Hi David, On Wed, 2011-05-18 at 02:40 -0700, David Liontooth wrote: > Between two Intel S3420GP, I can ipmiping one way, but requests result > in "invalid integrity check value." I'm new to this and have a very > sketchy understanding of how ipmi works. > > In-band functions work fine: > > # ipmi-fru > FRU Inventory Device: Default FRU Device (ID 00h) > > FRU Board Manufacturing Date/Time: 08/25/09 - 22:57:00 > FRU Board Manufacturer: Intel Corporation > FRU Board Product Name: S3420GP > FRU Board Serial Number: AZGX93500057 > FRU Board Part Number: E51974-402 > FRU FRU File ID: FRU Ver 04 > > The LAN configuration is good enough to ping one way: > > $ ipmiping 192.168.0.56 > ipmiping 192.168.0.56 (192.168.0.56) > response received from 192.168.0.56: rq_seq=16 > response received from 192.168.0.56: rq_seq=17 > > Pinging the other way fails. > > Requesting information fails: > > $ ipmitool -I lanplus -A PASSWORD -H 192.168.0.56 -U admin -P pw -vvvv > -o intelplus sdr > Querying SDR for sensor list > IPMI LAN host 192.168.0.56 port 623 > > >> Sending IPMI command payload > >> netfn : 0x06 > >> command : 0x38 > >> data : 0x8e 0x04 > > BUILDING A v1.5 COMMAND > >> IPMI Request Session Header > >> Authtype : NONE > >> Sequence : 0x00000000 > >> Session ID : 0x00000000 > >> IPMI Request Message Header > >> Rs Addr : 20 > >> NetFn : 06 > >> Rs LUN : 0 > >> Rq Addr : 81 > >> Rq Seq : 00 > >> Rq Lun : 0 > >> Command : 38 > << IPMI Response Session Header > << Authtype : NONE > << Payload type : IPMI (0) > << Session ID : 0x00000000 > << Sequence : 0x00000000 > << IPMI Msg/Payload Length : 16 > << IPMI Response Message Header > << Rq Addr : 81 > << NetFn : 07 > << Rq LUN : 0 > << Rs Addr : 20 > << Rq Seq : 00 > << Rs Lun : 0 > << Command : 38 > << Compl Code : 0x00 > IPMI Request Match found > >> SENDING AN OPEN SESSION REQUEST > > <<OPEN SESSION RESPONSE > << Message tag : 0x00 > << RMCP+ status : no errors > << Maximum privilege level : admin > << Console Session ID : 0xa0a2a3a4 > << BMC Session ID : 0x5edfde32 > << Negotiated authenticatin algorithm : hmac_sha1 > << Negotiated integrity algorithm : hmac_sha1_96 > << Negotiated encryption algorithm : aes_cbc_128 > > >> Console generated random number (16 bytes) > 9d dc 4a da 03 30 1f ec 0f 68 ab 51 58 ea c4 cb > >> SENDING A RAKP 1 MESSAGE > > <<RAKP 2 MESSAGE > << Message tag : 0x00 > << RMCP+ status : no errors > << Console Session ID : 0xa0a2a3a4 > << BMC random number : 0x1cec4ac430f62023856cfbb20704f4ec > << BMC GUID : 0x42fd9d1e91b511deb654001517add720 > << Key exchange auth code [sha1] : > 0x1e88193cc012266cabb9b1762c119acd5341416b > > bmc_rand (16 bytes) > 1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec > >> rakp2 mac input buffer (63 bytes) > a4 a3 a2 a0 32 de df 5e 9d dc 4a da 03 30 1f ec > 0f 68 ab 51 58 ea c4 cb 1c ec 4a c4 30 f6 20 23 > 85 6c fb b2 07 04 f4 ec 42 fd 9d 1e 91 b5 11 de > b6 54 00 15 17 ad d7 20 14 05 61 64 6d 69 6e > >> rakp2 mac key (20 bytes) > 34 72 43 68 31 76 33 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > >> rakp2 mac as computed by the remote console (20 bytes) > 1e 88 19 3c c0 12 26 6c ab b9 b1 76 2c 11 9a cd > 53 41 41 6b > >> rakp3 mac input buffer (27 bytes) > 1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec > a4 a3 a2 a0 04 05 61 64 6d 69 6e > >> rakp3 mac key (20 bytes) > 34 72 43 68 31 76 33 00 00 00 00 00 00 00 00 00 > 00 00 00 00 > generated rakp3 mac (20 bytes) > f8 81 b8 aa 4b cd 8f 89 27 74 09 7b ba aa b1 cb > 40 13 6b 56 > session integrity key input (39 bytes) > 9d dc 4a da 03 30 1f ec 0f 68 ab 51 58 ea c4 cb > 1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec > 14 05 61 64 6d 69 6e > Generated session integrity key (20 bytes) > 34 35 80 5d e7 89 1b 62 af 28 10 f6 8e f6 86 23 > 66 23 ba 3d > Generated K1 (20 bytes) > c7 aa 1a 11 78 fe 40 71 89 82 2e e1 1f 06 09 e1 > fd 79 d1 b5 > Generated K2 (20 bytes) > e2 3b 54 e4 61 26 18 6c b7 46 c2 84 b9 79 f2 9c > 3a a7 6e ec > >> SENDING A RAKP 3 MESSAGE > > <<RAKP 4 MESSAGE > << Message tag : 0x00 > << RMCP+ status : invalid integrity check value > << Console Session ID : 0x5edfde32 > << Key exchange auth code [sha1] : 0x00ec4ac430f62023856cfbb2 > > RAKP 4 message indicates an error : invalid integrity check value > Error: Unable to establish IPMI v2 / RMCP+ session > Get Device ID command failed > Unable to open SDR for reading > > The key exchange appears to fail. What am I missing?
