Hi Al, On Mit, 2016-06-08 at 10:22 -0700, Albert Chu wrote: > Hey Werner, > > Thanks for the report, it appears there was a bug in FreeIPMI that would > have made the bug easier to understand. > [...] So I'll need to fix that. I've pushed this into the > freeipmi-1-5-0-stable branch if you could try it out? (github mirror > https://github.com/chu11/freeipmi-mirror). Unfortunately, my systems > can't reproduce this error (likely b/c they are not implementing IPMI > security correctly). We have not tested this yet. I have tried to reproduce it on my test system (I have used admin priv. in my previous tests, so I have hoped to get the error when using user priv.) But still (also with "user" priv.) I do not get the error on my system with X9SCM-F with the same firmware (v3.40) The admin who has the problem on his production systems has a X9DR7-LN4F, also with fw v3.40)
> But onto your error, so instead of "bad completion code" it should have > given you a cleaner error message of something like "privilege level > cannot be obtained". I bet that the new firmware fixed this security > flaw, which is now leading to this problem. > > It likely means that you are trying to connect to a IPMI user on the > system that has too low of a privilege level for what ipmi-sel requires. > ipmi-sel defaults to OPERATOR privilege so I bet the IPMI user has a max > privilege of USER. So if you connect to a user with appropriate > privileges, it should work. > > You may be able to get away with setting "--privilege-level=USER" on > ipmi-sel. IIRC the OPERATOR privileges are needed for some more > advanced features, which you may not need/be using. He has had --privilege-level=USER already. I have now asked him to create a user with OPERATOR priv., and I'll forward you his feedback as soon as I get the info. He also told me that he always configures some settings with bmc-config every time after he does an firmware upgrade. He will send me this configuration, maybe the error only arises with some special bmc-settings. I'll take a look on that, and try if I can then reproduce the issue. PS: he also told me that he is using CentOS 6 with freeipmi-1.2.1-7. Do you think that the problem could be also somehow come from this older version? I'll keep you updated, best regards, Werner _______________________________________________ Freeipmi-users mailing list [email protected] https://lists.gnu.org/mailman/listinfo/freeipmi-users
