freeipmi-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3:


From: Al Chu
Subject: Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
Date: Tue, 16 Nov 2010 17:23:45 -0800

Hi Peter,

I believe I have something that should workaround your problem, can you
try out this test tar.gz to see?  Without a motherboard to try this on,
I don't know if it works for sure, but I'm confident it will.  The
tar.gz is here;

http://download.gluster.com/pub/freeipmi/qa-release/freeipmi-0.8.12.beta0.tar.gz

It is quite newer than what you were running before, hope that's ok.  

Normal ./configure ; make ; make install to install, or you can run
bmc-config out of the local build bmc-config/src/.

If it doesn't work, please send the --debug output like before.

Thanks,
Al

On Mon, 2010-11-15 at 21:34 -0800, Peter Selby wrote:
> Thanks!  Let me know if you need any more info...
> 
> On Mon, Nov 15, 2010 at 4:10 PM, Al Chu <address@hidden> wrote:
> > Hi Peter,
> >
> > It's as I suspected:
> >
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [               4h] = cipher_suite_entry_count[ 4b]
> >> [               0h] = reserved[ 4b]
> >
> > This says there are 4 cipher suites to read.
> >
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [               0h] = reserved[ 8b]
> >> [               0h] = cipher_suite_id_entry_A[ 8b]
> >> [               1h] = cipher_suite_id_entry_B[ 8b]
> >> [               2h] = cipher_suite_id_entry_C[ 8b]
> >> [               3h] = cipher_suite_id_entry_D[ 8b]
> >
> > This shows which ones are supported, and it properly shows 4 of them.
> >
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [              55h] = reserved[ 8b]
> >> [               5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> >> [               5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> >
> > This is supposed to tell us what the maximum privilege level for those 4
> > cipher suites are, but the command only returns 2.  Uh oh ...
> >
> > I'll need to think about how to work around this.  Maybe if this
> > happens, I could have bmc-config output "Unknown" or something, and it's
> > up to the user to force the configuration of something.  Let me think
> > about this and get back to you with a patch ...
> >
> > Al
> >
> > On Mon, 2010-11-15 at 16:00 -0800, Peter Selby wrote:
> >> Thanks for the quick response!
> >>
> >> ipmiping doesn't work, either from the host or from a neighbour.  I'm
> >> pretty sure it's not a network issue, but I'll double-check, and try a
> >> hard-reset.
> >>
> >> Here's the output of debug:
> >>
> >> bmc-config --checkout --section=Rmcpplus_Conf_Privilege --debug
> >> =====================================================
> >> Get Device ID Request
> >> =====================================================
> >> [               1h] = cmd[ 8b]
> >> =====================================================
> >> Get Device ID Response
> >> =====================================================
> >> [               1h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               0h] = device_id[ 8b]
> >> [               3h] = device_revision.revision[ 4b]
> >> [               0h] = device_revision.reserved1[ 3b]
> >> [               0h] = device_revision.sdr_support[ 1b]
> >> [               1h] = firmware_revision1.major_revision[ 7b]
> >> [               0h] = firmware_revision1.device_available[ 1b]
> >> [              22h] = firmware_revision2.minor_revision[ 8b]
> >> [               2h] = ipmi_version_major[ 4b]
> >> [               0h] = ipmi_version_minor[ 4b]
> >> [               1h] = additional_device_support.sensor_device[ 1b]
> >> [               1h] = additional_device_support.sdr_repository_device[ 1b]
> >> [               1h] = additional_device_support.sel_device[ 1b]
> >> [               1h] = additional_device_support.fru_inventory_device[ 1b]
> >> [               1h] = additional_device_support.ipmb_event_receiver[ 1b]
> >> [               0h] = additional_device_support.ipmb_event_generator[ 1b]
> >> [               1h] = additional_device_support.bridge[ 1b]
> >> [               1h] = additional_device_support.chassis_device[ 1b]
> >> [             F85h] = manufacturer_id.id[20b]
> >> [               0h] = manufacturer_id.reserved1[ 4b]
> >> [               0h] = product_id[16b]
> >> =====================================================
> >> Get Channel Info Command Request
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               0h] = channel_number[ 4b]
> >> [               0h] = reserved[ 4b]
> >> =====================================================
> >> Get Channel Info Command Response
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               0h] = actual_channel_number[ 4b]
> >> [               0h] = actual_channel_number.reserved[ 4b]
> >> [               1h] = channel_medium_type[ 7b]
> >> [               0h] = channel_medium_type.reserved[ 1b]
> >> [               1h] = channel_protocol_type[ 5b]
> >> [               0h] = channel_protocol_type.reserved[ 3b]
> >> [               0h] = active_session_count[ 6b]
> >> [               0h] = session_support[ 2b]
> >> [            1BF2h] = vendor_id[24b]
> >> [            FFFFh] = auxiliary_channel_info[16b]
> >> =====================================================
> >> Get Channel Info Command Request
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               1h] = channel_number[ 4b]
> >> [               0h] = reserved[ 4b]
> >> =====================================================
> >> Get Channel Info Command Response
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [              CCh] = comp_code[ 8b]
> >> [               0h] = actual_channel_number[ 4b]
> >> [               0h] = actual_channel_number.reserved[ 4b]
> >> [               1h] = channel_medium_type[ 7b]
> >> [               0h] = channel_medium_type.reserved[ 1b]
> >> [               1h] = channel_protocol_type[ 5b]
> >> [               0h] = channel_protocol_type.reserved[ 3b]
> >> [               0h] = active_session_count[ 6b]
> >> [               0h] = session_support[ 2b]
> >> [            1BF2h] = vendor_id[24b]
> >> [            FFFFh] = auxiliary_channel_info[16b]
> >> =====================================================
> >> Get Channel Info Command Request
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved[ 4b]
> >> =====================================================
> >> Get Channel Info Command Response
> >> =====================================================
> >> [              42h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               2h] = actual_channel_number[ 4b]
> >> [               0h] = actual_channel_number.reserved[ 4b]
> >> [               4h] = channel_medium_type[ 7b]
> >> [               0h] = channel_medium_type.reserved[ 1b]
> >> [               1h] = channel_protocol_type[ 5b]
> >> [               0h] = channel_protocol_type.reserved[ 3b]
> >> [               0h] = active_session_count[ 6b]
> >> [               2h] = session_support[ 2b]
> >> [            1BF2h] = vendor_id[24b]
> >> [            FFFFh] = auxiliary_channel_info[16b]
> >> =====================================================
> >> Get User Access Command Request
> >> =====================================================
> >> [              44h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved1[ 4b]
> >> [               1h] = user_id[ 6b]
> >> [               0h] = reserved2[ 2b]
> >> =====================================================
> >> Get User Access Command Response
> >> =====================================================
> >> [              44h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               3h] = max_channel_user_ids[ 6b]
> >> [               0h] = reserved1[ 2b]
> >> [               2h] = current_channel_user_ids[ 6b]
> >> [               0h] = user_id_enable_status[ 2b]
> >> [               1h] = current_channel_fixed_names[ 6b]
> >> [               0h] = reserved2[ 2b]
> >> [               2h] = user_privilege_level_limit[ 4b]
> >> [               1h] = user_ipmi_messaging[ 1b]
> >> [               1h] = user_link_authentication[ 1b]
> >> [               0h] = user_restricted_to_callback[ 1b]
> >> [               0h] = reserved3[ 1b]
> >> #
> >> # Section Rmcpplus_Conf_Privilege Comments
> >> #
> >> # If your system supports IPMI 2.0 and Serial-over-LAN (SOL),cipher suite 
> >> IDs
> >> # may be configurable below. In the Rmcpplus_Conf_Privilege section, 
> >> maximum
> >> # user privilege levels allowed for authentication under IPMI 2.0 
> >> (including
> >> # Serial-over-LAN) are set for each supported cipher suite ID. Each
> >> cipher suite
> >> # ID supports different sets of authentication, integrity, and encryption
> >> # algorithms for IPMI 2.0. Typically, the highest privilege level any 
> >> username
> >> # configured should set for support under a cipher suite ID. This is 
> >> typically
> >> # "Administrator".
> >> #
> >> Section Rmcpplus_Conf_Privilege
> >> =====================================================
> >> Get LAN Configuration Parameters Request
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved1[ 3b]
> >> [               0h] = get_parameter[ 1b]
> >> [              16h] = parameter_selector[ 8b]
> >> [               0h] = set_selector[ 8b]
> >> [               0h] = block_selector[ 8b]
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [               4h] = cipher_suite_entry_count[ 4b]
> >> [               0h] = reserved[ 4b]
> >> =====================================================
> >> Get LAN Configuration Parameters Request
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved1[ 3b]
> >> [               0h] = get_parameter[ 1b]
