NVIDIA BlueField BMC Software
NVIDIA BlueField BMC Software
Breadcrumbs

User Management

User Management Redfish Commands

General Information

General information about the BMC account services

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService

Example output:

{
  "@odata.id": "/redfish/v1/AccountService",
  "@odata.type": "#AccountService.v1_10_0.AccountService",
  "AccountLockoutDuration": 600,
  "AccountLockoutThreshold": 4,
  "Accounts": {
    "@odata.id": "/redfish/v1/AccountService/Accounts"
  },
..
  "MaxPasswordLength": 20,
  "MinPasswordLength": 13,
  "Name": "Account Service",
  "Oem": {
..
  "Roles": {
    "@odata.id": "/redfish/v1/AccountService/Roles"
  },
  "ServiceEnabled": true
}

List Supported User Roles

List supported user roles in the system:

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService/Roles

Example output:

{
  "@odata.id": "/redfish/v1/AccountService/Roles",
  "@odata.type": "#RoleCollection.RoleCollection",
  "Description": "BMC User Roles",
  "Members": [
    {
      "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
    },
    {
      "@odata.id": "/redfish/v1/AccountService/Roles/Operator"
    },
    {
      "@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
    },
    {
      "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
    }
  ],
  "Members@odata.count": 4,
  "Name": "Roles Collection"
}

List User Accounts 

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService/Accounts

Example output:

{
  "@odata.id": "/redfish/v1/AccountService/Accounts",
  "@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
  "Description": "BMC User Accounts",
  "Members": [
    {
      "@odata.id": "/redfish/v1/AccountService/Accounts/NvdBluefieldUefi"
    },
    {
      "@odata.id": "/redfish/v1/AccountService/Accounts/root"
    }
  ],
  "Members@odata.count": 2,
  "Name": "Accounts Collection"
}

Create New User

Create a new user on the BMC:

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X POST https://<IP>/redfish/v1/AccountService/Accounts  -d '{ "UserName":"<USER>", "Password":"<PASSWORD>", "RoleId":"<ROLE>", "Enabled":true}'

Example output:

{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "The resource has been created successfully.",
      "MessageArgs": [],
      "MessageId": "Base.1.15.0.Created",
      "MessageSeverity": "OK",
      "Resolution": "None."
    }
  ]
}

Delete User

Delete user form the system:

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X DELETE https://<IP>/redfish/v1/AccountService/Accounts/<USER>

Example output:

{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "The account was successfully removed.",
      "MessageArgs": [],
      "MessageId": "Base.1.15.0.AccountRemoved",
      "MessageSeverity": "OK",
      "Resolution": "No resolution is required."
    }
  ]
}

User Management IPMI Commands

List Users 

ipmitool user list [<channel-number>]

For example:

ipmitool user list 1

Create User 

ipmitool user set name <user-id> <username>

For example:

ipmitool user set name 2 Admin

Set User Password 

ipmitool user set password <user-id> <password>

For example:

ipmitool user set password 2 AdminPass_123

Enable User 

ipmitool user enable <user-id>

For example:

ipmitool user enable 2

Disable User 

ipmitool user disable <user-id>

For example:

ipmitool user disable 2

Set User Privilege 

ipmitool user priv <user-id> <privilege level(1-4)> [<channel-number>]

Where "privilege level":

  • 1 – callback level (currently not supported)

  • 2 – user level

  • 3 – operator level

  • 4 – administrator level

For example:

ipmitool user priv 2 0x3 1

Enable Remote IPMI for User

Enable remote IPMI command functionality for user:

ipmitool channel setaccess [<channel-number>] <user id> ipmi = on| off

For example:

ipmitool channel setaccess 1 2 ipmi=on

Lanplus Commands to Execute IPMI Commands Remotely for Admin Users

Lanplus commands to execute IPMI commands remotely for users with admin permissions:

ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc-ip-address> <ipmi-command>

For example:

ipmitool -C 17 -I lanplus -U ADMIN -P AdminPass_123! -H 10.10.10.10 user list 1

Lanplus Commands to Execute IPMI Commands Remotely for Non-admin Users

Lanplus commands to execute IPMI commands remotely for users with a non-administrator role:

ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc-ip-address> -L <privilege (operator|user)> <ipmi-command>

For example:

ipmitool -C 17 -I lanplus -U operator1 -P operator123 -H 10.10.10.10 -L operator user list 1
ipmitool -C 17 -I lanplus -U user1 -P user123 -H 10.10.10.10 -L user chassis status

Delete User 

ipmitool user set name <user-id> ""

For example:

ipmitool user set name 2 ""


Last updated: