No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionServer Pro E9000 Server iBMC (Earlier Than V250) User Guide 31

This document describes the underlying management software Intelligent Baseboard Management Controller (iBMC) of the servers.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
User Management Commands

User Management Commands

This topic describes all user management commands.

Querying the Information About All Users (userlist/list)

Function

The userlist command is used to query the information about all the users.

Format

ipmcget -d userlist

ipmcget -t user -d list

Parameters

None

Usage Guidelines

None

Example

# Query the information about all the users.

iBMC:/->ipmcget -t user -d list
ID      Name              Privilege      Interface                                       PublicKeyHash
2       root              ADMINISTRATOR  Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
3       xxx               CUSTOM ROLE1   Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
4       commonuser        USER           Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
5       admin             ADMINISTRATOR  Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
6       operator          OPERATOR       Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
7       custom1           CUSTOM ROLE1   Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
8       test              USER           Web,SNMP,IPMI,SSH,SFTP,Local                    NA
9                         NO ACCESS                                                      NA
10                        NO ACCESS                                                      NA
11                        NO ACCESS                                                      NA
12                        NO ACCESS                                                      NA
13                        NO ACCESS                                                      NA
14                        NO ACCESS                                                      NA
15                        NO ACCESS                                                      NA
16                        NO ACCESS                                                      NA
17                        NO ACCESS  

Adding a User (adduser)

Function

The adduser command is used to add a user.

Format

ipmcset [-t user] -d adduser -v <username>

Parameters

Parameter Description Value
username Indicates the user name to be added. The value is a string of up to 16 characters.
  • The string can contain digits, letters, and other characters excluding spaces and the following special characters:

    , \ : < > & ' " / %

  • The string cannot start with a number sign (#).

Usage Guidelines

You can add a maximum of 15 users. You are required to set passwords with different complexities for the new users based on whether the password complexity check function is enabled (queried using passwordcomplexity command).

  • When the password complexity check function is disabled, the password can not be empty, and can be a string of up to 20 characters.
  • When the password complexity check function is enabled, the password must meet the following requirements:
    • Must contain 8 to 20 characters.
    • Must contain at least one space or one of the following special characters:

      ` ~ ! @ # $ % ^ & * () - _ = + \ | [{}] ; : ' " ,<.> / ?

    • Must contain at least two types of the following characters:
      • Letters: a to z
      • Letters: A to Z
      • Digits: 0 to 9
    • Must not be the user name or the user name in reverse order.
    • The new password must differ from the old password in two character positions.

Only the administrators can add a new user, and the password of the current user is needed.

NOTE:
By default, the privilege of a new user is No Access, and the new user supports all login interfaces.

Example

# Add a user and set the name to mytest.

iBMC:/->ipmcset -d adduser -v test
Input your password:
Password:
Confirm password:
Add user successfully.

# Query the user list after addition.

iBMC:/->ipmcget -d userlist
ID      Name              Privilege      Interface                               PublicKeyHash                    
2       root              ADMINISTRATOR  Web,SNMP,IPMI,SSH,SFTP,Local,Redfish    NA                               
3       test              NO ACCESS      Web,SNMP,IPMI,SSH,SFTP,Local,Redfish    NA                               
4                         NO ACCESS                                              NA                               
5                         NO ACCESS                                              NA                               
6                         NO ACCESS                                              NA                               
7                         NO ACCESS                                              NA                               
8                         NO ACCESS                                              NA                               
9                         NO ACCESS                                              NA                               
10                        NO ACCESS                                              NA                               
11                        NO ACCESS                                              NA                               
12                        NO ACCESS                                              NA                               
13                        NO ACCESS                                              NA                               
14                        NO ACCESS                                              NA                               
15                        NO ACCESS                                              NA                               
16                        NO ACCESS                                              NA                               
17                        NO ACCESS                                              NA    

The preceding information indicates that test is added successfully.

Changing the User Password (password)

Function

The password command is used to change the user password.

Format

ipmcset [-t user] -d password -v username

Parameters

Parameter Description Value
username Indicates the existed user whose password is to be changed. -

Usage Guidelines

You can change the passwords with different complexities based on whether the password complexity check function is enabled (queried using passwordcomplexity command).

  • When the password complexity check function is disabled, the password can not be empty, and can be a string of up to 20 characters.
  • When the password complexity check function is enabled, the password must meet the following requirements:
    • Must contain 8 to 20 characters.
    • Must contain at least one space or one of the following special characters:

      `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

    • Must contain at least two types of the following characters:
      • Letters: a to z
      • Letters: A to Z
      • Digits: 0 to 9
    • Must not be the user name or the user name in reverse order.
    • The new password must differ from the old password in two character positions.

Administrators have the right to change the passwords of all users, and operators and common users have the permission to change only their own passwords. The password of the current user is needed when a password is changed.

Example

# Change the password of user.

iBMC:/->ipmcset -d password -v user
Input your password:
New password:
Confirm password:
Set user password successfully.

Deleting a User (deluser)

Function

The deluser command is used to delete a user.

Format

ipmcset [-t user] -d deluser -v username

Parameters

Parameter Description Value
username Indicates the existed user name to be delete. -

Usage Guidelines

Only the administrators can delete a user, and the password of the current user is needed.

Example

# Delete a user whose name is test.

iBMC:/->ipmcset -d deluser -v test
Input your password:
Delete user successfully.

Setting User Rights (privilege)

Function

The privilege command is used to set user rights.

Format

ipmcset [-t user] -d privilege -v <username> <privalue>

Parameters

Parameter Description Value
username Indicates the existed user whose right is to be set. -
privalue Rights
  • 15: no access rights
  • 2: the user rights
  • 3: the operator rights
  • 4: the administrator rights
  • 5: Custom Role1 rights
  • 6: Custom Role2 rights
  • 7: Custom Role3 rights
  • 8: Custom Role4 rights

Usage Guidelines

  • Only the administrators can set user rights, and the password of the current user is needed.

  • This command cannot be used to set rights of default users.

  • This command cannot be used to set the rights of online users.

Example

# Grant test with the Administrator rights.

iBMC:/->ipmcset -d privilege -v test 4
Input your password:
Set user privilege successfully.

Querying and Setting the Status of the Password Complexity Check Function (passwordcomplexity)

Function

The passwordcomplexity command is used to query and set the status of the password complexity check function.

Format

ipmcget [-t user] -d passwordcomplexity

ipmcset [-t user] -d passwordcomplexity -v <enabled | disabled>

Parameters

Parameter Description Value
enabled Enables the password complexity check function. -
disabled Disables the password complexity check function. -

Usage Guidelines

  • The password complexity check function is enabled by default.
  • Disabling the password complexity check function reduces the system security. Set the parameter with caution.
  • When the password complexity check function is disabled, the password can not be empty, and can be a string of up to 20 characters.
  • When the password complexity check function is enabled, the password must meet the following requirements:
    • Must contain 8 to 20 characters.
    • Must contain at least one space or one of the following special characters:

      `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

    • Must contain at least two types of the following characters:
      • Letters: a to z
      • Letters: A to Z
      • Digits: 0 to 9
    • Must not be the user name or the user name in reverse order.
    • The new password must differ from the old password in two character positions.

Only the administrators can set the status of the password complexity check function.

Example

# Query the status of the password complexity check function.

iBMC:/->ipmcget -d passwordcomplexity
Password complexity check state : enabled

# Enable the password complexity check function.

iBMC:/->ipmcset -d passwordcomplexity -v enabled
Set password complexity check state successfully.

Unlocking a User (user -d unlock)

Function

The unlock command is used to unlock a user that fails to enter a correct password within the maximum allowed attempts.

Format

ipmcset -t user -d unlock -v username

Parameters

Parameter Description Value
username Specifies the name of the user to be unlocked. -

Usage Guidelines

The switch module does not support the command.

Only administrators have the permission to unlock a user.

Enter the password of the current administrator when unlocking a user.

Example

# Unlock user root.

iBMC:/->ipmcset -t user -d unlock -v root
Input your password:
Set user:root unlock status successfully.

Querying and Setting the Minimum Password Age (minimumpasswordage)

Function

The minimumpasswordage command is used to query or set the minimum password age.

The minimum password age is the shortest time period for which a password must be used after it was set. During this period, the password cannot be changed.

Format

ipmcget -d minimumpasswordage

ipmcset -d minimumpasswordage -v time

Parameters

Parameter Description Value
time Specifies the minimum password validity period.

Value range: 0 to 365

The value 0 indicates that the passwords do not have a minimum password age.

Usage Guidelines

The switch module does not support the command.

Only the system administrator can set the minimum password validity period.

Example

# Set the minimum password validity period to one day.

iBMC:/->ipmcset -d minimumpasswordage -v 1
Set minimum password age successfully, minimumpasswordage(1) days.

Setting an Emergency User (emergencyuser)

Function

The emergencyuser command is used to set an emergency user, which is not restricted by any login rule.

Format

ipmcset [-t user] -d emergencyuser -v username

Parameters

Parameter Description Value
username Emergency user name. -

Usage Guidelines

Only an administrator can set an emergency user.

Example

# Set root as an emergency user.

iBMC:/->ipmcset -d emergencyuser -v root
Set emergency user to (root) successfully.

Adding a Public Key for an SSH User (addpublickey)

Function

The addpublickey command is used to add a public key for an SSH user.

Format

ipmcset -t user -d addpublickey -v username filepath

Parameters

Parameter Description Value
username Specifies the name of the SSH user for whom you want to import a public key. SSH user name
filepath Specifies the path from which the public key will be imported. The value must be in the /Path/File name format. For example, /tmp/id_dsa_1024.key

Usage Guidelines

Switch modules do not support this command.

Before running this command, use a file transfer tool that supports SFTP, for example WinSCP, to transfer the SSH public key file to the specified directory (for example /tmp) of the iBMC file system.

The administrators can import SSH public keys for all users. Common users can import only their own SSH public keys.

Example

# Import a public key for the ssh_user user.

iBMC:/->ipmcset -t user -d addpublic -v ssh_user /tmp/id_dsa_1024.key
Input your password:
Add user public key successfully.

Deleting the Public Key of an SSH User (delpublickey)

Function

The delpublickey command is used to delete the public key of an SSH user.

Format

ipmcset -t user -d delpublickey -v username

Parameters

Parameter Description Value
username Specifies the name of the SSH user with the public key to be deleted.

Usage Guidelines

Administrators can delete the public keys of all SSH users. Common users can only delete their own public keys.

Switch modules do not support this command.

Example

# Delete the public key of the ssh_user_01 user.

iBMC:/->ipmcset -t user -d delpublickey -v ssh_user_01
Input your password:
Delete user public key successfully.

Querying and Setting the SSH User Password Authentication Enablement Status (sshpasswordauthentication)

Function

The sshpasswordauthentication command is used to enable or disable SSH user password authentication.

Format

ipmcget -t user -d sshpasswordauthentication

ipmcset -t user -d sshpasswordauthentication -v <enabled | disabled>

Parameters

Parameter Description Value
enabled Indicates that SSH user password authentication will be enabled.
disabled Indicates that SSH user password authentication will be disabled.

Usage Guidelines

None

Example

# Enable SSH user password authentication.

iBMC:/->ipmcset -t user -d sshpasswordauthentication -v enabled
Set SSH password authentication successfully.

# Query the enablement status of SSH user password authentication.

iBMC:/-> ipmcget -t user -d sshpasswordauthentication
SSH Password Authentication : enabled

Setting the User Interfaces for Logging to iBMC (interface)

Function

The interface command is used to set the user interfaces that can be used by specified users to log in to iBMC.

Format

ipmcset -t user -d interface -v username <enabled | disabled> <option1 option2 ... optionN>

Parameters

Parameter Description Value
username Name of the user to be configured.
enabled Indicates that the interfaces will be enabled.
disabled Indicates that the interfaces will be disabled.
option1 option2 ... optionN Indicates the interface types to be configured. You can set multiple interface types at a time. The options are:
  • 1: Web
  • 2: SNMP
  • 3: IPMI
  • 4: SSH
  • 5: SFTP
  • 7: Local
  • 8: Redfish

Usage Guidelines

None

Example

# Enable the iBMC login interfaces Web, SNMP, IPMI, SSH, SFTP, and Local for the test user.

iBMC:/->ipmcset -t user -d interface -v test enabled 1 2 3 4 5 7
Input your password:
Set user login interface successfully.

# Query information about the ssh_user_01 user.

iBMC:/->ipmcget -t user -d list
ID      Name              Privilege      Interface                                       PublicKeyHash
2       root              ADMINISTRATOR  Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
3       xxx               CUSTOM ROLE1   Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
4       commonuser        USER           Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
5       admin             ADMINISTRATOR  Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
6       operator          OPERATOR       Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
7       custom1           CUSTOM ROLE1   Web,SNMP,IPMI,SSH,SFTP,Local,Redfish            NA
8       test              USER           Web,SNMP,IPMI,SSH,SFTP,Local                    NA
9                         NO ACCESS                                                      NA
10                        NO ACCESS                                                      NA
11                        NO ACCESS                                                      NA
12                        NO ACCESS                                                      NA
13                        NO ACCESS                                                      NA
14                        NO ACCESS                                                      NA
15                        NO ACCESS                                                      NA
16                        NO ACCESS                                                      NA
17                        NO ACCESS  
Translation
Download
Updated: 2019-08-01

Document ID: EDOC1000058833

Views: 207877

Downloads: 1935

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next