1IPMI-DCMI(8)                    System Commands                   IPMI-DCMI(8)
2
3
4

NAME

6       ipmi-dcmi - IPMI DCMI utility
7

SYNOPSIS

9       ipmi-dcmi [OPTION...]
10

DESCRIPTION

12       Ipmi-dcmi is used to execute Data Center Manageability Interface (often
13       referred to as DCM or DCMI) IPMI extension  commands.  DCMI  extensions
14       include  support  for asset management and power usage management. Most
15       will be interested in DCMI for its power management features.  By  con‐
16       figuring  an  exception action, power limit, and correction time limit,
17       power usage in a data center can be managed  more  affectively.  Please
18       see --set-power-limit option below for more information.  DCMI can also
19       be configured using the dcmi  category  in  ipmi-config(8).   The  DCMI
20       specification  encompasses  many traditional IPMI features that are not
21       implemented directly  in  this  tool.  Please  see  ipmiconsole(8)  for
22       Serial-over-LAN  (SOL) support, ipmi-chassis(8) for power status, power
23       control, identification, and ACPI power state information, ipmipower(8)
24       for  power  status  and power control, ipmi-sel(8) for System Event Log
25       (SEL) information, bmc-info(8) for device and globally unique ID (guid)
26       information,  ipmi-sensors(8)  for  sensor readings, and ipmi-config(8)
27       for configuration.
28
29       Listed below are general IPMI options, tool specific  options,  trouble
30       shooting  information,  workaround  information,  examples,  and  known
31       issues. For a general introduction to FreeIPMI please see freeipmi(7).
32

GENERAL OPTIONS

34       The following options are general options for configuring IPMI communi‐
35       cation and executing general tool commands.
36
37       -D IPMIDRIVER, --driver-type=IPMIDRIVER
38              Specify  the  driver type to use instead of doing an auto selec‐
39              tion.  The currently available outofband  drivers  are  LAN  and
40              LAN_2_0,  which  perform IPMI 1.5 and IPMI 2.0 respectively. The
41              currently available inband  drivers  are  KCS,  SSIF,  OPENIPMI,
42              SUNBMC, and INTELDCMI.
43
44       --disable-auto-probe
45              Do not probe in-band IPMI devices for default settings.
46
47       --driver-address=DRIVER-ADDRESS
48              Specify  the  in-band  driver  address to be used instead of the
49              probed value. DRIVER-ADDRESS should be prefixed with "0x" for  a
50              hex value and '0' for an octal value.
51
52       --driver-device=DEVICE
53              Specify the in-band driver device path to be used instead of the
54              probed path.
55
56       --register-spacing=REGISTER-SPACING
57              Specify the in-band  driver  register  spacing  instead  of  the
58              probed  value. Argument is in bytes (i.e. 32bit register spacing
59              = 4)
60
61       --target-channel-number=CHANNEL-NUMBER
62              Specify the in-band driver target channel number  to  send  IPMI
63              requests to.
64
65       --target-slave-address=SLAVE-ADDRESS
66              Specify  the  in-band  driver  target  slave number to send IPMI
67              requests to.
68
69       -h      IPMIHOST1,IPMIHOST2,...,      --hostname=IPMIHOST1[:PORT],IPMI‐
70       HOST2[:PORT],...
71              Specify  the  remote host(s) to communicate with. Multiple host‐
72              names may be separated by comma or may be specified in  a  range
73              format;  see  HOSTRANGED  SUPPORT below. An optional port can be
74              specified with each host, which may be useful in port forwarding
75              or  similar situations.  If specifying an IPv6 address and port,
76              use the format [ADDRESS]:PORT.
77
78       -u USERNAME, --username=USERNAME
79              Specify the username to use when authenticating with the  remote
80              host.   If  not  specified,  a null (i.e. anonymous) username is
81              assumed. The user must have atleast ADMIN  privileges  in  order
82              for this tool to operate fully.
83
84       -p PASSWORD, --password=PASSWORD
85              Specify the password to use when authenticationg with the remote
86              host.  If not specified, a null  password  is  assumed.  Maximum
87              password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.
88
89       -P, --password-prompt
90              Prompt  for  password  to  avoid  possibility  of  listing it in
91              process lists.
92
93       -k K_G, --k-g=K_G
94              Specify the K_g BMC key to  use  when  authenticating  with  the
95              remote  host  for  IPMI  2.0.  If  not  specified, a null key is
96              assumed. To input the key in hexadecimal form, prefix the string
97              with  '0x'.  E.g.,  the key 'abc' can be entered with the either
98              the string 'abc' or the string '0x616263'
99
100       -K, --k-g-prompt
101              Prompt for k-g to avoid possibility of  listing  it  in  process
102              lists.
103
104       --session-timeout=MILLISECONDS
105              Specify  the  session timeout in milliseconds. Defaults to 20000
106              milliseconds (20 seconds) if not specified.
107
108       --retransmission-timeout=MILLISECONDS
109              Specify  the  packet  retransmission  timeout  in  milliseconds.
110              Defaults  to  1000 milliseconds (1 second) if not specified. The
111              retransmission timeout cannot be larger than the  session  time‐
112              out.
113
114       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
115              Specify  the  IPMI 1.5 authentication type to use. The currently
116              available authentication types are NONE,  STRAIGHT_PASSWORD_KEY,
117              MD2, and MD5. Defaults to MD5 if not specified.
118
119       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
120              Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID
121              identifies a set of authentication, integrity, and confidential‐
122              ity  algorithms to use for IPMI 2.0 communication. The authenti‐
123              cation algorithm identifies the algorithm  to  use  for  session
124              setup,  the  integrity algorithm identifies the algorithm to use
125              for session packet signatures, and the confidentiality algorithm
126              identifies the algorithm to use for payload encryption. Defaults
127              to cipher suite ID 3 if  not  specified.  The  following  cipher
128              suite ids are currently supported:
129
130              0 - Authentication Algorithm = None; Integrity Algorithm = None;
131              Confidentiality Algorithm = None
132
133              1 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm  =
134              None; Confidentiality Algorithm = None
135
136              2  - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
137              HMAC-SHA1-96; Confidentiality Algorithm = None
138
139              3 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm  =
140              HMAC-SHA1-96; Confidentiality Algorithm = AES-CBC-128
141
142              6  -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
143              None; Confidentiality Algorithm = None
144
145              7 - Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
146              HMAC-MD5-128; Confidentiality Algorithm = None
147
148              8  -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
149              HMAC-MD5-128; Confidentiality Algorithm = AES-CBC-128
150
151              11 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm  =
152              MD5-128; Confidentiality Algorithm = None
153
154              12  - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
155              MD5-128; Confidentiality Algorithm = AES-CBC-128
156
157              15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
158              = None; Confidentiality Algorithm = None
159
160              16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
161              = HMAC_SHA256_128; Confidentiality Algorithm = None
162
163              17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
164              = HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128
165
166       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
167              Specify  the privilege level to be used. The currently available
168              privilege levels are USER,  OPERATOR,  and  ADMIN.  Defaults  to
169              ADMIN if not specified.
170
171       --config-file=FILE
172              Specify an alternate configuration file.
173
174       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
175              Specify  workarounds to vendor compliance issues. Multiple work‐
176              arounds can be specified separated by commas. A special  command
177              line flag of "none", will indicate no workarounds (may be useful
178              for overriding configured defaults). See WORKAROUNDS below for a
179              list of available workarounds.
180
181       --debug
182              Turn on debugging.
183
184       -?, --help
185              Output a help list and exit.
186
187       --usage
188              Output a usage message and exit.
189
190       -V, --version
191              Output the program version and exit.
192

