<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>yes, this is known problem, and there are changes under review
which will fix the same as well. If i remember correctly, there
should be an issue already for this.<br>
</p>
<p>Issue: NoAccess is not in Redfish roles, and hence AccountService
will not be able to get users with that privilege.</p>
<p>Following changes under review will fix the same. <br>
</p>
<p>1. <a
href="https://gerrit.openbmc-project.xyz/#/c/openbmc/bmcweb/+/23962/">https://gerrit.openbmc-project.xyz/#/c/openbmc/bmcweb/+/23962/</a></p>
<p>2.<a
href="https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/+/24784/">https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/+/24784/</a></p>
<p>regards,</p>
<p>Richard<br>
</p>
<div class="moz-cite-prefix">On 9/26/2019 3:02 PM, Rahul Maheshwari
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAMkS11b3PShKFRW+1RHLDsrbbP+G3Az5g-WjMGkT_97b0rOYg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Gunnar<br>
I tested and found that this problem is only seen when we don't
assign privilege to user after creating using IPMItool. See
below steps for more details. <br>
<br>
Step to hit the problem and fix it up.<br>
1. Create IPMI user using below command<br>
ipmitool -I lanplus -H <BMC_IP> -U root -P 0penBmc user
set name 2 user_ipmi<br>
<br>
2. Login to GUI and navigate to user account page(here you will
see no user exist message in GUI's user page)<br>
<br>
3. Now assign any privilege to user using below command<br>
ipmitool -I lanplus -H <BMC_IP> -U root -P 0penBmc
channel setaccess 1 2 privilege=2<br>
<br>
4. Now refresh the GUI user page(here you will see that all
users are visible now).
<div><br>
</div>
<div>This problem is not with Redfish as we are able to see all
users after creating user using IPMI without any permission.
So this seem like a problem which need to be fixed from GUI
side.<br>
<div><br>
</div>
<div>$ curl -k -H "X-Auth-Token: $bmc_token" -X GET
<a class="moz-txt-link-freetext" href="https://$">https://$</a>{BMC_IP}/redfish/v1/AccountService/Accounts/<br>
{<br>
"@odata.context":
"/redfish/v1/$metadata#ManagerAccountCollection.ManagerAccountCollection",<br>
"@<a href="http://odata.id" moz-do-not-send="true">odata.id</a>":
"/redfish/v1/AccountService/Accounts",<br>
"@odata.type":
"#ManagerAccountCollection.ManagerAccountCollection",<br>
"Description": "BMC User Accounts",<br>
"Members": [<br>
{<br>
"@<a href="http://odata.id" moz-do-not-send="true">odata.id</a>":
"/redfish/v1/AccountService/Accounts/user_ipmi"<br>
},<br>
{<br>
"@<a href="http://odata.id" moz-do-not-send="true">odata.id</a>":
"/redfish/v1/AccountService/Accounts/root"<br>
}<br>
],<br>
<a class="moz-txt-link-rfc2396E" href="mailto:Members@odata.count">"Members@odata.count"</a>: 2,<br>
"Name": "Accounts Collection"<br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div>Rahul</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Sep 26, 2019 at 3:13
AM Gunnar Mills <<a href="mailto:gmills@linux.vnet.ibm.com"
moz-do-not-send="true">gmills@linux.vnet.ibm.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p><br>
</p>
<div>On 9/25/2019 5:20 AM, rgrs wrote:<br>
</div>
<blockquote type="cite">
<div><br>
</div>
<div>Is there any difference in user management from WebUI
and ipmitool?<br>
</div>
<div>When I add user via WebUI, a user is created and
deleted immediately. Not sure why.<br>
</div>
</blockquote>
<p>The WebUI uses the Redfish API to create/update/delete
users. <br>
<a
href="https://github.com/openbmc/phosphor-webui/blob/418db63c77aad03fe3401c7acd9f9792fab96a68/app/common/services/api-utils.js#L616"
target="_blank" moz-do-not-send="true">https://github.com/openbmc/phosphor-webui/blob/418db63c77aad03fe3401c7acd9f9792fab96a68/app/common/services/api-utils.js#L616</a><br>
</p>
<p> Ratan or Richard do you know what is going on here?</p>
<blockquote type="cite">
<div>When I add user via IPMItool, users are getting added
but WebUI user configuration page is blank.<br>
</div>
</blockquote>
<br>
I thought IPMI and Redfish users were treated the same in
phosphor-user-manager.<br>
<br>
What version of OpenBMC?<br>
<br>
<blockquote type="cite">
<div><br>
</div>
<div><b><u>Logs:</u></b><br>
</div>
<div><b>journalctl (User creation with WebUI):</b><br>
</div>
<div>Sep 25 09:17:52 mybmc nslcd[1127]: [200854]
<passwd="TestUser"> no available LDAP server
found: Server is unavailable: Transport endpoint is not
connected<br>
</div>
<div>Sep 25 09:17:52 mybmc nslcd[1127]: [b127f8]
<passwd=1000> no available LDAP server found:
Server is unavailable: Transport endpoint is not
connected<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: new user:
name=TestUser, UID=1000, GID=100, home=/home/TestUser,
shell=/bin/sh<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to group 'web'<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to group 'redfish'<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to group 'priv-admin'<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to group 'ipmi'<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to shadow group 'web'<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to shadow group 'redfish'<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to shadow group 'priv-admin'<br>
</div>
<div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to shadow group 'ipmi'<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file
`/etc/passwd` was written to<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file
`/etc/passwd` was moved into place, adding watch<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file
`/etc/group` was written to<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file
`/etc/group` was moved into place, adding watch<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
file `/etc/passwd` (27)<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
file `/etc/group` (28)<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
file `/etc/passwd` (27)<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
file `/etc/group` (28)<br>
</div>
<div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br>
</div>
<div>Sep 25 09:17:52 mybmc phosphor-user-manager[1119]:
User created successfully<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete user
'TestUser'<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from group 'web'<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from group 'redfish'<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from group 'priv-admin'<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from group 'ipmi'<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from shadow group 'web'<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from shadow group 'redfish'<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from shadow group 'priv-admin'<br>
</div>
<div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from shadow group 'ipmi'<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file
`/etc/passwd` was written to<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file
`/etc/passwd` was moved into place, adding watch<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file
`/etc/group` was written to<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file
`/etc/group` was moved into place, adding watch<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
file `/etc/passwd` (29)<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
file `/etc/group` (30)<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
file `/etc/passwd` (29)<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
file `/etc/group` (30)<br>
</div>
<div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br>
</div>
<div>Sep 25 09:17:53 mybmc phosphor-user-manager[1119]:
User deleted successfully<br>
</div>
<div><br>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>