freeipmi-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-users] ipmi_ctx_open_outofband_2_0: bad completion code (S


From: Werner Fischer
Subject: Re: [Freeipmi-users] ipmi_ctx_open_outofband_2_0: bad completion code (Supermicro X9DR7-LN4F, firmware 3.40)
Date: Thu, 09 Jun 2016 07:56:11 +0200

Hi Al,

On Mit, 2016-06-08 at 10:22 -0700, Albert Chu wrote:
> Hey Werner,
> 
> Thanks for the report, it appears there was a bug in FreeIPMI that would
> have made the bug easier to understand.
you're most welcome.
Thank you again very much for for great and outstanding support!

> According to your dump, 'set session privilege level' is reporting a
> completion code of 0x80.  The "bad completion code" error message is
> because it doesn't recognize the error code.  Looking deeper I have:
> [...]
> So I don't have a macro for 0x80.  It ends up, this is in error.  I
> off-by-oned each of the above macros.  They are supposed to be 0x80-0x82
> instead of 0x81-0x83.
> 
> So I'll need to fix that.  I've pushed this into the
> freeipmi-1-5-0-stable branch if you could try it out?  (github mirror
> https://github.com/chu11/freeipmi-mirror).  Unfortunately, my systems
> can't reproduce this error (likely b/c they are not implementing IPMI
> security correctly).
Thank you. I have forwarded the info to the admin of the system.

> But onto your error, so instead of "bad completion code" it should have
> given you a cleaner error message of something like "privilege level
> cannot be obtained".  I bet that the new firmware fixed this security
> flaw, which is now leading to this problem.
> 
> It likely means that you are trying to connect to a IPMI user on the
> system that has too low of a privilege level for what ipmi-sel requires.
> ipmi-sel defaults to OPERATOR privilege so I bet the IPMI user has a max
> privilege of USER.  So if you connect to a user with appropriate
> privileges, it should work.
> 
> You may be able to get away with setting "--privilege-level=USER" on
> ipmi-sel.  IIRC the OPERATOR privileges are needed for some more
> advanced features, which you may not need/be using.
Thank you.
I've also forwarded this info to the admin.

I'll be out-of-office the rest of the day and tomorrow, so I'll probably
give feedback on Monday how it worked.

Al, thank you again for your help,
best regards,
Werner

> 
> Al
> 
> On Wed, 2016-06-08 at 15:00 +0200, Werner Fischer wrote:
> > Hi Al,
> > 
> > after an update of the IPMI firmware (from v3.15 to 3.40) on four
> > systems with Supermicro X9DR7-LN4F mainboard, IPMI queries with ipmi-sel
> > or ipmi-sensors via LAN fail with the following error:
> > 
> > ipmi_ctx_open_outofband_2_0: bad completion code 
> > 
> > We have already tried to upload the firmware again (without preserving
> > configuration), but this did not help.
> > 
> > We are using this command (ipmi.cfg has username/password):
> >         /usr/sbin/ipmi-sel -h [IP] --config-file /etc/ipmi/ipmi.cfg
> >         --driver-type=LAN_2_0 --output-event-state --interpret-oem-data
> >         --entity-sensor-names --sensor-types=all
> > 
> > We also executed the command with --debug. I've attached the output
> > (partially, because I'm not sure whether there may be sensitive data in
> > it as RAKP can be brute-force attacked).
> > 
> > Of course we could try to remove power down the servers and pull power
> > chords, and test again. But as these are production systems I'd want to
> > ask whether you have any idea or if there is a workaround.
> > 
> > PS: with firmware v3.15 we had no issues. I have tested the firmware
> > 3.40 on another system with X9SCM-F, but I do not get any errors there.
> > 
> > Thanks for your help,
> > best regards,
> > Werner
> > _______________________________________________
> > Freeipmi-users mailing list
> > address@hidden
> > https://lists.gnu.org/mailman/listinfo/freeipmi-users
> 





reply via email to

[Prev in Thread] Current Thread [Next in Thread]