IPMI-DCMI OPTIONS

194       The following options are specific to ipmi-dcmi.
195
196       --get-dcmi-capability-info
197              Get DCMI capability information.
198
199       --get-asset-tag
200              Get asset tag.
201
202       --set-asset-tag=STRING
203              Set asset tag.
204
205       --get-management-controller-identifier-string
206              Get management controller identifier string tag.
207
208       --set-management-controller-identifier-string=STRING
209              Set management controller identifier string tag.
210
211       --get-dcmi-sensor-info
212              Get DCMI sensor information.
213
214       --get-system-power-statistics
215              Get system power statistics.
216
217       --get-enhanced-system-power-statistics
218              Get enhanced system power statistics.
219
220       --get-power-limit
221              Get power limit information.
222
223       --set-power-limit
224              Set power limit configuration. Can specify configuration via the
225              --exception-actions,     --power-limit-requested,      --correc‐
226              tion-time-limit,   and  --correction-time-limit  options  listed
227              below. If one or more options below are not  specified,  current
228              configuration will be utilized.
229
230       --exception-actions=BITMASK
231              Specify  exception  actions  for  set power limit configuration.
232              Special case allowable values: NO_ACTION, HARD_POWER_OFF_SYSTEM,
233              LOG_EVENT_TO_SEL_ONLY. Other values (e.g. 0x02 through 0x10) are
234              OEM dependent. Used with the --set-power-limit option.
235
236       --power-limit-requested=WATTS
237              Specify power limit for set power limit configuration. Input  is
238              specified in watts. Used with the --set-power-limit option.
239
240       --correction-time-limit=MILLISECONDS
241              Specify correction time limit for set power limit configuration.
242              Input   is   specified   in   milliseconds.   Used   with    the
243              --set-power-limit option.
244
245       --statistics-sampling-period=SECONDS
246              Specify  management  application  statistics sampling period for
247              set power limit configuration. Input is  specified  in  seconds.
248              Used with the --set-power-limit option.
249
250       --activate-deactivate-power-limit=OPERATION
251              Activate  or  deactivate  power limit. Allowed values: ACTIVATE,
252              DEACTIVATE.
253
254       --interpret-oem-data
255              Attempt to interpret OEM data, such as event data, sensor  read‐
256              ings,  or  general  extra info, etc. If an OEM interpretation is
257              not available, the default output will be generated. Correctness
258              of  OEM  interpretations  cannot  be guaranteed due to potential
259              changes OEM vendors may make in products, firmware, etc. See OEM
260              INTERPRETATION  below for confirmed supported motherboard inter‐
261              pretations.
262

TIME OPTIONS

264       By IPMI definition, all IPMI times and timestamps are stored in  local‐
265       time. However, in many situations, the timestamps will not be stored in
266       localtime. Whether or not a  system  truly  stored  the  timestamps  in
267       localtime varies on many factors, such as the vendor, BIOS, and operat‐
268       ing system.  The following options will allow the user  to  adjust  the
269       interpretation of the stored timestamps and how they should be output.
270
271       --utc-to-localtime
272              Assume  all  times are reported in UTC time and convert the time
273              to localtime before being output.
274
275       --localtime-to-utc
276              Convert all localtime timestamps to UTC before being output.
277
278       --utc-offset=SECONDS
279              Specify a specific UTC offset in seconds to be  added  to  time‐
280              stamps.   Value can range from -86400 to 86400 seconds. Defaults
281              to 0.
282

HOSTRANGED OPTIONS

284       The following options manipulate hostranged output. See HOSTRANGED SUP‐
285       PORT below for additional information on hostranges.
286
287       -B, --buffer-output
288              Buffer  hostranged output. For each node, buffer standard output
289              until the node has completed its IPMI operation. When specifying
290              this  option, data may appear to output slower to the user since
291              the the entire IPMI operation must complete before any data  can
292              be output.  See HOSTRANGED SUPPORT below for additional informa‐
293              tion.
294
295       -C, --consolidate-output
296              Consolidate hostranged output. The complete standard output from
297              every  node  specified  will  be consolidated so that nodes with
298              identical output are not output twice. A header will list  those
299              nodes  with  the consolidated output. When this option is speci‐
300              fied, no output can be seen until the  IPMI  operations  to  all
301              nodes  has  completed.  If  the  user  breaks out of the program
302              early, all currently consolidated output  will  be  dumped.  See
303              HOSTRANGED SUPPORT below for additional information.
304
305       -F NUM, --fanout=NUM
306              Specify  multiple  host  fanout.  A "sliding window" (or fanout)
307              algorithm is used for parallel IPMI communication so that slower
308              nodes or timed out nodes will not impede parallel communication.
309              The maximum number of threads available at the same time is lim‐
310              ited by the fanout. The default is 64.
311
312       -E, --eliminate
313              Eliminate  hosts  determined  as undetected by ipmidetect.  This
314              attempts to remove the common issue of hostranged execution tim‐
315              ing  out  due  to  several nodes being removed from service in a
316              large cluster. The ipmidetectd daemon must  be  running  on  the
317              node executing the command.
318
319       --always-prefix
320              Always prefix output, even if only one host is specified or com‐
321              municating in-band. This option is primarily useful for  script‐
322              ing  purposes.  Option  will be ignored if specified with the -C
323              option.
324

