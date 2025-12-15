The BMC has a separate Ethernet interface which provides network connection for management traffic to the BMC. The NVIDIA® BlueField® networking platform's bracket (DPU or SuperNIC) has an RJ45 port labeled "MGMT" which is the management interface port. The management port is configured with auto-negotiation capabilities by default (100MbE to 1GbE).

The BMC interface eth0 is the management interface, so any information displayed by ifconfig eth0 pertains to the management interface. The MAC address to be used for eth0 is pre-programmed in the BMC FRU EEPROM and can be found on the BlueField's board label. By default, the IP address used for eth0 is acquired via DHCP but can be configured differently.

The BMC password must comply with the following policy parameters:

Using ASCII and Unicode characters is permitted

Minimum length: 12

Maximum length: 20

Maximum number of consecutive character pairs: 4 Info Two characters are consecutive if |hex(char_1)-hex(char_2)|=1 . Examples of passwords with 5 consecutive character pairs (invalid): DcB a123456AbCd! ; ab1XbcYcdZdeGef! ; Testing_123abcgh! .

The following is a valid example password:

HelloNvidia3D!

Note A user account is locked for 10 minutes after 10 consecutive failed attempts.

When initially logging into the system, it is mandatory to update the default BMC password, 0penBmc . The BlueField BMC offers two methods/interfaces for changing the password:

SSH/serial: To change the password, connect to the BMC via SSH/serial and log in using the root user and the default password. Upon logging in, you are prompted with the following: Copy Copied! dpu-bmc login: root Password: <Type default password> You are obliged to immediately change your password (mandatory for administrators). Changing the root password. Current password: <Retype the default password> New password: <Type the new password according to the above rules> Retype the new password: <Retype the new password>

Redfish: The Redfish user management interface may be used to configure the new password. The following Redfish command can be employed to alter the default password: Copy Copied! curl -k -u root:0penBmc -H "Content-Type: application/json" -X PATCH https://<bmc_ip>/redfish/v1/AccountService/Accounts/root -d '{"Password" : "<password>"}'

The Redfish root user can inquire about and modify the applied account policies, which encompass settings such as the number of consecutive login attempts permitted and the time period for which the system will remain locked.

The following Redfish command provides the current settings:

Copy Copied! curl -k -u root: '<password>' -H 'Content-Type: application/json' -X GET https://10.237.53.58/redfish/v1/AccountService

Example output:

Collapse Source Copy Copied! { "@odata.id": "/redfish/v1/AccountService", "@odata.type": "#AccountService.v1_10_0.AccountService", "AccountLockoutDuration": 600, "AccountLockoutThreshold": 4, "Accounts": { "@odata.id": "/redfish/v1/AccountService/Accounts" }, "ActiveDirectory": { "Authentication": { "AuthenticationType": "UsernameAndPassword", "Password": null, "Username": "" }, "LDAPService": { "SearchSettings": { "BaseDistinguishedNames": [ "" ], "GroupsAttribute": "", "UsernameAttribute": "" } }, "RemoteRoleMapping": [], "ServiceAddresses": [ "" ], "ServiceEnabled": false }, "Description": "Account Service", "Id": "AccountService", "LDAP": { "Authentication": { "AuthenticationType": "UsernameAndPassword", "Password": null, "Username": "" }, "Certificates": { "@odata.id": "/redfish/v1/AccountService/LDAP/Certificates" }, "LDAPService": { "SearchSettings": { "BaseDistinguishedNames": [ "" ], "GroupsAttribute": "", "UsernameAttribute": "" } }, "RemoteRoleMapping": [], "ServiceAddresses": [ "" ], "ServiceEnabled": false }, "MaxPasswordLength": 20, "MinPasswordLength": 13, "Name": "Account Service", "Oem": { "OpenBMC": { "@odata.id": "/redfish/v1/AccountService#/Oem/OpenBMC", "@odata.type": "#OemAccountService.v1_0_0.AccountService", "AuthMethods": { "BasicAuth": true, "Cookie": true, "SessionToken": true, "TLS": true, "XToken": true } } }, "Roles": { "@odata.id": "/redfish/v1/AccountService/Roles" }, "ServiceEnabled": true }

By default, if a user attempts to log into the system with an incorrect password four times in a row, their account is locked for 600 seconds. Afterwards, the user is allowed another opportunity to log in with the correct credentials. If the user fails to log in again, the account is immediately locked for an additional 600 seconds. If the user logs in successfully, the counter of consecutive login failures is reset.

The patch command may be used to modify the default policy settings. The following example illustrates how to alter the number of allowed consecutive login attempts into the system.

Copy Copied! curl -k -u root:'<password>' -H 'Content-Type: application/json' -X PATCH https://<IP>/redfish/v1/AccountService -d '{"AccountLockoutThreshold" : 10}'

Info For a comprehensive understanding of the schema, please refer to the DMTF definition of the AccountService.v1_10_0.AccountService schema.

If an account becomes inaccessible, users may check the system's status using the Redfish interface using the following GET operation:

Copy Copied! curl -k -u root: '<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService

Example output:

Copy Copied! { "error" : { "@Message.ExtendedInfo" : [ { "@odata.type" : "#Message.v1_1_1.Message" , "Message" : "While accessing the resource at '/redfish/v1/AccountService', the service received an authorization error 'Account temporarily locked out for 600 seconds due to multiple authentication failures'." , "MessageArgs" : [ "/redfish/v1/AccountService" , "Account temporarily locked out for 600 seconds due to multiple authentication failures" ], "MessageId" : "Base.1.15.0.ResourceAtUriUnauthorized" , "MessageSeverity" : "Critical" , "Resolution" : "Ensure that the appropriate access is provided for the service in order for it to access the URI." } ], "code" : "Base.1.15.0.ResourceAtUriUnauthorized" , "message" : "While accessing the resource at '/redfish/v1/AccountService', the service received an authorization error 'Account temporarily locked out for 600 seconds due to multiple authentication failures'." } }



