NVIDIA BlueField BMC Software
NVIDIA BlueField BMC Software
Breadcrumbs

User Management


User Management Redfish Commands

Getting General Information

To retrieve general information about the BMC account services:

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService

Example output:

{
  "@odata.id": "/redfish/v1/AccountService",
  "@odata.type": "#AccountService.v1_10_0.AccountService",
  "AccountLockoutDuration": 600,
  "AccountLockoutThreshold": 4,
  "Accounts": {
    "@odata.id": "/redfish/v1/AccountService/Accounts"
  },
..
  "MaxPasswordLength": 20,
  "MinPasswordLength": 13,
  "Name": "Account Service",
  "Oem": {
..
  "Roles": {
    "@odata.id": "/redfish/v1/AccountService/Roles"
  },
  "ServiceEnabled": true
}

Listing Supported User Roles

To list supported user roles in the system:

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService/Roles

Example output:

{
  "@odata.id": "/redfish/v1/AccountService/Roles",
  "@odata.type": "#RoleCollection.RoleCollection",
  "Description": "BMC User Roles",
  "Members": [
    {
      "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
    },
    {
      "@odata.id": "/redfish/v1/AccountService/Roles/Operator"
    },
    {
      "@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
    },
    {
      "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
    }
  ],
  "Members@odata.count": 4,
  "Name": "Roles Collection"
}

Listing User Accounts 

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService/Accounts

Example output:

{
  "@odata.id": "/redfish/v1/AccountService/Accounts",
  "@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
  "Description": "BMC User Accounts",
  "Members": [
    {
      "@odata.id": "/redfish/v1/AccountService/Accounts/NvdBluefieldUefi"
    },
    {
      "@odata.id": "/redfish/v1/AccountService/Accounts/root"
    }
  ],
  "Members@odata.count": 2,
  "Name": "Accounts Collection"
}

Creating New User

To create a new user on the BMC:

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X POST https://<IP>/redfish/v1/AccountService/Accounts  -d '{ "UserName":"<USER>", "Password":"<PASSWORD>", "RoleId":"<ROLE>", "Enabled":true}'

Example output:

{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "The resource has been created successfully.",
      "MessageArgs": [],
      "MessageId": "Base.1.15.0.Created",
      "MessageSeverity": "OK",
      "Resolution": "None."
    }
  ]
}

Deleting User

To delete a user from the system:

curl -k -u root:'<password>' -H 'Content-Type: application/json' -X DELETE https://<IP>/redfish/v1/AccountService/Accounts/<USER>

Example:

{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "The account was successfully removed.",
      "MessageArgs": [],
      "MessageId": "Base.1.15.0.AccountRemoved",
      "MessageSeverity": "OK",
      "Resolution": "No resolution is required."
    }
  ]
}

User Management IPMI Commands

Listing Users 

ipmitool user list [<channel-number>]

Example:

ipmitool user list 1

Creating User 

ipmitool user set name <user-id> <username>

For example:

ipmitool user set name 2 Admin

Setting User Password 

ipmitool user set password <user-id> <password>

Example:

ipmitool user set password 2 AdminPass_123

Enabling/Disabling User 

ipmitool user <enable|disable> <user-id>

Example:

ipmitool user enable 2

Setting User Privilege 

ipmitool user priv <user-id> <privilege level(1-4)> [<channel-number>]

Where "privilege level":

  • 1 – callback level (currently not supported)

  • 2 – user level

  • 3 – operator level

  • 4 – administrator level

Example:

ipmitool user priv 2 0x3 1

Enabling Remote IPMI for User

To enable remote IPMI command functionality for a user:

ipmitool channel setaccess [<channel-number>] <user-id> ipmi=<on|off>

For example:

ipmitool channel setaccess 1 2 ipmi=on

Lanplus Commands to Execute IPMI Commands Remotely for Admin Users

Lanplus commands to execute IPMI commands remotely for users with admin permissions:

ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc-ip-address> <ipmi-command>

For example:

ipmitool -C 17 -I lanplus -U ADMIN -P AdminPass_123! -H 10.10.10.10 user list 1

Lanplus Commands to Execute IPMI Commands Remotely for Non-admin Users

Lanplus commands to execute IPMI commands remotely for users with a non-administrator role:

ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc-ip-address> -L <privilege (operator|user)> <ipmi-command>

For example:

ipmitool -C 17 -I lanplus -U operator1 -P operator123 -H 10.10.10.10 -L operator user list 1
ipmitool -C 17 -I lanplus -U user1 -P user123 -H 10.10.10.10 -L user chassis status

Deleting User 

ipmitool user set name <user-id> ""

For example:

ipmitool user set name 2 ""


Last updated: