Get Channel Authentication Capabilities failed, err: client udp exchange msg failed, err: read from conn failed

[guofangyu]

ipmitool operation without administrator privileges

[root@A06-R08-I201-219-J33GRMW:/tmp]$ ipmitool -H 192.168.11.163 -U  user -P 'pwd' -I lanplus  power status
Set Session Privilege Level to ADMINISTRATOR failed: Unknown (0x81)
Error: Unable to establish IPMI v2 / RMCP+ session

ipmitool operation without administrator privileges

[root@A06-R08-I201-219-J33GRMW:/tmp]$
[root@A06-R08-I201-219-J33GRMW:/tmp]$ ipmitool -H 192.168.11.163 -U  user -P 'pwd' -I lanplus -L operator power status
Chassis Power is on

Connection timeout error using code library

    client, err := ipmi.NewClient(ip, 623, usr, pwd)
    client.WithMaxPrivilegeLevel(ipmi.PrivilegeLevelOperator)
    client.WithInterface(ipmi.InterfaceLanplus)
    if err = client.Connect(); err != nil {
        logger.Error("Connect bmc %s failed. err=%v.", ip, err)
    }

ERROR ->>> Get Channel Authentication Capabilities failed, err: client udp exchange msg failed, err: read from conn failed, err: read udp 10.226.130.228:48788->11.241.226.163:623: i/o timeout

 Does this code base only support administrator privileges to connect?

[bougou]

This library supports changing privileges using WithMaxPrivilegeLevel() method.

The error seems only relates to the problem of udp network connection.

So, make sure the target address can be really reachable. (11.241.226.163:623 in your example). The address （192.168.11.163）used in the ipmitool example is different from the address (11.241.226.163) in the code using the library.

[guofangyu]

This library supports changing privileges using WithMaxPrivilegeLevel() method.

The error seems only relates to the problem of udp network connection.

So, make sure the target address can be really reachable. (11.241.226.163:623 in your example). The address （192.168.11.163）used in the ipmitool example is different from the address (11.241.226.163) in the code using the library.

The IP is different because I edited it. It's actually OK.

Other nodes can connect, but only this node has problems. I checked the users in the out-of-band console and found that this user did not have administrator privileges, while those users who could connect normally had administrator privileges, so I suspected that there was a problem with the code.

[guofangyu]

[root@A06-R08-I201-219-J33GRMW:/tmp]$ nmap -sU -p 623 11.241.226.162 -Pn

Starting Nmap 6.40 ( http://nmap.org ) at 2024-12-06 16:53 CST
Nmap scan report for 11.241.226.162
Host is up.
PORT    STATE         SERVICE
623/udp open|filtered asf-rmcp

Nmap done: 1 IP address (1 host up) scanned in 2.06 seconds
[root@A06-R08-I201-219-J33GRMW:/tmp]$ nmap -sU -p 623 11.241.226.163 -Pn

Starting Nmap 6.40 ( http://nmap.org ) at 2024-12-06 16:53 CST
Nmap scan report for 11.241.226.163
Host is up.
PORT    STATE         SERVICE
623/udp open|filtered asf-rmcp

Nmap done: 1 IP address (1 host up) scanned in 2.06 seconds
[root@A06-R08-I201-219-J33GRMW:/tmp]$
[root@A06-R08-I201-219-J33GRMW:/tmp]$ time ./ipmi 11.241.226.162 
2024-12-06 16:53:56.944 [INFO] ipmi_v2.go:26 - start connect
2024-12-06 16:54:57.096 [INFO] ipmi_v2.go:33 - connect success
2024-12-06 16:54:57.136 [INFO] ipmi_v2.go:102 - get 11.241.226.162 power status : on
on <nil>

real	1m0.207s
user	0m0.012s
sys	0m0.014s
[root@A06-R08-I201-219-J33GRMW:/tmp]$
[root@A06-R08-I201-219-J33GRMW:/tmp]$ time ./ipmi 11.241.226.163 
2024-12-06 16:55:46.608 [INFO] ipmi_v2.go:26 - start connect
 cmd: Get Channel Authentication Capabilities failed, err: client udp exchange msg failed, err: read from conn failed, err: read udp 10.226.130.228:38352->11.241.226.163:623: i/o timeout

real	1m0.037s
user	0m0.012s
sys	0m0.009s

udp is ok, but I also found that the connection establishment is very slow. It takes 1 minute to complete each access to 11.241.226.162. It is the same for other IPs. I don't know where the problem is.

[bougou]

623/udp open|filtered asf-rmcp

The open|filtered port state actually means there's no response received by nmap for udp port scan. see

The state should be open for a normal reachable port. I still doubt there may exist firewalls that blocks or drops the connection.

PORT    STATE SERVICE
623/udp open  asf-rmcp

[guofangyu]

623/udp open|filtered asf-rmcp

The open|filtered port state actually means there's no response received by nmap for udp port scan. see

The state should be open for a normal reachable port. I still doubt there may exist firewalls that blocks or drops the connection.

PORT    STATE SERVICE
623/udp open  asf-rmcp

But only server 11.241.226.163 cannot connect via ipmi, other nodes are successful.
When using v0.4.2, accessing ipmi is very fast. After upgrading to 0.5.10, accessing ipmi is very slow, taking one minute each time.
But 11.241.226.163 cannot connect using both the old and new versions. The network topology is very simple, just a few servers directly connected to the same switch in the development environment.

[bougou]

The “one minute” may relates with the default udp read timeout setting, which was increased to a default 60s. You can change it using WithTimeout method to set a small value like 10s or 20s.