Hi Werner, > PS: he also told me that he is using CentOS 6 with freeipmi-1.2.1-7. Do > you think that the problem could be also somehow come from this older > version?
It's hard to say definitively since that was so long ago. Looking through the news file, there doesn't seem to be any major changes in the areas that could effect this. Al ________________________________________ From: Werner Fischer [[email protected]] Sent: Wednesday, June 15, 2016 2:41 AM To: Chu, Al Cc: [email protected] Subject: Re: [Freeipmi-users] ipmi_ctx_open_outofband_2_0: bad completion code (Supermicro X9DR7-LN4F, firmware 3.40) Hi Al, On Mit, 2016-06-08 at 10:22 -0700, Albert Chu wrote: > Hey Werner, > > Thanks for the report, it appears there was a bug in FreeIPMI that would > have made the bug easier to understand. > [...] So I'll need to fix that. I've pushed this into the > freeipmi-1-5-0-stable branch if you could try it out? (github mirror > https://github.com/chu11/freeipmi-mirror). Unfortunately, my systems > can't reproduce this error (likely b/c they are not implementing IPMI > security correctly). We have not tested this yet. I have tried to reproduce it on my test system (I have used admin priv. in my previous tests, so I have hoped to get the error when using user priv.) But still (also with "user" priv.) I do not get the error on my system with X9SCM-F with the same firmware (v3.40) The admin who has the problem on his production systems has a X9DR7-LN4F, also with fw v3.40) > But onto your error, so instead of "bad completion code" it should have > given you a cleaner error message of something like "privilege level > cannot be obtained". I bet that the new firmware fixed this security > flaw, which is now leading to this problem. > > It likely means that you are trying to connect to a IPMI user on the > system that has too low of a privilege level for what ipmi-sel requires. > ipmi-sel defaults to OPERATOR privilege so I bet the IPMI user has a max > privilege of USER. So if you connect to a user with appropriate > privileges, it should work. > > You may be able to get away with setting "--privilege-level=USER" on > ipmi-sel. IIRC the OPERATOR privileges are needed for some more > advanced features, which you may not need/be using. He has had --privilege-level=USER already. I have now asked him to create a user with OPERATOR priv., and I'll forward you his feedback as soon as I get the info. He also told me that he always configures some settings with bmc-config every time after he does an firmware upgrade. He will send me this configuration, maybe the error only arises with some special bmc-settings. I'll take a look on that, and try if I can then reproduce the issue. PS: he also told me that he is using CentOS 6 with freeipmi-1.2.1-7. Do you think that the problem could be also somehow come from this older version? I'll keep you updated, best regards, Werner _______________________________________________ Freeipmi-users mailing list [email protected] https://lists.gnu.org/mailman/listinfo/freeipmi-users
