ipmi lan interface question

Vernon Mauery vernon.mauery at linux.intel.com
Wed Feb 10 01:55:51 AEDT 2021 

On 01-Feb-2021 11:29 PM, Mohammed.Habeeb ISV wrote:
>Hi
>
>I am trying to test the ipmi lan interface for the first time. However, I see setting Authtype is failing. Please review the below logs and let me know if any inputs.
>OpenBMC Version is 2.9 .
>
>Setup:
>Openbmc machince 2.7(seahawk) ------openbmc machine 2.9(transformers)
>
>
>Below is the command outputs.
>
>/* 10.41.8.50 is transformers 2.9 BMC IP.*/
>seahawk:/# ipmitool -H 10.41.8.50 -U test -P test123 lan print -vvv

The default interface type (-I parameter) is lan, or in IPMI language, 
RMCP 1/1.5 connection. OpenBMC does not support this type of connection 
because it is terribly insecure. Make sure you choose RMCP+ (-I lanplus) 
as your interface type and cipher suite 17 (-C 17).

On newer versions of ipmitool, it will automatically negotiate the best 
cipher suite, but on older versions, it is best to choose 17.

--Vernon

>Sending IPMI/RMCP presence ping packet
>send_packet (12 bytes)
>06 00 ff 06 00 00 11 be 80 00 00 00
>ipmi_lan_send_cmd:opened=[1], open=[474656]
>>> IPMI Request Session Header (level 0)
>>>   Authtype   : NONE
>>>   Sequence   : 0x00000000
>>>   Session ID : 0x00000000
>>> IPMI Request Message Header
>>>   Rs Addr    : 20
>>>   NetFn      : 06
>>>   Rs LUN     : 0
>>>   Rq Addr    : 81
>>>   Rq Seq     : 01
>>>   Rq Lun     : 0
>>>   Command    : 38
>send_packet (23 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 09 20 18
>c8 81 04 38 0e 04 31
>recv_packet (31 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c
>63 20 04 38 00 01 80 04 02 00 00 00 00 1d 00
>ipmi message header (31 bytes)
>06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c
>63 20 04 38 00 01 80 04 02 00 00 00 00 1d 00
><< IPMI Response Session Header
><<   Authtype   : NONE
><<   Sequence   : 0x00000000
><<   Session ID : 0x00000000
><< IPMI Response Message Header
><<   Rq Addr    : 81
><<   NetFn      : 07
><<   Rq LUN     : 0
><<   Rs Addr    : 20
><<   Rq Seq     : 01
><<   Rs Lun     : 0+
><<   Command    : 38
><<   Compl Code : 0x00
>get_auth_capabilities (9 bytes)
>01 80 04 02 00 00 00 00 1d
>Channel 01 Authentication Capabilities:
>  Privilege Level : ADMINISTRATOR
>  Auth Types      :
>  Per-msg auth    : enabled
>  User level auth : enabled
>  Non-null users  : enabled
>  Null users      : disabled
>  Anonymous login : disabled
>
>Authentication type NONE not supported
>Error: Unable to establish LAN session
>Error: Unable to establish IPMI v1.5 / RMCP session
>seahawk:/#
>
>Since , AuthType NONE is not supported tried to set the auth type to MD5 but it fails.
>sysadmin at transformers:~# ipmitool lan set 1 auth Admin MD5,PASSWORD -vvv
>Loading IANA PEN Registry...
>Running Get PICMG Properties my_addr 0x20, transit 0, target 0
>Error response 0xc1 from Get PICMG Properties
>Running Get VSO Capabilities my_addr 0x20, transit 0, target 0
>Invalid completion code received: Invalid command
>Acquire IPMB address
>Discovered IPMB address 0x0
>Interface address: my_addr 0x20 transit 0:0 target 0x20:0 ipmb_target 0
>
>Channel type: 802.3 LAN
>Auth Type Enable        : callback=0x00 user=0x00 operator=0x00 admin=0x00 oem=0x00
>authtype data (5 bytes)
>00 00 00 14 00
>Warning: Set LAN Parameter failed: Unknown (0x82)
>sysadmin at transformers:~#
>
>sysadmin at transformers:~# ipmitool channel getaccess 1 4
>Maximum User IDs     : 15
>Enabled User IDs     : 4
>
>User ID              : 4
>User Name            : test
>Fixed Name           : No
>Access Available     : callback
>Link Authentication  : enabled
>IPMI Messaging       : enabled
>Privilege Level      : ADMINISTRATOR
>Enable Status        : enabled
>sysadmin at transformers:~#

More information about the openbmc mailing list