> >> [              17h] = parameter_selector[ 8b]
> >> [               0h] = set_selector[ 8b]
> >> [               0h] = block_selector[ 8b]
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [               0h] = reserved[ 8b]
> >> [               0h] = cipher_suite_id_entry_A[ 8b]
> >> [               1h] = cipher_suite_id_entry_B[ 8b]
> >> [               2h] = cipher_suite_id_entry_C[ 8b]
> >> [               3h] = cipher_suite_id_entry_D[ 8b]
> >> =====================================================
> >> Get LAN Configuration Parameters Request
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               2h] = channel_number[ 4b]
> >> [               0h] = reserved1[ 3b]
> >> [               0h] = get_parameter[ 1b]
> >> [              18h] = parameter_selector[ 8b]
> >> [               0h] = set_selector[ 8b]
> >> [               0h] = block_selector[ 8b]
> >> =====================================================
> >> Get LAN Configuration Parameters Response
> >> =====================================================
> >> [               2h] = cmd[ 8b]
> >> [               0h] = comp_code[ 8b]
> >> [               1h] = present_revision[ 4b]
> >> [               1h] = oldest_revision_parameter[ 4b]
> >> [              55h] = reserved[ 8b]
> >> [               5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> >> [               5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> >>
> >> On Mon, Nov 15, 2010 at 3:55 PM, Al Chu <address@hidden> wrote:
> >> > Hi Peter,
> >> >
> >> > Assuming you're using a recent version of FreeIPMI, there's probably
> >> > some IPMI non-compliance going on on your motherboard.  The short guess
> >> > is that the motherboard isn't properly reporting things to bmc-config
> >> > correctly, and bmc-config gets confused and gives up.  There's been a
> >> > few IPMI issues for the HP DL145 already reported to me. Lets see if we
> >> > can figure out what's going on.  Can you send me the --debug output.
> >> > Since the problem appears just in that section, how about running this
> >> > to shorten the output
> >> >
> >> > bmc-config --checkout --section=Rmcpplus_Conf_Privilege --debug
> >> >
> >> >> Any idea what could be wrong, or how to fix it?  And could this be the
> >> >> reason the network won't come up?
> >> >
> >> > Although it's always possible, it's unlikely this is the cause of IPMI
> >> > over LAN not working.  Can you get an ipmiping (/usr/sbin/ipmiping) to
> >> > work?  If yes that would point to it being an authentication problem
> >> > (e.g. username/password/privilege, etc.), if no, possibly a more basic
> >> > networking issue (subnetting, routing, etc.).
> >> >
> >> > I haven't played with this motherboard specifically, but a few recent
> >> > ones I've encountered require you to hard-reset (e.g. power button push)
> >> > the motherboard for configuration changes to "stick".  It certainly
> >> > can't hurt to try.
> >> >
> >> > Al
> >> >
> >> > On Mon, 2010-11-15 at 15:29 -0800, Peter Selby wrote:
> >> >> Hi guys,
> >> >>
> >> >> I'm trying to configure the BMC on an HP ProLiant DL145 G2 using
> >> >> bmc-config.  IPMI over LAN is not working; it should have a fixed IP,
> >> >> but it won't respond to anything.
> >> >>
> >> >> When I try to dump the BMC config, I get:
> >> >>
> >> >> $ bmc-config --checkout
> >> >> ...
> >> >> Section Rmcpplus_Conf_Privilege
> >> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> >> >> $
> >> >>
> >> >> Everything prior to that dumps okay.  Adding the section (and
> >> >> subsequent SOL_Conf section) manually, I get two possible results:
> >> >>
> >> >>  * Empty Rmcpplus_Conf_Privilege:  Config commits successfully, but a
> >> >> checkout results in the same problem
> >> >>  * Rmcpplus_Conf_Privilege filled in based on the bmc-config.conf
> >> >> manpage (with Maximum_Privilege_Cipher_Suite_Id_0-through-4 or 12):  I
> >> >> get the same error, fiid_obj_get:
> >> >> maximum_privilege_for_cipher_suite_3: no data set
> >> >>
> >> >> Any idea what could be wrong, or how to fix it?  And could this be the
> >> >> reason the network won't come up?
> >> >>
> >> >> Thanks,
> >> >>
> >> >> Peter
> >> >>
> >> >> _______________________________________________
> >> >> Freeipmi-devel mailing list
> >> >> address@hidden
> >> >> http://BLOCKEDBLOCKEDBLOCKEDlists.gnu.org/mailman/listinfo/freeipmi-devel
> >> >>
> >> > --
> >> > Albert Chu
> >> > address@hidden
> >> > Computer Scientist
> >> > High Performance Systems Division
> >> > Lawrence Livermore National Laboratory
> >> >
> >> >
> >>
> > --
> > Albert Chu
> > address@hidden
> > Computer Scientist
> > High Performance Systems Division
> > Lawrence Livermore National Laboratory
> >
> >
-- 
Albert Chu
address@hidden
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory




reply via email to

[Prev in Thread] Current Thread [Next in Thread]