- Community Home
- >
- Servers and Operating Systems
- >
- ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- iLO4 / IPMI User Levels
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-02-2017 06:07 AM
08-02-2017 06:07 AM
iLO4 / IPMI User Levels
Tried on a ProLiant DL380 Gen9 / iLO 4 2.53 May 03 2017
-Create an ilo4 user named 'fenceuser' with only the permission for 'Virtual Power and Reset'. The iLO GUI told me that the IPMI/DCMI Privilege will be 'user'.
- trying to execute the default operation 'reboot' with this commandline and got an 'insufficient privilege' level
./fence_ilo4 -l fenceuser -p fenceuser -P -L user -v -a 135.0.110.10
Delay 0 second(s) before logging in to the fence device
Executing: /usr/bin/ipmitool -I lanplus -H 135.0.110.10 -U fenceuser -P [set] -p 623 -L USER chassis power status
0 Chassis Power is on
Executing: /usr/bin/ipmitool -I lanplus -H 135.0.110.10 -U fenceuser -P [set] -p 623 -L USER chassis power off
1 Set Chassis Power Control to Down/Off failed: Insufficient privilege level
- According iLO Documentation 'HP iLO 4 User Guide' p.37 there is also a privilege Level 'Operator'. Trying this on the commandline:
./fence_ilo4 -l fenceuser -p fenceuser -P -L Operator -v -a 135.0.110.10
Delay 0 second(s) before logging in to the fence device
Executing: /usr/bin/ipmitool -I lanplus -H 135.0.110.10 -U fenceuser -P [set] -p 623 -L OPERATOR chassis power status
1 Set Session Privilege Level to OPERATOR failed: Unknown (0x81)
Error: Unable to establish IPMI v2 / RMCP+ session
- Finally set user to Administrative privilege and got the expected result...the server rebootet
./fence_ilo4 -l fenceuser -p fenceuser -P -v -a 135.0.110.10
Delay 0 second(s) before logging in to the fence device
Executing: /usr/bin/ipmitool -I lanplus -H 135.0.110.10 -U fenceuser -P [set] -p 623 -L ADMINISTRATOR chassis power status
0 Chassis Power is on
Executing: /usr/bin/ipmitool -I lanplus -H 135.0.110.10 -U fenceuser -P [set] -p 623 -L ADMINISTRATOR chassis power off
0 Chassis Power Control: Down/Off
My question is what did I do wrong that I couldn't use a restricted user to reboot the server?
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP