IPMI “Unable to establish IPMI v2 / RMCP+ session”的解决方法 | 您所在的位置:网站首页 › c6320服务器 › IPMI “Unable to establish IPMI v2 / RMCP+ session”的解决方法 |
1.现象 IPMI lan 接口无法访问,具体如下面命令执行后出现的错误提示: [root@localhost ~]# ipmitool -I lanplus -H 10.10.77.48 -U ADMIN -P ADMIN sel list Error: Unable to establish IPMI v2 / RMCP+ session Get SEL Info command failed You have new mail in /var/spool/mail/root 登录到10.10.77.48上去检查下,在本地通过KCS接口执行的情况,发现都成功: [root@localhost ~]# ipmitool user list ID Name Callin Link Auth IPMI Msg Channel Priv Limit 2 ADMIN true false false Unknown (0x00) You have new mail in /var/spool/mail/root [root@localhost ~]# ipmitool user list 1 ID Name Callin Link Auth IPMI Msg Channel Priv Limit 2 ADMIN false false true ADMINISTRATOR [root@localhost ~]# ipmitool -I lanplus -H 10.10.77.48 -U ADMIN -P ADMIN sel list 1 | 08/03/2017 | 17:26:02 | Unknown #0xff | | Asserted 2 | 08/03/2017 | 17:26:38 | Power Supply #0xc8 | Power Supply AC lost | Asserted 3 | 08/03/2017 | 17:30:38 | Unknown #0xff | | Asserted 4 | 08/03/2017 | 17:31:13 | Power Supply #0xc8 | Power Supply AC lost | Asserted 5 | 08/03/2017 | 17:43:33 | Unknown #0xff | | Asserted You have new mail in /var/spool/mail/root 2解决过程 2.1和正确配置、能访问的比较网络:都OK 2.2检查用户并删去不用的用户 2.3得到LAN interface的channel编号 2.4授权用户通过这个channel可以登录 2.5测试。 前面两步直接执行相应的命令就好了,我们从第三步开始看具体怎么执行。可以看到'ipmitool channel info” 在此种模式下显示默认的KCS channel: [root@localhost ~]# ipmitool channel info Channel 0xf info: Channel Medium Type : System Interface Channel Protocol Type : KCS Session Support : session-less Active Session Count : 0 Protocol Vendor ID : 7154 但我们是不的是LAN interface,继续往下逐一测试,找到Lan interface对应的channel ID: [root@localhost ~]# ipmitool channel info 1 Channel 0x1 info: Channel Medium Type : 802.3 LAN Channel Protocol Type : IPMB-1.0 Session Support : multi-session Active Session Count : 0 Protocol Vendor ID : 7154 Volatile(active) Settings Alerting : enabled Per-message Auth : enabled User Level Auth : enabled Access Mode : always available Non-Volatile Settings Alerting : enabled Per-message Auth : enabled User Level Auth : enabled Access Mode : always available 通过上面命令可以看到, LAN interface对应的channel ID 为1,因为只有它的Medium Type 是 802.3 LAN。 2.2向LAN channel 添加用户: 很容易犯错的地方出现在这里,以为下面的命令列出的页是Lan channel 看到的用户。 [root@localhost ~]# ipmitool user list ID Name Callin Link Auth IPMI Msg Channel Priv Limit 2 ADMIN true false false Unknown (0x00) 3 true true true OPERATOR 4 true true true OPERATOR 其实不然,上面默认看到是被授权使用KCS channel的用户,要查看Lan channel的用户信息,要用下面的命令: [root@localhost ~]# ipmitool user list 1 ID Name Callin Link Auth IPMI Msg Channel Priv Limit 2 ADMIN true false true ADMINISTRATOR 然后添加权限: [root@localhost ~]# ipmitool user enable 2 [root@localhost ~]# ipmitool user priv 2 4 1 [root@localhost ~]# ipmitool user set name ADMIN 本地测试通过,通过LAN interface 远程登录也通过: [root@localhost ~]# ipmitool user set password 2 ADMIN [root@localhost ~]# ipmitool user test 2 16 Password for user 2: Success You have new mail in /var/spool/mail/root [root@localhost ~]# ipmitool user test 2 20 Password for user 2: Set User Password command failed (user 2): Unknown (0x80) Failure: password incorrect [root@localhost ~]# ipmitool user test 2 20 Password for user 2: Success 3.总结 使用IPMI命令管理用户、通道、权限的时候,务必理解用户权限管理是基于通道的,同一个用户可以被授权使用某个通道而被禁止使用其他通道。 |
CopyRight 2018-2019 实验室设备网 版权所有 |