freeipmi-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-users] ipmi_ctx_open_outofband_2_0: bad completion code (S


From: Werner Fischer
Subject: Re: [Freeipmi-users] ipmi_ctx_open_outofband_2_0: bad completion code (Supermicro X9DR7-LN4F, firmware 3.40)
Date: Wed, 15 Jun 2016 11:41:11 +0200

Hi Al,

On Mit, 2016-06-08 at 10:22 -0700, Albert Chu wrote:
> Hey Werner,
> 
> Thanks for the report, it appears there was a bug in FreeIPMI that would
> have made the bug easier to understand.
> [...] So I'll need to fix that.  I've pushed this into the
> freeipmi-1-5-0-stable branch if you could try it out?  (github mirror
> https://github.com/chu11/freeipmi-mirror).  Unfortunately, my systems
> can't reproduce this error (likely b/c they are not implementing IPMI
> security correctly).
We have not tested this yet. I have tried to reproduce it on my test
system (I have used admin priv. in my previous tests, so I have hoped to
get the error when using user priv.) But still (also with "user" priv.)
I do not get the error on my system with X9SCM-F with the same firmware
(v3.40) The admin who  has the problem on his production systems has a
X9DR7-LN4F, also with fw v3.40)

> But onto your error, so instead of "bad completion code" it should have
> given you a cleaner error message of something like "privilege level
> cannot be obtained".  I bet that the new firmware fixed this security
> flaw, which is now leading to this problem.
> 
> It likely means that you are trying to connect to a IPMI user on the
> system that has too low of a privilege level for what ipmi-sel requires.
> ipmi-sel defaults to OPERATOR privilege so I bet the IPMI user has a max
> privilege of USER.  So if you connect to a user with appropriate
> privileges, it should work.
> 
> You may be able to get away with setting "--privilege-level=USER" on
> ipmi-sel.  IIRC the OPERATOR privileges are needed for some more
> advanced features, which you may not need/be using.
He has had --privilege-level=USER already. I have now asked him to
create a user with OPERATOR priv., and I'll forward you his feedback as
soon as I get the info.

He also told me that he always configures some settings with bmc-config
every time after he does an firmware upgrade. He will send me this
configuration, maybe the error only arises with some special
bmc-settings. I'll take a look on that, and try if I can then reproduce
the issue.

PS: he also told me that he is using CentOS 6 with freeipmi-1.2.1-7. Do
you think that the problem could be also somehow come from this older
version?

I'll keep you updated,
best regards,
Werner




reply via email to

[Prev in Thread] Current Thread [Next in Thread]