HOSTRANGED SUPPORT

326       Multiple hosts can be input either as an explicit comma separated lists
327       of  hosts  or  a  range of hostnames in the general form: prefix[n-m,l-
328       k,...], where n < m and l < k, etc. The later form should not  be  con‐
329       fused  with  regular expression character classes (also denoted by []).
330       For example, foo[19] does not represent foo1 or foo9, but rather repre‐
331       sents a degenerate range: foo19.
332
333       This  range  syntax  is  meant only as a convenience on clusters with a
334       prefixNN naming convention and specification of ranges  should  not  be
335       considered  necessary -- the list foo1,foo9 could be specified as such,
336       or by the range foo[1,9].
337
338       Some examples of range usage follow:
339           foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
340           foo[7,9-10] instead of foo7,foo9,foo10
341           foo[0-3] instead of foo0,foo1,foo2,foo3
342
343       As a reminder to the reader, some shells will interpret brackets ([ and
344       ])  for  pattern matching. Depending on your shell, it may be necessary
345       to enclose ranged lists within quotes.
346
347       When multiple hosts are specified by the user, a thread  will  be  exe‐
348       cuted  for each host in parallel up to the configured fanout (which can
349       be adjusted via the -F option). This will allow communication to  large
350       numbers of nodes far more quickly than if done in serial.
351
352       By  default,  standard  output  from each node specified will be output
353       with the hostname prepended to each line. Although this output is read‐
354       able  in  many  situations, it may be difficult to read in other situa‐
355       tions. For example, output from multiple nodes may be  mixed  together.
356       The -B and -C options can be used to change this default.
357
358       In-band  IPMI  Communication  will be used when the host "localhost" is
359       specified. This allows the user to add  the  localhost  into  the  hos‐
360       tranged output.
361

GENERAL TROUBLESHOOTING

363       Most often, IPMI problems are due to configuration problems.
364
365       IPMI  over  LAN  problems  involve  a  misconfiguration  of  the remote
366       machine's BMC.  Double check to make sure the following are  configured
367       properly  in  the remote machine's BMC: IP address, MAC address, subnet
368       mask, username, user enablement, user privilege, password,  LAN  privi‐
369       lege,  LAN enablement, and allowed authentication type(s). For IPMI 2.0
370       connections, double check to make sure the  cipher  suite  privilege(s)
371       and  K_g  key  are  configured properly. The ipmi-config(8) tool can be
372       used to check and/or change these configuration settings.
373
374       Inband IPMI problems are  typically  caused  by  improperly  configured
375       drivers or non-standard BMCs.
376
377       In  addition  to the troubleshooting tips below, please see WORKAROUNDS
378       below to also if there are any vendor specific bugs that have been dis‐
379       covered and worked around.
380
381       Listed  below  are  many  of the common issues for error messages.  For
382       additional support, please e-mail the <freeipmi-users@gnu.org>  mailing
383       list.
384
385       "username  invalid"  - The username entered (or a NULL username if none
386       was entered) is not available on the remote machine.  It  may  also  be
387       possible the remote BMC's username configuration is incorrect.
388
389       "password  invalid"  - The password entered (or a NULL password if none
390       was entered) is not correct. It may also be possible the  password  for
391       the user is not correctly configured on the remote BMC.
392
393       "password  verification timeout" - Password verification has timed out.
394       A "password invalid" error (described  above)  or  a  generic  "session
395       timeout" (described below) occurred.  During this point in the protocol
396       it cannot be differentiated which occurred.
397
398       "k_g invalid" - The K_g key entered (or a NULL  K_g  key  if  none  was
399       entered)  is  not  correct.  It may also be possible the K_g key is not
400       correctly configured on the remote BMC.
401
402       "privilege level insufficient" - An IPMI command requires a higher user
403       privilege  than  the one authenticated with. Please try to authenticate
404       with a higher privilege. This may require authenticating to a different
405       user which has a higher maximum privilege.
406
407       "privilege  level  cannot  be  obtained  for this user" - The privilege
408       level you are attempting to authenticate with is higher than the  maxi‐
409       mum  allowed for this user. Please try again with a lower privilege. It
410       may also be possible the maximum privilege level allowed for a user  is
411       not configured properly on the remote BMC.
412
413       "authentication  type  unavailable for attempted privilege level" - The
414       authentication type you wish to authenticate with is not available  for
415       this privilege level. Please try again with an alternate authentication
416       type or alternate privilege level. It may also be possible  the  avail‐
417       able  authentication  types you can authenticate with are not correctly
418       configured on the remote BMC.
419
420       "cipher suite id unavailable" - The cipher suite id you wish to authen‐
421       ticate  with  is not available on the remote BMC. Please try again with
422       an alternate cipher suite id. It may also  be  possible  the  available
423       cipher suite ids are not correctly configured on the remote BMC.
424
425       "ipmi  2.0  unavailable"  -  IPMI  2.0 was not discovered on the remote
426       machine. Please try to use IPMI 1.5 instead.
427
428       "connection timeout" - Initial IPMI communication failed. A  number  of
429       potential errors are possible, including an invalid hostname specified,
430       an IPMI IP address cannot be resolved,  IPMI  is  not  enabled  on  the
431       remote  server,  the network connection is bad, etc. Please verify con‐
432       figuration and connectivity.
433
434       "session timeout" - The IPMI session has timed out.  Please  reconnect.
435       If this error occurs often, you may wish to increase the retransmission
436       timeout. Some remote BMCs are considerably slower than others.
437
438       "device not found" - The specified device could not  be  found.  Please
439       check configuration or inputs and try again.
440
441       "driver  timeout"  -  Communication with the driver or device has timed
442       out. Please try again.
443
444       "message timeout" - Communication with the driver or device  has  timed
445       out. Please try again.
446
447       "BMC  busy"  - The BMC is currently busy. It may be processing informa‐
448       tion or have too many simultaneous sessions to manage. Please wait  and
449       try again.
450
451       "could  not  find inband device" - An inband device could not be found.
452       Please check configuration or specify specific device or driver on  the
453       command line.
454
455       "driver timeout" - The inband driver has timed out communicating to the
456       local BMC or service processor. The BMC or  service  processor  may  be
457       busy or (worst case) possibly non-functioning.
458
459       "internal  IPMI  error" - An IPMI error has occurred that FreeIPMI does
460       not know how  to  handle.  Please  e-mail  <freeipmi-users@gnu.org>  to
461       report the issue.
462

WORKAROUNDS

464       With  so  many different vendors implementing their own IPMI solutions,
465       different vendors may implement their IPMI protocols  incorrectly.  The
466       following describes a number of workarounds currently available to han‐
467       dle discovered compliance issues. When possible, workarounds have  been
468       implemented so they will be transparent to the user. However, some will
469       require the user to specify a workaround be used via the -W option.
470
471       The hardware listed below may only indicate the hardware that a problem
472       was  discovered  on.  Newer  versions  of hardware may fix the problems
473       indicated below. Similar machines from vendors may or may  not  exhibit
474       the  same  problems.  Different vendors may license their firmware from
475       the same IPMI firmware developer, so it may be worthwhile to try  work‐
476       arounds listed below even if your motherboard is not listed.
477
478       If  you  believe  your hardware has an additional compliance issue that
479       needs a workaround to be implemented, please contact the FreeIPMI main‐
480       tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
481
482       assumeio  - This workaround flag will assume inband interfaces communi‐
483       cate with system I/O rather than being memory-mapped.  This  will  work
484       around  systems  that report invalid base addresses. Those hitting this
485       issue may see "device not supported" or "could not find inband  device"
486       errors.  Issue observed on HP ProLiant DL145 G1.
487
488       spinpoll  -  This workaround flag will inform some inband drivers (most
489       notably the KCS driver) to spin while polling rather than  putting  the
490       process to sleep. This may significantly improve the wall clock running
491       time of tools because an operating system scheduler's  granularity  may
492       be  much larger than the time it takes to perform a single IPMI message
493       transaction. However, by spinning, your system may be  performing  less
494       useful work by not contexting out the tool for a more useful task.
495
496       authcap  -  This  workaround  flag  will skip early checks for username
497       capabilities, authentication capabilities, and K_g  support  and  allow
498       IPMI  authentication  to  succeed.  It  works around multiple issues in
499       which the remote system does not properly report username capabilities,
500       authentication  capabilities,  or  K_g status. Those hitting this issue
501       may  see  "username  invalid",  "authentication  type  unavailable  for
502       attempted privilege level", or "k_g invalid" errors.  Issue observed on
503       Asus  P5M2/P5MT-R/RS162-E4/RX4,  Intel  SR1520ML/X38ML,  and  Sun  Fire
504       2200/4150/4450 with ELOM.
505
506       nochecksumcheck  - This workaround flag will tell FreeIPMI to not check
507       the checksums returned from IPMI command  responses.  It  works  around
508       systems that return invalid checksums due to implementation errors, but
509       the packet is otherwise valid. Users are cautioned on the use  of  this
510       option,  as  it  removes  validation of packet integrity in a number of
511       circumstances. However, it is unlikely to be an issue  in  most  situa‐
512       tions.  Those hitting this issue may see "connection timeout", "session
513       timeout", or "password verification timeout" errors. On IPMI  1.5  con‐
514       nections,  the  "noauthcodecheck" workaround may also needed too. Issue
515       observed on Supermicro X9SCM-iiF, Supermicro  X9DRi-F,  and  Supermicro
516       X9DRFR.
517
518       idzero  -  This  workaround  flag  will  allow  empty session IDs to be
519       accepted by the client. It works around IPMI sessions that report empty
520       session  IDs  to  the client. Those hitting this issue may see "session
521       timeout" errors. Issue observed on Tyan S2882 with M3289 BMC.
522
523       unexpectedauth - This workaround flag will  allow  unexpected  non-null
524       authcodes  to  be checked as though they were expected. It works around
525       an issue when packets contain non-null authentication  data  when  they
526       should  be  null due to disabled per-message authentication. Those hit‐
527       ting this issue may see "session timeout"  errors.  Issue  observed  on
528       Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.
529
530       forcepermsg  -  This workaround flag will force per-message authentica‐
531       tion to be used no matter what is advertised by the remote  system.  It
532       works  around an issue when per-message authentication is advertised as
533       disabled on the remote system, but it is actually required for the pro‐
534       tocol.  Those  hitting  this  issue  may  see "session timeout" errors.
535       Issue observed on IBM eServer 325.
536
537       endianseq - This workaround flag will flip the endian  of  the  session
538       sequence  numbers  to  allow the session to continue properly. It works
539       around IPMI 1.5 session sequence numbers that  are  the  wrong  endian.
540       Those  hitting  this  issue  may  see  "session  timeout" errors. Issue
541       observed on  some  Sun  ILOM  1.0/2.0  (depends  on  service  processor
542       endian).
543
544       noauthcodecheck  - This workaround flag will tell FreeIPMI to not check
545       the authentication codes returned from IPMI 1.5 command  responses.  It
546       works  around  systems  that return invalid authentication codes due to
547       hashing or implementation errors. Users are cautioned  on  the  use  of
548       this option, as it removes an authentication check verifying the valid‐
549       ity of a packet. However, in most organizations, this is unlikely to be
550       a  security  issue.  Those hitting this issue may see "connection time‐
551       out", "session timeout", or  "password  verification  timeout"  errors.
552       Issue  observed  on  Xyratex FB-H8-SRAY, Intel Windmill, Quanta Winter‐
553       fell, and Wiwynn Windmill.
554
555       intel20 - This workaround flag will work around several Intel IPMI  2.0
556       authentication issues. The issues covered include padding of usernames,
557       and password  truncation  if  the  authentication  algorithm  is  HMAC-
558       MD5-128. Those hitting this issue may see "username invalid", "password
559       invalid", or "k_g invalid" errors. Issue observed  on  Intel  SE7520AF2
560       with Intel Server Management Module (Professional Edition).
561
562       supermicro20 - This workaround flag will work around several Supermicro
563       IPMI 2.0  authentication  issues  on  motherboards  w/  Peppercon  IPMI
564       firmware.  The issues covered include handling invalid length authenti‐
565       cation codes. Those hitting  this  issue  may  see  "password  invalid"
566       errors.   Issue  observed on Supermicro H8QME with SIMSO daughter card.
567       Confirmed fixed on newerver firmware.
568
569       sun20 - This workaround flag will work work around several Sun IPMI 2.0
570       authentication issues. The issues covered include invalid lengthed hash
571       keys, improperly hashed keys, and invalid cipher suite  records.  Those
572       hitting  this  issue  may see "password invalid" or "bmc error" errors.
573       Issue observed on Sun Fire 4100/4200/4500 with ILOM.   This  workaround
574       automatically includes the "opensesspriv" workaround.
575
576       opensesspriv - This workaround flag will slightly alter FreeIPMI's IPMI
577       2.0 connection protocol to workaround an invalid hashing algorithm used
578       by  the remote system. The privilege level sent during the Open Session
579       stage of an IPMI 2.0 connection is used for hashing keys instead of the
580       privilege  level  sent during the RAKP1 connection stage. Those hitting
581       this issue may see "password invalid", "k_g invalid", or "bad  rmcpplus
582       status  code"  errors.   Issue observed on Sun Fire 4100/4200/4500 with
583       ILOM, Inventec 5441/Dell Xanadu II, Supermicro X8DTH, Supermicro X8DTG,
584       Intel  S5500WBV/Penguin  Relion  700,  Intel S2600JF/Appro 512X, Quanta
585       QSSC-S4R/Appro GB812X-CN, and Dell C5220. This workaround is  automati‐
586       cally triggered with the "sun20" workaround.
587
588       integritycheckvalue  - This workaround flag will work around an invalid
589       integrity check value during an IPMI  2.0  session  establishment  when
590       using  Cipher Suite ID 0. The integrity check value should be 0 length,
591       however the remote motherboard responds with a non-empty  field.  Those
592       hitting  this  issue  may  see  "k_g invalid" errors. Issue observed on
593       Supermicro X8DTG, Supermicro X8DTU, and Intel  S5500WBV/Penguin  Relion
594       700, and Intel S2600JF/Appro 512X.
595
596       No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
597       found to not support IPMI 1.5. Those hitting this issue may  see  "ipmi
598       2.0  unavailable"  or  "connection  timeout"  errors. This issue can be
599       worked around by using IPMI 2.0  instead  of  IPMI  1.5  by  specifying
600       --driver-type=LAN_2_0.  Issue observed on a number of HP and Supermicro
601       motherboards.
602

