[Linux-cluster] fence_ipmilan Faiing for 'Administrator' user

Zama Ques queszama at yahoo.in
Tue Feb 5 03:12:49 UTC 2013 




________________________________
 From: Digimer <lists at alteeve.ca>
To: Zama Ques <queszama at yahoo.in>; linux clustering <linux-cluster at redhat.com> 
Sent: Monday, 4 February 2013 6:23 PM
Subject: Re: [Linux-cluster] fence_ipmilan Faiing for 'Administrator' user
 
On 02/04/2013 05:42 AM, Zama Ques wrote:
> Hi All ,
> 
> Need help in configuring IPMI_Lan as fencing device for my cluster . The
> servers I am using are of make HP ProLiant
> 
> Since fence_ipmilan internally uses ipmitool , I was trying to
> understand the use of ipmitool . For that purpose , I initially created
> a user named 'admin' using ipmitool.
> 
> =====
> 
> |# ipmitool user list 2
> ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
> 1   Administrator    true    false      true       ADMINISTRATOR
> 2   admin             true    false      true       USER
> 3   (Empty User)     true    false      false      NO ACCESS
> 4   (Empty User)     true    false      false      NO ACCESS
> ______________________________
> 
> ]# ipmitool channel getciphers ipmi 2 
> ID   IANA    Auth Alg        Integrity Alg   Confidentiality Alg
> 0    N/A     none            none            none          
> 1    N/A     hmac_sha1       none            none          
> 2    N/A     hmac_sha1       hmac_sha1_96    none          
> 3    N/A     hmac_sha1       hmac_sha1_96    aes_cbc_128  
> 
> =====
> 
> Using the 'admin' user , I am able to execute IPMI commands successfully. 
> 
> =====
> ]#  ipmitool -I lanplus -H 192.168.2.153 -U admin -L USER chassis status
> System Power         : on
> Power Overload       : false
> Power Interlock      : inactive
> Main Power Fault     : false
> ......
> ......
> -----------------------
> ]# fence_ipmilan -L USER -a 192.168.2.153 -P lanplus  -l admin -p xxxxxxx -T 4  -o status -v
> Getting status of IPMI:192.168.2.153...Spawning: '/usr/bin/ipmitool -I lanplus -H '192.168.2.153' -U 'ssdg' -L 'USER' -P '[set]' -v chassis power status'...
> Chassis power = On
> Done
> =======
> 
> 
> But the same above commands fails if I use the 'Administrator' User. 
> 
> =====
> #  ipmitool -I lanplus -H 192.168.2.153 -U Administrator -L ADMINISTRATOR chassis status
> Password: 
> Error: Unable to establish IPMI v2 / RMCP+
>  session
> Error sending Chassis Status command
> 
> #  ipmitool -I lanplus -H 192.168.2.153 -U Administrator  chassis status
> Password: 
> Error: Unable to establish IPMI v2 / RMCP+ session
> Error sending Chassis Status command
> =======
> 
> I am using the default password for 'Administrator' user ||which is  printed on a little cardboard card attached to the server
> 
> Kindly guide where I went wrong ?
> 
> Thanks in Advance
> Zaman
> |

> This appears to be a problem below fence_ipmilan.

> My first guess would be that something is lower-casing the "A". Can you
> create a user "administrator" and if so, does that work? Have you tried
> putting the user name in double-quotes (no idea if that would make a
> difference)? ie: '... -U "Administrator" ...'?

Thanks Digimer for the reply. 

Was able to verify that proper alphabet case is being used for 'Administrator' user.

====
# fence_ipmilan -L ADMINISTRATOR -a 192.168.2.153 -P lanplus  -l Administrator  -p "XXX" -T 4  -o status -v
Getting status of IPMI:192.168.2.153...Spawning: '/usr/bin/ipmitool -I lanplus -H '192.168.2.153' -U 'Administrator' -L 'ADMINISTRATOR' -P '[set]' -v chassis power status'...
Chassis power = Unknown
Failed
====

Looks like it was not taking the default password for 'Administrator' user.

====
# ipmitool user test 1 20 XXX
Set User Password command failed (user 1): Unknown (0x80)
Failure: password incorrect
# ipmitool user test 1 16 XXX
Set User Password command failed (user 1): Unknown (0x80)
Failure: password incorrect
-----
# ipmitool user test 2 16 xxxx
Success
# ipmitool user test 2 20 xxxx
Success
====

Changed privilege for 'admin' user to ADMINISTRATOR so that it can perform fencing. 

====
]# ipmitool user list 2
ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
1   Administrator    true    false      true       ADMINISTRATOR
2   admin             true    false      true       ADMINISTRATOR
====

Digimer , can you please let me know whether for performing fencing , ADMINISTRATOR level privilege is needed or lower privilege levels can perform fencing ?

===
   1   Callback level
   2   User level
   3   Operator level
   4   Administrator level
===
Thanks
Zaman
-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20130205/0f9720f4/attachment.htm>

More information about the Linux-cluster mailing list