, and it properly shows 4 of them.
> > >
> > >> =====================================================
> > >> Get LAN Configuration Parameters Response
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 1h] = present_revision[ 4b]
> > >> [ 1h] = oldest_revision_parameter[ 4b]
> > >> [ 55h] = reserved[ 8b]
> > >> [ 5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> > >> [ 5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> > >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> > >
> > > This is supposed to tell us what the maximum privilege level for those 4
> > > cipher suites are, but the command only returns 2. Uh oh ...
> > >
> > > I'll need to think about how to work around this. Maybe if this
> > > happens, I could have bmc-config output "Unknown" or something, and it's
> > > up to the user to force the configuration of something. Let me think
> > > about this and get back to you with a patch ...
> > >
> > > Al
> > >
> > > On Mon, 2010-11-15 at 16:00 -0800, Peter Selby wrote:
> > >> Thanks for the quick response!
> > >>
> > >> ipmiping doesn't work, either from the host or from a neighbour. I'm
> > >> pretty sure it's not a network issue, but I'll double-check, and try a
> > >> hard-reset.
> > >>
> > >> Here's the output of debug:
> > >>
> > >> bmc-config --checkout --section=Rmcpplus_Conf_Privilege --debug
> > >> =====================================================
> > >> Get Device ID Request
> > >> =====================================================
> > >> [ 1h] = cmd[ 8b]
> > >> =====================================================
> > >> Get Device ID Response
> > >> =====================================================
> > >> [ 1h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 0h] = device_id[ 8b]
> > >> [ 3h] = device_revision.revision[ 4b]
> > >> [ 0h] = device_revision.reserved1[ 3b]
> > >> [ 0h] = device_revision.sdr_support[ 1b]
> > >> [ 1h] = firmware_revision1.major_revision[ 7b]
> > >> [ 0h] = firmware_revision1.device_available[ 1b]
> > >> [ 22h] = firmware_revision2.minor_revision[ 8b]
> > >> [ 2h] = ipmi_version_major[ 4b]
> > >> [ 0h] = ipmi_version_minor[ 4b]
> > >> [ 1h] = additional_device_support.sensor_device[ 1b]
> > >> [ 1h] = additional_device_support.sdr_repository_device[
> > >> 1b]
> > >> [ 1h] = additional_device_support.sel_device[ 1b]
> > >> [ 1h] = additional_device_support.fru_inventory_device[ 1b]
> > >> [ 1h] = additional_device_support.ipmb_event_receiver[ 1b]
> > >> [ 0h] = additional_device_support.ipmb_event_generator[ 1b]
> > >> [ 1h] = additional_device_support.bridge[ 1b]
> > >> [ 1h] = additional_device_support.chassis_device[ 1b]
> > >> [ F85h] = manufacturer_id.id[20b]
> > >> [ 0h] = manufacturer_id.reserved1[ 4b]
> > >> [ 0h] = product_id[16b]
> > >> =====================================================
> > >> Get Channel Info Command Request
> > >> =====================================================
> > >> [ 42h] = cmd[ 8b]
> > >> [ 0h] = channel_number[ 4b]
> > >> [ 0h] = reserved[ 4b]
> > >> =====================================================
> > >> Get Channel Info Command Response
> > >> =====================================================
> > >> [ 42h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 0h] = actual_channel_number[ 4b]
> > >> [ 0h] = actual_channel_number.reserved[ 4b]
> > >> [ 1h] = channel_medium_type[ 7b]
> > >> [ 0h] = channel_medium_type.reserved[ 1b]
> > >> [ 1h] = channel_protocol_type[ 5b]
> > >> [ 0h] = channel_protocol_type.reserved[ 3b]
> > >> [ 0h] = active_session_count[ 6b]
> > >> [ 0h] = session_support[ 2b]
