User Management
General Information
General information about the BMC account services
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService
Example output:
{
"@odata.id": "/redfish/v1/AccountService",
"@odata.type": "#AccountService.v1_10_0.AccountService",
"AccountLockoutDuration": 600,
"AccountLockoutThreshold": 4,
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
..
"MaxPasswordLength": 20,
"MinPasswordLength": 13,
"Name": "Account Service",
"Oem": {
..
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"ServiceEnabled": true
}
List Supported User Roles
List supported user roles in the system:
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService/Roles
Example output:
{
"@odata.id": "/redfish/v1/AccountService/Roles",
"@odata.type": "#RoleCollection.RoleCollection",
"Description": "BMC User Roles",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
],
"Members@odata.count": 4,
"Name": "Roles Collection"
}
List User Accounts
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService/Accounts
Example output:
{
"@odata.id": "/redfish/v1/AccountService/Accounts",
"@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
"Description": "BMC User Accounts",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Accounts/NvdBluefieldUefi"
},
{
"@odata.id": "/redfish/v1/AccountService/Accounts/root"
}
],
"Members@odata.count": 2,
"Name": "Accounts Collection"
}
Create New User
Create a new user on the BMC:
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X POST https://<IP>/redfish/v1/AccountService/Accounts -d '{ "UserName":"<USER>", "Password":"<PASSWORD>", "RoleId":"<ROLE>", "Enabled":true}'
Example output:
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The resource has been created successfully.",
"MessageArgs": [],
"MessageId": "Base.1.15.0.Created",
"MessageSeverity": "OK",
"Resolution": "None."
}
]
}
Delete User
Delete user form the system:
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X DELETE https://<IP>/redfish/v1/AccountService/Accounts/<USER>
Example output:
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The account was successfully removed.",
"MessageArgs": [],
"MessageId": "Base.1.15.0.AccountRemoved",
"MessageSeverity": "OK",
"Resolution": "No resolution is required."
}
]
}
List Users
ipmitool user list [<channel-number>]
For example:
ipmitool user list 1
Create User
ipmitool user set name <user-id> <username>
For example:
ipmitool user set name 2 Admin
Set User Password
ipmitool user set password <user-id> <password>
For example:
ipmitool user set password 2 AdminPass_123
Enable User
ipmitool user enable <user-id>
For example:
ipmitool user enable 2
Disable User
ipmitool user disable <user-id>
For example:
ipmitool user disable 2
Set User Privilege
ipmitool user priv <user-id> <privilege level(1-4)> [<channel-number>]
Where "privilege level":
1 – callback level (currently not supported)
2 – user level
3 – operator level
4 – administrator level
For example:
ipmitool user priv 2 0x3 1
Enable Remote IPMI for User
Enable remote IPMI command functionality for user:
ipmitool channel setaccess [<channel-number>] <user id> ipmi = on| off
For example:
ipmitool channel setaccess 1 2 ipmi=on
Lanplus Commands to Execute IPMI Commands Remotely for Admin Users
Lanplus commands to execute IPMI commands remotely for users with admin permissions:
ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc-ip-address> <ipmi-command>
For example:
ipmitool -C 17 -I lanplus -U ADMIN -P AdminPass_123! -H 10.10.10.10 user list 1
Lanplus Commands to Execute IPMI Commands Remotely for Non-admin Users
Lanplus commands to execute IPMI commands remotely for users with a non-administrator role:
ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc-ip-address> -L <privilege (operator|user)> <ipmi-command>
For example:
ipmitool -C 17 -I lanplus -U operator1 -P operator123 -H 10.10.10.10 -L operator user list 1
ipmitool -C 17 -I lanplus -U user1 -P user123 -H 10.10.10.10 -L user chassis status
Delete User
ipmitool user set name <user-id> ""
For example:
ipmitool user set name 2 ""