<div>Thanks for the update :)<br></div><div>will follow those links.<br></div><div><br></div><div>Thanks,<br>Raj<br></div><div><br></div><div class="protonmail_signature_block"><div class="protonmail_signature_block-user protonmail_signature_block-empty"><br></div><div class="protonmail_signature_block-proton"><br></div></div><div><br></div><div>‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐<br></div><div> On Thursday, September 26, 2019 11:19 PM, Thomaiyar, Richard Marian <richard.marian.thomaiyar@linux.intel.com> wrote:<br></div><div> <br></div><blockquote class="protonmail_quote" type="cite"><p>yes, this is known problem, and there are changes under review
which will fix the same as well. If i remember correctly, there
should be an issue already for this.<br></p><p>Issue: NoAccess is not in Redfish roles, and hence AccountService
will not be able to get users with that privilege.<br></p><p>Following changes under review will fix the same. <br></p><p>1. <a href="https://gerrit.openbmc-project.xyz/#/c/openbmc/bmcweb/+/23962/">https://gerrit.openbmc-project.xyz/#/c/openbmc/bmcweb/+/23962/</a><br></p><p>2.<a href="https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/+/24784/">https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/+/24784/</a><br></p><p>regards,<br></p><p>Richard<br></p><div class="moz-cite-prefix">On 9/26/2019 3:02 PM, Rahul Maheshwari
wrote:<br></div><blockquote type="cite"><div dir="ltr"><div>Gunnar<br></div><div> I tested and found that this problem is only seen when we don't
assign privilege to user after creating using IPMItool. See
below steps for more details. <br></div><div> <br></div><div> Step to hit the problem and fix it up.<br></div><div> 1. Create IPMI user using below command<br></div><div> ipmitool -I lanplus -H <BMC_IP> -U root -P 0penBmc user
set name 2 user_ipmi<br></div><div> <br></div><div> 2. Login to GUI and navigate to user account page(here you will
see no user exist message in GUI's user page)<br></div><div> <br></div><div> 3. Now assign any privilege to user using below command<br></div><div> ipmitool -I lanplus -H <BMC_IP> -U root -P 0penBmc
channel setaccess 1 2 privilege=2<br></div><div> <br></div><div> 4. Now refresh the GUI user page(here you will see that all
users are visible now). <br></div><div><br></div><div><div>This problem is not with Redfish as we are able to see all
users after creating user using IPMI without any permission.
So this seem like a problem which need to be fixed from GUI
side.<br></div><div> <br></div><div><br></div><div><div>$ curl -k -H "X-Auth-Token: $bmc_token" -X GET <a href="https://$">https://$</a>{BMC_IP}/redfish/v1/AccountService/Accounts/<br></div><div> {<br></div><div> "@odata.context":
"/redfish/v1/$metadata#ManagerAccountCollection.ManagerAccountCollection",<br></div><div> "@<a href="http://odata.id">odata.id</a>":
"/redfish/v1/AccountService/Accounts",<br></div><div> "@odata.type":
"#ManagerAccountCollection.ManagerAccountCollection",<br></div><div> "Description": "BMC User Accounts",<br></div><div> "Members": [<br></div><div> {<br></div><div> "@<a href="http://odata.id">odata.id</a>":
"/redfish/v1/AccountService/Accounts/user_ipmi"<br></div><div> },<br></div><div> {<br></div><div> "@<a href="http://odata.id">odata.id</a>":
"/redfish/v1/AccountService/Accounts/root"<br></div><div> }<br></div><div> ],<br></div><div> <a href="mailto:Members@odata.count">"Members@odata.count"</a>: 2,<br></div><div> "Name": "Accounts Collection"<br></div></div><div><br></div><div>Thanks<br></div><div>Rahul<br></div></div></div><div><br></div><div class="gmail_quote"><div dir="ltr">On Thu, Sep 26, 2019 at 3:13
AM Gunnar Mills <<a href="mailto:gmills@linux.vnet.ibm.com">gmills@linux.vnet.ibm.com</a>>
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF"><p><br></p><div>On 9/25/2019 5:20 AM, rgrs wrote:<br></div><blockquote type="cite"><div><br></div><div>Is there any difference in user management from WebUI
and ipmitool?<br></div><div>When I add user via WebUI, a user is created and
deleted immediately. Not sure why.<br></div></blockquote><p></p><div>The WebUI uses the Redfish API to create/update/delete
users. <br></div><div> <a href="https://github.com/openbmc/phosphor-webui/blob/418db63c77aad03fe3401c7acd9f9792fab96a68/app/common/services/api-utils.js#L616" target="_blank">https://github.com/openbmc/phosphor-webui/blob/418db63c77aad03fe3401c7acd9f9792fab96a68/app/common/services/api-utils.js#L616</a><br></div><p></p><p> Ratan or Richard do you know what is going on here?<br></p><blockquote type="cite"><div>When I add user via IPMItool, users are getting added
but WebUI user configuration page is blank.<br></div></blockquote><div><br></div><div>I thought IPMI and Redfish users were treated the same in
phosphor-user-manager.<br></div><div> <br></div><div> What version of OpenBMC?<br></div><div> <br></div><div> <br></div><blockquote type="cite"><div><br></div><div><b><u>Logs:</u></b><br></div><div><b>journalctl (User creation with WebUI):</b><br></div><div>Sep 25 09:17:52 mybmc nslcd[1127]: [200854]
<passwd="TestUser"> no available LDAP server
found: Server is unavailable: Transport endpoint is not
connected<br></div><div>Sep 25 09:17:52 mybmc nslcd[1127]: [b127f8]
<passwd=1000> no available LDAP server found:
Server is unavailable: Transport endpoint is not
connected<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: new user:
name=TestUser, UID=1000, GID=100, home=/home/TestUser,
shell=/bin/sh<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to group 'web'<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to group 'redfish'<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to group 'priv-admin'<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to group 'ipmi'<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to shadow group 'web'<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to shadow group 'redfish'<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to shadow group 'priv-admin'<br></div><div>Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser'
to shadow group 'ipmi'<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file
`/etc/passwd` was written to<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file
`/etc/passwd` was moved into place, adding watch<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file
`/etc/group` was written to<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file
`/etc/group` was moved into place, adding watch<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
file `/etc/passwd` (27)<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
file `/etc/group` (28)<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
file `/etc/passwd` (27)<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
file `/etc/group` (28)<br></div><div>Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br></div><div>Sep 25 09:17:52 mybmc phosphor-user-manager[1119]:
User created successfully<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete user
'TestUser'<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from group 'web'<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from group 'redfish'<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from group 'priv-admin'<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from group 'ipmi'<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from shadow group 'web'<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from shadow group 'redfish'<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from shadow group 'priv-admin'<br></div><div>Sep 25 09:17:53 mybmc userdel[1822]: delete
'TestUser' from shadow group 'ipmi'<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file
`/etc/passwd` was written to<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file
`/etc/passwd` was moved into place, adding watch<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file
`/etc/group` was written to<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file
`/etc/group` was moved into place, adding watch<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
file `/etc/passwd` (29)<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
file `/etc/group` (30)<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
file `/etc/passwd` (29)<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
file `/etc/group` (30)<br></div><div>Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring
directory `/etc` (2)<br></div><div>Sep 25 09:17:53 mybmc phosphor-user-manager[1119]:
User deleted successfully<br></div><div><br></div></blockquote></div></blockquote></div></blockquote></blockquote><div><br></div>