> > >> [ 1BF2h] = vendor_id[24b]
> > >> [ FFFFh] = auxiliary_channel_info[16b]
> > >> =====================================================
> > >> Get Channel Info Command Request
> > >> =====================================================
> > >> [ 42h] = cmd[ 8b]
> > >> [ 1h] = channel_number[ 4b]
> > >> [ 0h] = reserved[ 4b]
> > >> =====================================================
> > >> Get Channel Info Command Response
> > >> =====================================================
> > >> [ 42h] = cmd[ 8b]
> > >> [ CCh] = comp_code[ 8b]
> > >> [ 0h] = actual_channel_number[ 4b]
> > >> [ 0h] = actual_channel_number.reserved[ 4b]
> > >> [ 1h] = channel_medium_type[ 7b]
> > >> [ 0h] = channel_medium_type.reserved[ 1b]
> > >> [ 1h] = channel_protocol_type[ 5b]
> > >> [ 0h] = channel_protocol_type.reserved[ 3b]
> > >> [ 0h] = active_session_count[ 6b]
> > >> [ 0h] = session_support[ 2b]
> > >> [ 1BF2h] = vendor_id[24b]
> > >> [ FFFFh] = auxiliary_channel_info[16b]
> > >> =====================================================
> > >> Get Channel Info Command Request
> > >> =====================================================
> > >> [ 42h] = cmd[ 8b]
> > >> [ 2h] = channel_number[ 4b]
> > >> [ 0h] = reserved[ 4b]
> > >> =====================================================
> > >> Get Channel Info Command Response
> > >> =====================================================
> > >> [ 42h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 2h] = actual_channel_number[ 4b]
> > >> [ 0h] = actual_channel_number.reserved[ 4b]
> > >> [ 4h] = channel_medium_type[ 7b]
> > >> [ 0h] = channel_medium_type.reserved[ 1b]
> > >> [ 1h] = channel_protocol_type[ 5b]
> > >> [ 0h] = channel_protocol_type.reserved[ 3b]
> > >> [ 0h] = active_session_count[ 6b]
> > >> [ 2h] = session_support[ 2b]
> > >> [ 1BF2h] = vendor_id[24b]
> > >> [ FFFFh] = auxiliary_channel_info[16b]
> > >> =====================================================
> > >> Get User Access Command Request
> > >> =====================================================
> > >> [ 44h] = cmd[ 8b]
> > >> [ 2h] = channel_number[ 4b]
> > >> [ 0h] = reserved1[ 4b]
> > >> [ 1h] = user_id[ 6b]
> > >> [ 0h] = reserved2[ 2b]
> > >> =====================================================
> > >> Get User Access Command Response
> > >> =====================================================
> > >> [ 44h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 3h] = max_channel_user_ids[ 6b]
> > >> [ 0h] = reserved1[ 2b]
> > >> [ 2h] = current_channel_user_ids[ 6b]
> > >> [ 0h] = user_id_enable_status[ 2b]
> > >> [ 1h] = current_channel_fixed_names[ 6b]
> > >> [ 0h] = reserved2[ 2b]
> > >> [ 2h] = user_privilege_level_limit[ 4b]
> > >> [ 1h] = user_ipmi_messaging[ 1b]
> > >> [ 1h] = user_link_authentication[ 1b]
> > >> [ 0h] = user_restricted_to_callback[ 1b]
> > >> [ 0h] = reserved3[ 1b]
> > >> #
> > >> # Section Rmcpplus_Conf_Privilege Comments
> > >> #
> > >> # If your system supports IPMI 2.0 and Serial-over-LAN (SOL),cipher
> > >> suite IDs
> > >> # may be configurable below. In the Rmcpplus_Conf_Privilege section,
> > >> maximum
> > >> # user privilege levels allowed for authentication under IPMI 2.0
> > >> (including
> > >> # Serial-over-LAN) are set for each supported cipher suite ID. Each
> > >> cipher suite
> > >> # ID supports different sets of authentication, integrity, and encryption
> > >> # algorithms for IPMI 2.0. Typically, the highest privilege level any
> > >> username
> > >> # configured should set for support under a cipher suite ID. This is
> > >> typically
> > >> # "Administrator".
> > >> #
> > >> Section Rmcpplus_Conf_Privilege
> > >> =====================================================
> > >> Get LAN Configuration Parameters Request
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 2h] = channel_number[ 4b]
> > >> [ 0h] = reserved1[ 3b]
> > >> [ 0h] = get_parameter[ 1b]
> > >> [ 16h] = parameter_selector[ 8b]
> > >> [ 0h] = set_selector[ 8b]
> > >> [ 0h] = block_selector[ 8b]
> > >> =====================================================
> > >> Get LAN Configuration Parameters Response
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 1h] = present_revision[ 4b]
> > >> [ 1h] = oldest_revision_parameter[ 4b]
> > >> [ 4h] = cipher_suite_entry_count[ 4b]
> > >> [ 0h] = reserved[ 4b]
> > >> =====================================================
> > >> Get LAN Configuration Parameters Request
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 2h] = channel_number[ 4b]
> > >> [ 0h] = reserved1[ 3b]
> > >> [ 0h] = get_parameter[ 1b]
> > >> [ 17h] = parameter_selector[ 8b]
> > >> [ 0h] = set_selector[ 8b]
> > >> [ 0h] = block_selector[ 8b]
> > >> =====================================================
> > >> Get LAN Configuration Parameters Response
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 1h] = present_revision[ 4b]
> > >> [ 1h] = oldest_revision_parameter[ 4b]
> > >> [ 0h] = reserved[ 8b]
> > >> [ 0h] = cipher_suite_id_entry_A[ 8b]
> > >> [ 1h] = cipher_suite_id_entry_B[ 8b]
> > >> [ 2h] = cipher_suite_id_entry_C[ 8b]
> > >> [ 3h] = cipher_suite_id_entry_D[ 8b]
> > >> =====================================================
> > >> Get LAN Configuration Parameters Request
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 2h] = channel_number[ 4b]
> > >> [ 0h] = reserved1[ 3b]
> > >> [ 0h] = get_parameter[ 1b]
> > >> [ 18h] = parameter_selector[ 8b]
> > >> [ 0h] = set_selector[ 8b]
> > >> [ 0h] = block_selector[ 8b]
> > >> =====================================================
> > >> Get LAN Configuration Parameters Response
> > >> =====================================================
> > >> [ 2h] = cmd[ 8b]
> > >> [ 0h] = comp_code[ 8b]
> > >> [ 1h] = present_revision[ 4b]
> > >> [ 1h] = oldest_revision_parameter[ 4b]
> > >> [ 55h] = reserved[ 8b]
> > >> [ 5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> > >> [ 5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> > >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> > >>
> > >> On Mon, Nov 15, 2010 at 3:55 PM, Al Chu <address@hidden> wrote:
> > >> > Hi Peter,
> > >> >
> > >> > Assuming you're using a recent version of FreeIPMI, there's probably
> > >> > some IPMI non-compliance going on on your motherboard. The short guess
> > >> > is that the motherboard isn't properly reporting things to bmc-config
> > >> > correctly, and bmc-config gets confused and gives up. There's been a
> > >> > few IPMI issues for the HP DL145 already reported to me. Lets see if we
> > >> > can figure out what's going on. Can you send me the --debug output.
> > >> > Since the problem appears just in that section, how about running this
> > >> > to shorten the output
> > >> >
> > >> > bmc-config --checkout --section=Rmcpplus_Conf_Privilege --debug
> > >> >
> > >> >> Any idea what could be wrong, or how to fix it? And could this be the
> > >> >> reason the network won't come up?
> > >> >
> > >> > Although it's always possible, it's unlikely this is the cause of IPMI
> > >> > over LAN not working. Can you get an ipmiping (/usr/sbin/ipmiping) to
> > >> > work? If yes that would point to it being an authentication problem
> > >> > (e.g. username/password/privilege, etc.), if no, possibly a more basic
> > >> > networking issue (subnetting, routing, etc.).
