On 02/04/2013 10:12 PM, Zama Ques wrote: > > > ------------------------------------------------------------------------ > *From:* Digimer <lists@xxxxxxxxxx> > *To:* Zama Ques <queszama@xxxxxxxx>; linux clustering > <linux-cluster@xxxxxxxxxx> > *Sent:* Monday, 4 February 2013 6:23 PM > *Subject:* Re: fence_ipmilan Faiing for 'Administrator' user > > On 02/04/2013 05:42 AM, Zama Ques wrote: >> Hi All , >> >> Need help in configuring IPMI_Lan as fencing device for my cluster . The >> servers I am using are of make HP ProLiant >> >> Since fence_ipmilan internally uses ipmitool , I was trying to >> understand the use of ipmitool . For that purpose , I initially created >> a user named 'admin' using ipmitool. >> >> ===== >> >> |# ipmitool user list 2 >> ID Name Callin Link Auth IPMI Msg Channel Priv Limit >> 1 Administrator true false true ADMINISTRATOR >> 2 admin true false true USER >> 3 (Empty User) true false false NO ACCESS >> 4 (Empty User) true false false NO ACCESS >> ______________________________ >> >> ]# ipmitool channel getciphers ipmi 2 >> ID IANA Auth Alg Integrity Alg Confidentiality Alg >> 0 N/A none none none >> 1 N/A hmac_sha1 none none >> 2 N/A hmac_sha1 hmac_sha1_96 none >> 3 N/A hmac_sha1 hmac_sha1_96 aes_cbc_128 >> >> ===== >> >> Using the 'admin' user , I am able to execute IPMI commands successfully. >> >> ===== >> ]# ipmitool -I lanplus -H 192.168.2.153 -U admin -L USER chassis status >> System Power : on >> Power Overload : false >> Power Interlock : inactive >> Main Power Fault : false >> ...... >> ...... >> ----------------------- >> ]# fence_ipmilan -L USER -a 192.168.2.153 -P lanplus -l admin -p > xxxxxxx -T 4 -o status -v >> Getting status of IPMI:192.168.2.153...Spawning: '/usr/bin/ipmitool -I > lanplus -H '192.168.2.153' -U 'ssdg' -L 'USER' -P '[set]' -v chassis > power status'... >> Chassis power = On >> Done >> ======= >> >> >> But the same above commands fails if I use the 'Administrator' User. >> >> ===== >> # ipmitool -I lanplus -H 192.168.2.153 -U Administrator -L > ADMINISTRATOR chassis status >> Password: >> Error: Unable to establish IPMI v2 / RMCP+ >> session >> Error sending Chassis Status command >> >> # ipmitool -I lanplus -H 192.168.2.153 -U Administrator chassis status >> Password: >> Error: Unable to establish IPMI v2 / RMCP+ session >> Error sending Chassis Status command >> ======= >> >> I am using the default password for 'Administrator' user ||which is > printed on a little cardboard card attached to the server >> >> Kindly guide where I went wrong ? >> >> Thanks in Advance >> Zaman >> | > >> This appears to be a problem below fence_ipmilan. > >> My first guess would be that something is lower-casing the "A". Can you >> create a user "administrator" and if so, does that work? Have you tried >> putting the user name in double-quotes (no idea if that would make a >> difference)? ie: '... -U "Administrator" ...'? > > Thanks Digimer for the reply. > > Was able to verify that proper alphabet case is being used for > 'Administrator' user. > > ==== > # fence_ipmilan -L ADMINISTRATOR -a 192.168.2.153 -P lanplus -l > Administrator -p "XXX" -T 4 -o status -v > Getting status of IPMI:192.168.2.153...Spawning: '/usr/bin/ipmitool -I > lanplus -H '192.168.2.153' -U 'Administrator' -L 'ADMINISTRATOR' -P > '[set]' -v chassis power status'... > Chassis power = Unknown > Failed > ==== > > Looks like it was not taking the default password for 'Administrator' user. > > ==== > # ipmitool user test 1 20 XXX > Set User Password command failed (user 1): Unknown (0x80) > Failure: password incorrect > # ipmitool user test 1 16 XXX > Set User Password command failed (user 1): Unknown (0x80) > Failure: password incorrect > ----- > # ipmitool user test 2 16 xxxx > Success > # ipmitool user test 2 20 xxxx > Success > ==== > > Changed privilege for 'admin' user to ADMINISTRATOR so that it can > perform fencing. > > ==== > ]# ipmitool user list 2 > ID Name Callin Link Auth IPMI Msg Channel Priv Limit > 1 Administrator true false true ADMINISTRATOR > 2 admin true false true ADMINISTRATOR > ==== > > Digimer , can you please let me know whether for performing fencing , > ADMINISTRATOR level privilege is needed or lower privilege levels can > perform fencing ? > > === > 1 Callback level > 2 User level > 3 Operator level > 4 Administrator level > === > Thanks > Zaman It probably depends on your hardware and it's implementation. I would guess not though, given how ... dramatic a fence action is. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
