3

I'm trying to add the second administrator to IPMI:

$ ipmitool -I lanplus -H $ip -U ADMIN -P $passw user list
ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
2   ADMIN            false   false      true       ADMINISTRATOR
6   TESTUSR          true    false      false      ADMINISTRATOR

I could login into web-ui and act as administrator using TESTUSR, but when I'm trying to use it with ipmitool - it don't work as planned:

$ ipmitool -I lanplus -H $ip -U ADMIN -P $passw chassis status
System Power         : on
Power Overload       : false
Power Interlock      : inactive
Main Power Fault     : false
Power Control Fault  : false
Power Restore Policy : previous
Last Power Event     : 
Chassis Intrusion    : inactive
Front-Panel Lockout  : inactive
Drive Fault          : false
Cooling/Fan Fault    : false

$ ipmitool -v -I lanplus -H $ip -U TESTUSR -P $passw chassis status
Get Device ID command failed: 0xd4 Insufficient privilege level
Get HPM.x Capabilities request failed, compcode = d4

Running Get PICMG Properties my_addr 0x20, transit 0, target 0x20
Error Response 0xd4 from Get PICMG Properities
No PICMG Extenstion discovered
Error sending Chassis Status command: Insufficient privilege level

Adding -L ADMINISTRATOR don't changes anything.

Any ideas why one administrator is "better" then the other one?

Improve this question

2 Answers 2

Reset to default
1

There is a privilege level for each user in addition to the channel. So one possibility is the privilege level for the user is not set correctly.

Looking through the ipmitool manpage, it appears the command you want is:

ipmitool user priv <userid> <privilege level> [<channel number>]

Trying it really quick, for some reason the privilege level has to be specified as a number (4 for admin). You can use channel info <num> to find the LAN channel (see manpage for more info).

I can't seem to find the ipmitool options to see the present privilege level for the user on a channel. Sorry if it's there and I can't find the right combo of options. I am more familiar with freeipmi. Using bmc-config you can see it like this (such as with user ID 3):

bmc-config --checkout --section=user3
Improve this answer
0

To set the IPMI Msg parameter to true, use

ipmitool channel setaccess <channel> <userid> link=off callin=off ipmi=on 
privilege=0x4

where is the channel ID (usually 1) and the ID of the test user, 6 in the case above.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .