浪潮服务器修改ipmi账号密码,浪潮服务器BMC⽤户配置问题
导致ipmipower出现us。。。
浪潮服务器 BMC ⽤户配置问题导致 ipmipower 出现 urname invalid 报错
2018-12-11 分类:Hardware 标签:Freeipmi Ipmitool
WHAT
⼚⾥的 浪潮 (Inspur) 服务器 使⽤ ipmipower 远程管理电源,提⽰ urname invalid 错误:
# ipmipower -D LAN_2_0 --ssion-timeout=1000 -u root -p $(cat ~/oob) -h 10.30.2.17 -s
10.30.2.17: urname invalid
奇葩的是 ipmitool 却能正常使⽤:
# ipmitool -I lanplus -U root -P $(cat ~/oob) -H 10.30.2.17 power status
Chassis Power is on
WHY
通过 bmc-config ( freeipmi 软件包 ) 查看 BMC ⽤户信息,发现和 ipmitool 的结果不同:
# for i in {1..3}; do bmc-config -o -e Ur${i}:Urname; done
Section Ur1
## Give Urname
## Urname NULL
EndSection
Section Ur2
## Give Urname
Urname admin
EndSection
Section Ur3
## Give Urname
## Urname
EndSection
# ipmitool ur list 1
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 root true true true ADMINISTRATOR
美国景点
2 admin fal fal true ADMINISTRATOR
HOW
尝试⽤ bmc-config 修改 Ur1 对应的⽤户名,结果失败:
# bmc-config -c -e Ur1:Urname="root"
Invalid value 'root' for key 'Urname' in ction 'Ur1'
但是 ipmitool 是可以修改 Ur ID 为 1 的⽤户名:
# ipmitool ur t name 1 NULL
# ipmitool ur list 1
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 NULL true true true ADMINISTRATOR
2 admin true true true ADMINISTRATOR
wrong way
之后尝试修改 Ur ID 为 2 的 admin ⽤户名为 root :
# ipmitool ur list 1
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 NULL true true true ADMINISTRATOR
2 root true true true ADMINISTRATOR
# bmc-config -o -e Ur$(ipmitool ur list 1|awk '/\/{print $1}'):Urname
Section Ur2
## Give Urname
Urname root
EndSection
毫无疑问的英文
虽然能修改⽤户名,但是 ipmipower 远程测试,还是提⽰ urname invalid 报错:
# ipmipower -D LAN_2_0 --ssion-timeout=1000 -u root -p $(cat ~/oob) -h 10.30.2.17 -s 10.30.2.17: urname invalid
# ipmitool -I lanplus -U root -P $(cat ~/oob) -H 10.30.2.17 power status
Chassis Power is on
right way
bmc-config ⽤户 Ur1 配置详情,仍然⽆法看到使⽤ ipmitool 修改过的⽤户名:
# bmc-config -o -S Ur1
#
word文档背景
# Section UrX Comments
#
# In the following Ur ctions, urs should configure urnames, passwords,
# and access rights for IPMI over LAN communication. Urnames can be t to any
# string with the exception of Ur1, which is a fixed to the "anonymous"
# urname in IPMI.浑身解数什么意思
#
# For IPMI over LAN access for a urname, t "Enable_Ur" to "Yes",
# "Lan_Enable_IPMI_Msgs" to "Yes", and "Lan_Privilege_Limit" to a privilege
# level. The privilege level is ud to limit various IPMI operations for
# individual urnames. It is recommened that atleast one urname be created
# with a privilege limit "Administrator", so all system functions are available
# to atleast one urname via IPMI over LAN. For curity reasons, we recommend # not enabling the "anonymous" Ur1. For most urs, "Lan_Session_Limit" can be # t to 0 (or ignored) to support an unlimited number of simultaneous IPMI over
# LAN ssions.
#
# If your system supports IPMI 2.0 and Serial-over-LAN (SOL),
# a"SOL_Payload_Access" field may be listed below. Set the "SOL_Payload_Access" # field to "Yes"
or "No" to enable or disable this urname's ability to access
# SOL.
#
# Plea do not forget to uncomment tho fields, such as "Password", that may
# be commented out during the checkout.
#
# Some motherboards may require a "Urname" to be configured prior to other
# fields being read/written. If this is the ca, tho fields will be t to
# .
#
Section Ur1
## Give Urname
## Urname NULL
## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported). ## Password
## Possible values: Yes/No or blank to not t
Enable_Ur Yes
## Possible values: Yes/No
Lan_Enable_IPMI_Msgs Yes
## Possible values: Yes/No
Lan_Enable_Link_Auth Yes
## Possible values: Yes/No
Lan_Enable_Restricted_to_Callback No
## Possible values: Callback/Ur/Operator/Administrator/OEM_Proprietary/No_Access Lan_Privilege_Limit Administrator
## Possible values: 0-17, 0 is unlimited; May be ret to 0 if not specified
## Lan_Session_Limit
## Possible values: Yes/No
SOL_Payload_Access Yes
EndSection
后来联系⼚家,⼚家⼯程师建议使⽤ ipmitool 或是 新建⽤户 试试看。
测试 新建⽤户 :
默认 Ur3 ⽤户 未启⽤ :Enable_Ur No
投资协议书# bmc-config -o -S Ur3
Section Ur3
## Give Urname
风景优美的拼音
## Urname
## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
小石斑鱼## Password
## Possible values: Yes/No or blank to not t
Enable_Ur No
## Possible values: Yes/No
Lan_Enable_IPMI_Msgs No
## Possible values: Yes/No
Lan_Enable_Link_Auth No
## Possible values: Yes/No
Lan_Enable_Restricted_to_Callback No
## Possible values: Callback/Ur/Operator/Administrator/OEM_Proprietary/No_Access Lan_Privilege_Limit No_Access
## Possible values: 0-17, 0 is unlimited; May be ret to 0 if not specified
## Lan_Session_Limit
## Possible values: Yes/No
## SOL_Payload_Access
EndSection
配置并启⽤ Ur3 ⽤户:
uid=3
bmc-config -c -e Ur${uid}:Urname="root"
bmc-config -c -e Ur${uid}:Password="...."
bmc-config -c -e Ur${uid}:Enable_Ur=Yes
bmc-config -c -e Ur${uid}:Lan_Enable_IPMI_Msgs=Yes
bmc-config -c -e Ur${uid}:Lan_Enable_Link_Auth=Yes
bmc-config -c -e Ur${uid}:Lan_Privilege_Limit=Administrator
bmc-config -c -e Ur${uid}:SOL_Payload_Access=Yes
配置完成后的 Ur3 ⽤户:
# bmc-config -o -S Ur3
Section Ur3
## Give Urname
Urname root
## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
## Password
## Possible values: Yes/No or blank to not t
Enable_Ur Yes
## Possible values: Yes/No
Lan_Enable_IPMI_Msgs Yes
## Possible values: Yes/No
音乐家的英语Lan_Enable_Link_Auth Yes
## Possible values: Yes/No
Lan_Enable_Restricted_to_Callback No
## Possible values: Callback/Ur/Operator/Administrator/OEM_Proprietary/No_Access Lan_Privilege_Limit Administrator
## Possible values: 0-17, 0 is unlimited; May be ret to 0 if not specified
## Lan_Session_Limit
## Possible values: Yes/No
SOL_Payload_Access Yes
EndSection
所有启⽤的 BMC ⽤户:
# for i in {1..3}; do bmc-config -o -e Ur${i}:Urname; done
Section Ur1
## Give Urname
## Urname NULL