OEM INTERPRETATION

604       The following motherboards are confirmed to have atleast  some  support
605       by  the --interpret-oem-data option. While highly probable the OEM data
606       interpretations would work across other motherboards by the same  manu‐
607       facturer,  there  are no guarantees. Some of the motherboards below may
608       be rebranded by vendors/distributors.
609
610       Currently None
611

EXAMPLES

613       # ipmi-dcmi --get-power-limit
614
615       Get power limit of the local machine.
616
617       # ipmi-dcmi -h ahost -u myusername -p mypassword --get-power-limit
618
619       Get power limit of a remote machine using IPMI over LAN.
620
621       # ipmi-dcmi -h mycluster[0-127]  -u  myusername  -p  mypassword  --get-
622       power-limit
623
624       Get power limit across a cluster using IPMI over LAN.
625

DIAGNOSTICS

627       Upon  successful  execution, exit status is 0. On error, exit status is
628       1.
629
630       If multiple hosts are specified for communication, the exit status is 0
631       if  and  only  if  all targets successfully execute. Otherwise the exit
632       status is 1.
633

KNOWN ISSUES

635       On older operating systems, if you input your username,  password,  and
636       other  potentially  security  relevant information on the command line,
637       this information may be discovered by other users when using tools like
638       the  ps(1) command or looking in the /proc file system. It is generally
639       more secure to input password information with options like the  -P  or
640       -K  options.  Configuring security relevant information in the FreeIPMI
641       configuration file would also be an appropriate way to hide this infor‐
642       mation.
643
644       In  order  to  prevent  brute force attacks, some BMCs will temporarily
645       "lock up" after a number of remote authentication errors. You may  need
646       to  wait awhile in order to this temporary "lock up" to pass before you
647       may authenticate again.
648

REPORTING BUGS

650       Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
651
653       Copyright (C) 2009-2015 Lawrence Livermore National Security, LLC.
654
655       This program is free software; you can redistribute it and/or modify it
656       under  the  terms of the GNU General Public License as published by the
657       Free Software Foundation; either version 3 of the License, or (at  your
658       option) any later version.
659

SEE ALSO

661       freeipmi(7),  ipmi-chassis(8),  ipmi-config(8),  ipmi-sel(8), ipmi-sen‐
662       sors(8), ipmiconsole(8), ipmipower(8)
663
664       http://www.gnu.org/software/freeipmi/
665
666
667
668ipmi-dcmi 1.6.7                   2021-02-12                      IPMI-DCMI(8)
Impressum