User management via WebUI vs ipmitool
Rahul Maheshwari
rahulmaheshwari01 at gmail.com
Thu Sep 26 19:32:47 AEST 2019
Gunnar
I tested and found that this problem is only seen when we don't assign
privilege to user after creating using IPMItool. See below steps for more
details.
Step to hit the problem and fix it up.
1. Create IPMI user using below command
ipmitool -I lanplus -H <BMC_IP> -U root -P 0penBmc user set name 2
user_ipmi
2. Login to GUI and navigate to user account page(here you will see no user
exist message in GUI's user page)
3. Now assign any privilege to user using below command
ipmitool -I lanplus -H <BMC_IP> -U root -P 0penBmc channel setaccess 1 2
privilege=2
4. Now refresh the GUI user page(here you will see that all users are
visible now).
This problem is not with Redfish as we are able to see all users
after creating user using IPMI without any permission. So this seem like a
problem which need to be fixed from GUI side.
$ curl -k -H "X-Auth-Token: $bmc_token" -X GET https://
${BMC_IP}/redfish/v1/AccountService/Accounts/
{
"@odata.context":
"/redfish/v1/$metadata#ManagerAccountCollection.ManagerAccountCollection",
"@odata.id": "/redfish/v1/AccountService/Accounts",
"@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
"Description": "BMC User Accounts",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user_ipmi"
},
{
"@odata.id": "/redfish/v1/AccountService/Accounts/root"
}
],
"Members at odata.count": 2,
"Name": "Accounts Collection"
Thanks
Rahul
On Thu, Sep 26, 2019 at 3:13 AM Gunnar Mills <gmills at linux.vnet.ibm.com>
wrote:
>
> On 9/25/2019 5:20 AM, rgrs wrote:
>
>
> Is there any difference in user management from WebUI and ipmitool?
> When I add user via WebUI, a user is created and deleted immediately. Not
> sure why.
>
> The WebUI uses the Redfish API to create/update/delete users.
>
> https://github.com/openbmc/phosphor-webui/blob/418db63c77aad03fe3401c7acd9f9792fab96a68/app/common/services/api-utils.js#L616
>
> Ratan or Richard do you know what is going on here?
>
> When I add user via IPMItool, users are getting added but WebUI user
> configuration page is blank.
>
>
> I thought IPMI and Redfish users were treated the same in
> phosphor-user-manager.
>
> What version of OpenBMC?
>
>
> *Logs:*
> *journalctl (User creation with WebUI):*
> Sep 25 09:17:52 mybmc nslcd[1127]: [200854] <passwd="TestUser"> no
> available LDAP server found: Server is unavailable: Transport endpoint is
> not connected
> Sep 25 09:17:52 mybmc nslcd[1127]: [b127f8] <passwd=1000> no available
> LDAP server found: Server is unavailable: Transport endpoint is not
> connected
> Sep 25 09:17:52 mybmc useradd[1816]: new user: name=TestUser, UID=1000,
> GID=100, home=/home/TestUser, shell=/bin/sh
> Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser' to group 'web'
> Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser' to group 'redfish'
> Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser' to group 'priv-admin'
> Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser' to group 'ipmi'
> Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser' to shadow group 'web'
> Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser' to shadow group
> 'redfish'
> Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser' to shadow group
> 'priv-admin'
> Sep 25 09:17:52 mybmc useradd[1816]: add 'TestUser' to shadow group 'ipmi'
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file `/etc/passwd` was
> written to
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file `/etc/passwd` was
> moved into place, adding watch
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file `/etc/group` was
> written to
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitored file `/etc/group` was
> moved into place, adding watch
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring file `/etc/passwd` (27)
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring directory `/etc` (2)
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring file `/etc/group` (28)
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring directory `/etc` (2)
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring file `/etc/passwd` (27)
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring directory `/etc` (2)
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring file `/etc/group` (28)
> Sep 25 09:17:52 mybmc nscd[1092]: 1092 monitoring directory `/etc` (2)
> Sep 25 09:17:52 mybmc phosphor-user-manager[1119]: User created
> successfully
> Sep 25 09:17:53 mybmc userdel[1822]: delete user 'TestUser'
> Sep 25 09:17:53 mybmc userdel[1822]: delete 'TestUser' from group 'web'
> Sep 25 09:17:53 mybmc userdel[1822]: delete 'TestUser' from group 'redfish'
> Sep 25 09:17:53 mybmc userdel[1822]: delete 'TestUser' from group
> 'priv-admin'
> Sep 25 09:17:53 mybmc userdel[1822]: delete 'TestUser' from group 'ipmi'
> Sep 25 09:17:53 mybmc userdel[1822]: delete 'TestUser' from shadow group
> 'web'
> Sep 25 09:17:53 mybmc userdel[1822]: delete 'TestUser' from shadow group
> 'redfish'
> Sep 25 09:17:53 mybmc userdel[1822]: delete 'TestUser' from shadow group
> 'priv-admin'
> Sep 25 09:17:53 mybmc userdel[1822]: delete 'TestUser' from shadow group
> 'ipmi'
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file `/etc/passwd` was
> written to
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file `/etc/passwd` was
> moved into place, adding watch
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file `/etc/group` was
> written to
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitored file `/etc/group` was
> moved into place, adding watch
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring file `/etc/passwd` (29)
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring directory `/etc` (2)
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring file `/etc/group` (30)
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring directory `/etc` (2)
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring file `/etc/passwd` (29)
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring directory `/etc` (2)
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring file `/etc/group` (30)
> Sep 25 09:17:53 mybmc nscd[1092]: 1092 monitoring directory `/etc` (2)
> Sep 25 09:17:53 mybmc phosphor-user-manager[1119]: User deleted
> successfully
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190926/fe00083f/attachment.htm>
More information about the openbmc
mailing list