[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module
From: |
Albert Chu |
Subject: |
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module |
Date: |
Tue, 11 Jan 2005 09:50:15 -0800 |
Hi Jan,
> - I see md2/md5; is the password hashed by default ?
It depends on the version of ipmipower that you are using. With
FreeIPMI 1.3, the default was cleartext passwords. So to use md2/md5,
you'd have to specify an alternate authtype to ipmipower (i.e.
--authtype md2). You'd also have to ensure the remote BMC is configured
to allow md2/md5 authentication too.
With the newer version in CVS, I have it automated to use the most
secure (md5 more secure than md2, md2 more than cleartext) mechanism
available from the remote BMC.
> - can someone change the passwords of the user accounts via an ipmi
> tool(like bmc-config) ?
By "user", I assume a non-root user? In terms of in-band use, you need
to be root to use bmc-config. In terms of out of band use, I believe
the accounts can be changed if someone connects to the BMC with
administrator privileges.
Hope that answers your questions,
Al
--
Albert Chu
address@hidden
Lawrence Livermore National Laboratory
----- Original Message -----
From: Jan Tiri <address@hidden>
Date: Tuesday, January 11, 2005 1:00 am
Subject: Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module
> In reply to Albert Chu too (saves me one reply :)
>
> > ,----[ "Jan Tiri" <address@hidden> ]
> > | I have a Tyan Thunder S2882 with m3289 bmc module, which is
> > | perfectly recognized by the system. The server has 2 broadcom giga
> > | NICs and one
> > | intel pro100;
> > | intel eth0: 192.168.1.100 - 00:E0:81:2D:8D:F7
> > | broadcom eth1: none - 00:E0:81:2D:9B:36
> > | broadcom eth2: none - 00:E0:81:2D:9B:37
> > |
> > | Please note the internal ip address will be replaced by a
> registered> | one when put in production.
> > `----
> > For your information, On S2882, IPMI works only on intel pro100.
> So you
> > will have to run one cable to intel pro100 for platform
> management and
> > one cable to broadcom gige for actual application use. How ever
> it is
> > possible to use intel pro100 for both, if you do not care about
> > bandwidth.
>
> No, our provider has 100Mbit, so we can use the intel. But is there
> anychance it will be supported on s2882 in the future (as far as
> you can
> tell, of course)
>
> > The newer S2881 motherboards supports IPMI on broadcom gige. It also
> > has better cooling, because CPUs are located side by side next to
> the> blower.
>
> I used a nice Yeong Yang case where hdd are separated from mobo, I
> hope it
> will help a bit.
>
> > ,----[ "Jan Tiri" <address@hidden> ]
> > | >From all the (correct ?) information I collected, I configured my
> > | BMC with the same IP/MAC address as the one configured in my
> system> | (eth0) and I would assume something should listen on
> ports 623 and
> > | 664/udp. Well ... not :) I also tried the eth1 interface, same
> > | result.
> > `----
> > BMC hooks into the Ethernet controller and steals every copy of data
> > coming in. If any packet matches UDP:port623 and IPMI signature, BMC
> > responds. It does not matter if your system is running or has OS
> > installed.
>
> Aha, now I understand why it didn't work at first: I always tested
> ipmiping on the Tyan server. I compiled freeipmi on another linux
> serverand it worked allmost directly. Can I use iptables to limit
> the access to
> the BMC (when running, of course) ?
>
> > ,----[ "Jan Tiri" <address@hidden> ]
> > | Anyway, the output of the freeipmi tools is looking good, so I
> could> | think(/hope) it's a bad variable. All by all, I want a
> server which
> > | I can reset from a distance when it comes unavailable for whatever
> > | reason, something I also could manage with the watchdog
> function. It
> > | would be nice if I can hook a console over IPMI (I'm using linux)
> > | but as I understand, this is for IPMI 2.0 (I have 1.5) and is now
> > | something proprierty for Tyan. Something possible ?
> > |
> > | EndSection
> > | Section Serial_Channel
> > | Error in checkout of key <Volatile_Access_Mode>
> > | Error in checkout of key <Volatile_Enable_User_Level_Auth>
> > | Error in checkout of key <Volatile_Enable_Per_Message_Auth>
> > | Error in checkout of key <Volatile_Enable_Pef_Alerting>
> > | Error in checkout of key <Volatile_Channel_Privilege_Limit>
> > | Error in checkout of key <Non_Volatile_Access_Mode>
> > | ...
> > | ..
> > `----
> > These are errors are OK to ignore. Tyan has not implemented complete
> > IPMI 1.5 specification. And you probably don't need them.
> >
> > I have got the proprietary serial over LAN (console) specification
> > from Tyan, but still waiting for them to give me permission to
> use it
> > in a free software project.
>
> Can take a while with Tyan, I learned :)
>
> Other questions (now it works);
> - communication is UDP-based, so no problem to connect to a server
> at the
> other end of the world ?
> - I see md2/md5; is the password hashed by default ?
> - can someone change the passwords of the user accounts via an ipmi
> tool(like bmc-config) ?
>
> Thanks guys,
> Jan
>
>
> _______________________________________________
> Freeipmi-users mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/freeipmi-users
>