> > >> >
> > >> > I haven't played with this motherboard specifically, but a few recent
> > >> > ones I've encountered require you to hard-reset (e.g. power button
> > >> > push)
> > >> > the motherboard for configuration changes to "stick". It certainly
> > >> > can't hurt to try.
> > >> >
> > >> > Al
> > >> >
> > >> > On Mon, 2010-11-15 at 15:29 -0800, Peter Selby wrote:
> > >> >> Hi guys,
> > >> >>
> > >> >> I'm trying to configure the BMC on an HP ProLiant DL145 G2 using
> > >> >> bmc-config. IPMI over LAN is not working; it should have a fixed IP,
> > >> >> but it won't respond to anything.
> > >> >>
> > >> >> When I try to dump the BMC config, I get:
> > >> >>
> > >> >> $ bmc-config --checkout
> > >> >> ...
> > >> >> Section Rmcpplus_Conf_Privilege
> > >> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> > >> >> $
> > >> >>
> > >> >> Everything prior to that dumps okay. Adding the section (and
> > >> >> subsequent SOL_Conf section) manually, I get two possible results:
> > >> >>
> > >> >> * Empty Rmcpplus_Conf_Privilege: Config commits successfully, but a
> > >> >> checkout results in the same problem
> > >> >> * Rmcpplus_Conf_Privilege filled in based on the bmc-config.conf
> > >> >> manpage (with Maximum_Privilege_Cipher_Suite_Id_0-through-4 or 12): I
> > >> >> get the same error, fiid_obj_get:
> > >> >> maximum_privilege_for_cipher_suite_3: no data set
> > >> >>
> > >> >> Any idea what could be wrong, or how to fix it? And could this be the
> > >> >> reason the network won't come up?
> > >> >>
> > >> >> Thanks,
> > >> >>
> > >> >> Peter
> > >> >>
> > >> >> _______________________________________________
> > >> >> Freeipmi-devel mailing list
> > >> >> address@hidden
> > >> >> http://BLOCKEDBLOCKEDBLOCKEDBLOCKEDlists.gnu.org/mailman/listinfo/freeipmi-devel
> > >> >>
> > >> > --
> > >> > Albert Chu
> > >> > address@hidden
> > >> > Computer Scientist
> > >> > High Performance Systems Division
> > >> > Lawrence Livermore National Laboratory
> > >> >
> > >> >
> > >>
> > > --
> > > Albert Chu
> > > address@hidden
> > > Computer Scientist
> > > High Performance Systems Division
> > > Lawrence Livermore National Laboratory
> > >
> > >
> --
> Albert Chu
> address@hidden
> Computer Scientist
> High Performance Systems Division
> Lawrence Livermore National Laboratory
>
>
> _______________________________________________
> Freeipmi-devel mailing list
> address@hidden
> http://BLOCKEDlists.gnu.org/mailman/listinfo/freeipmi-devel
>
--
Albert Chu
address@hidden
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory
- [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Peter Selby, 2010/11/15
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Al Chu, 2010/11/15
- Message not available
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Al Chu, 2010/11/15
- Message not available
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Al Chu, 2010/11/16
- [Freeipmi-devel] Set Boot Device Parameter in ipmi-chassis-config, Liebig, Holger, 2010/11/17
- Re: [Freeipmi-devel] Set Boot Device Parameter in ipmi-chassis-config, Al Chu, 2010/11/17
- RE: [Freeipmi-devel] Set Boot Device Parameter in ipmi-chassis-config, Liebig, Holger, 2010/11/18
- RE: [Freeipmi-devel] Set Boot Device Parameter in ipmi-chassis-config, Al Chu, 2010/11/18
- RE: [Freeipmi-devel] Set Boot Device Parameter in ipmi-chassis-config, Liebig, Holger, 2010/11/22
- Message not available
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Al Chu, 2010/11/16
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set,
Al Chu <=
- Message not available
- Message not available
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Al Chu, 2010/11/17
- Message not available
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Al Chu, 2010/11/17
- Message not available
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Al Chu, 2010/11/18
- Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set, Christopher Maestas, 2010/11/18