[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-users] ipmi_ctx_open_outofband_2_0: bad completion code (S

From: Albert Chu
Subject: Re: [Freeipmi-users] ipmi_ctx_open_outofband_2_0: bad completion code (Supermicro X9DR7-LN4F, firmware 3.40)
Date: Wed, 08 Jun 2016 10:22:18 -0700

Hey Werner,

Thanks for the report, it appears there was a bug in FreeIPMI that would
have made the bug easier to understand.

According to your dump, 'set session privilege level' is reporting a
completion code of 0x80.  The "bad completion code" error message is
because it doesn't recognize the error code.  Looking deeper I have:





So I don't have a macro for 0x80.  It ends up, this is in error.  I
off-by-oned each of the above macros.  They are supposed to be 0x80-0x82
instead of 0x81-0x83.

So I'll need to fix that.  I've pushed this into the
freeipmi-1-5-0-stable branch if you could try it out?  (github mirror  Unfortunately, my systems
can't reproduce this error (likely b/c they are not implementing IPMI
security correctly).

But onto your error, so instead of "bad completion code" it should have
given you a cleaner error message of something like "privilege level
cannot be obtained".  I bet that the new firmware fixed this security
flaw, which is now leading to this problem.

It likely means that you are trying to connect to a IPMI user on the
system that has too low of a privilege level for what ipmi-sel requires.
ipmi-sel defaults to OPERATOR privilege so I bet the IPMI user has a max
privilege of USER.  So if you connect to a user with appropriate
privileges, it should work.

You may be able to get away with setting "--privilege-level=USER" on
ipmi-sel.  IIRC the OPERATOR privileges are needed for some more
advanced features, which you may not need/be using.


On Wed, 2016-06-08 at 15:00 +0200, Werner Fischer wrote:
> Hi Al,
> after an update of the IPMI firmware (from v3.15 to 3.40) on four
> systems with Supermicro X9DR7-LN4F mainboard, IPMI queries with ipmi-sel
> or ipmi-sensors via LAN fail with the following error:
> ipmi_ctx_open_outofband_2_0: bad completion code 
> We have already tried to upload the firmware again (without preserving
> configuration), but this did not help.
> We are using this command (ipmi.cfg has username/password):
>         /usr/sbin/ipmi-sel -h [IP] --config-file /etc/ipmi/ipmi.cfg
>         --driver-type=LAN_2_0 --output-event-state --interpret-oem-data
>         --entity-sensor-names --sensor-types=all
> We also executed the command with --debug. I've attached the output
> (partially, because I'm not sure whether there may be sensitive data in
> it as RAKP can be brute-force attacked).
> Of course we could try to remove power down the servers and pull power
> chords, and test again. But as these are production systems I'd want to
> ask whether you have any idea or if there is a workaround.
> PS: with firmware v3.15 we had no issues. I have tested the firmware
> 3.40 on another system with X9SCM-F, but I do not get any errors there.
> Thanks for your help,
> best regards,
> Werner
> _______________________________________________
> Freeipmi-users mailing list
> address@hidden

Albert Chu
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory

reply via email to

[Prev in Thread] Current Thread [Next in Thread]