Some intel motherboards have a lot of IPMI non-compliance issues. In FreeIPMI, I'd suggest trying out some of the workarounds listed in the manpage. I currently see 3 Intel motherboards w/ workarounds available: "intel20", "opensesspriv", and "integritycheckvalue" that could be used w/ -W. (e.g. -W opensesspriv). > What is the freeipmi equivalent to the ipmitool command used above? In FreeIPMI, lanplus is equal to "IPMI 2.0", so it'd be --driver-type=lan_2_0, -A is '-a', -H is -h, -U is -u, -P is -p, and -o is sort of like -W (depending on implementation). The 'sdr' command in ipmitool most closely resembles FreeIPMI's ipmi-sensors tool. Hope that helps, Al > User, Lan conf and bmc-info output below. > > Cheers, > Dave > > # bmc-config output > > Section User5 > Username admin > Enable_User Yes > Lan_Enable_IPMI_Msgs Yes > Lan_Enable_Link_Auth Yes > Lan_Enable_Restricted_to_Callback No > Lan_Privilege_Limit Administrator > SOL_Payload_Access Yes > EndSection > > Section Lan_Conf > IP_Address_Source Static > IP_Address 192.168.0.50 > MAC_Address 00:15:17:AD:D6:F4 > Subnet_Mask 255.255.255.0 > Default_Gateway_IP_Address 192.168.0.178 > Default_Gateway_MAC_Address 00:E0:81:5F:E9:2E > Backup_Gateway_IP_Address 0.0.0.0 > Backup_Gateway_MAC_Address 00:00:00:00:00:00 > Vlan_id 0 > Vlan_Id_Enable No > Vlan_Priority 0 > EndSection > > # bmc-info > Device ID : 33 > Device Revision : 1 > Device SDRs : unsupported > Firmware Revision : 1.10 > Device Available : yes (normal operation) > IPMI Version : 2.0 > Sensor Device : supported > SDR Repository Device : supported > SEL Device : supported > FRU Inventory Device : supported > IPMB Event Receiver : supported > IPMB Event Generator : supported > Bridge : unsupported > Chassis Device : supported > Manufacturer ID : Intel Corporation (343) > Product ID : 62 > Auxiliary Firmware Revision Information : 10012200h > > GUID : 00000000-0000-0000-0000-0000434D4249 > > System Firmware Version : rsion1.0 > System Name : Manager > Primary Operating System Name : SE Server 1.0 > Operating System Name : > > Channel Information > > Channel Number : 0 > Medium Type : IPMB (I2C) > Protocol Type : IPMB-1.0 > Active Session Count : 0 > Session Support : session-less > Vendor ID : Intelligent Platform Management Interface forum > (7154) > > Channel Number : 1 > Medium Type : 802.3 LAN > Protocol Type : IPMB-1.0 > Active Session Count : 0 > Session Support : multi-session > Vendor ID : Intelligent Platform Management Interface forum > (7154) > > Channel Number : 3 > Medium Type : 802.3 LAN > Protocol Type : IPMB-1.0 > Active Session Count : 0 > Session Support : multi-session > Vendor ID : Intelligent Platform Management Interface forum > (7154) > > Channel Number : 4 > Medium Type : Asynch. Serial/Modem (RS-232) > Protocol Type : IPMB-1.0 > Active Session Count : 0 > Session Support : single-session > Vendor ID : Intelligent Platform Management Interface forum > (7154) > > Channel Number : 6 > Medium Type : IPMB (I2C) > Protocol Type : IPMB-1.0 > Active Session Count : 0 > Session Support : session-less > Vendor ID : Intelligent Platform Management Interface forum > (7154) > > Channel Number : 7 > Medium Type : System Interface (KCS, SMIC, or BT) > Protocol Type : KCS > Active Session Count : 0 > Session Support : session-less > Vendor ID : Intelligent Platform Management Interface forum > (7154) > > > _______________________________________________ > Freeipmi-users mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/freeipmi-users -- Albert Chu [email protected] Computer Scientist High Performance Systems Division Lawrence Livermore National Laboratory _______________________________________________ Freeipmi-users mailing list [email protected] https://lists.gnu.org/mailman/listinfo/freeipmi-users
