Setting up password controls
You can set up password controls for BMC LAN access on Power Systems servers.
The following example shows how to set up password control for two users (default user with userid 1 and the null user) in the LAN channel.
The BMC can be configured to support multiple users and passwords for all channels except the Open channel. Typically the same user and same password can be used for all the BMC channels. Instructions to set up password control for other channels are not included in this example. The instructions cane be used for only the LAN channel.
User IDs and privilege levels are unique for each channel. To view the current user IDs that are in use and the related information for the LAN channel (0x1), run the following command:
# ipmitool user list 1
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 USERID true false true ADMINISTRATOR
To change the name of userid 1, run the following command:
# ipmitool user set name 1 <New User ID>
To set a new password for userid 1, run the following command:
# ipmitool user set password 1 ipmitool user set password 1 <New Password>
You can also use a null user for anonymous login. To change the password for the null user (userid 1) on the LAN channel, run the following command:
# ipmitool lan set 1 password <New Password>
You can list the users that you have set up and find the new name (user ID) for userid 1 user. The null user is not listed by running the following command when it is disabled in the BMC BIOS settings:
# ipmitool user list 1
After configuring the user IDs, you can set up the BMC LAN channel parameters by setting its IP address, netmask, snmp public community string, and gateway address. Run the following commands:
# ipmitool lan set 1 ipaddr <Your IP address for the BMC>
# ipmitool lan set 1 netmask <Your Subnet Mask>
# ipmitool lan set 1 snmp <Your SNMP>
# ipmitool lan set 1 defgw ipaddr <Your gateway server>
You can also set other LAN parameters. To check for the parameters that you can set, enter the following command:
# ipmitool lan set help
Check your LAN parameter settings by running the following command. An output similar to the following example is displayed:
# ipmitool lan print
Set in Progress : Set Complete
Auth Type Support : NONE MD2 MD5 PASSWORD
Auth Type Enable : Callback :
: User : MD2 MD5 PASSWORD
: Operator : MD2 MD5 PASSWORD
: Admin : MD2 MD5 PASSWORD
: OEM :
IP Address Source : BIOS Assigned Address
IP Address : 192.168.0.3
Subnet Mask : 255.255.255.0
MAC Address : 00:14:5e:1b:c6:c1
SNMP Community String : public
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Gratituous ARP Intrvl : 2.0 seconds
Default Gateway IP : 192.168.0.1
Default Gateway MAC : 00:00:00:00:00:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14
Cipher Suite Priv Max : aaaaaaaaaaaaaaa
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN