Troubleshooting
Problem
The Integrated Management Module (IMM) comes preconfigured with the default user account name set to "USERID" and its password set to "PASSW0RD". It is recommended to change the IMM default user account, if you plan to allow non-privileged users to access the host operating system on the blade. Otherwise, non-privileged users with knowledge of the default user account will be able to use the the IMM's in-band Ethernet over Universal Serial Bus (USB) interface to change IMM and Unified Extensible Firmware Interface (UEFI) settings.
Resolving The Problem
Source
RETAIN Tip:H194857
Symptom
The Integrated Management Module (IMM) comes preconfigured with the default user account name set to "USERID" and its password set to "PASSW0RD".
It is recommended to change the IMM default user account, if you plan to allow non-privileged users to access the host operating system on the blade. Otherwise, non-privileged users with knowledge of the default user account will be able to use the the IMM's in-band Ethernet over Universal Serial Bus (USB) interface to change IMM and Unified Extensible Firmware Interface (UEFI) settings.
Affected configurations
The system may be any of the following IBM servers:
- BladeCenter HS22, type 7870, any model
This tip is not software specific.
This tip is not option specific.
Workaround
The IMM userid and password can be changed using ipmitool:
|
ipmitool -I open user set name 2 ipmitool -I open user set password 2 |
An alternative to prevent non-privileged users from accessing the IMM over the in-band Ethernet over USB interface is to disable the IMM's Ethernet over USB interface. This interface is required however for in-band flashing of the IMM, UEFI, and Dynamic System Analysis (DSA) preboot firmware, as well as for the Advance Setting Utility (ASU). The interface would need to re-enabled each time before flashing in-band or running ASU.
The IMM's Ethernet over USB interface can be enabled or disabled using the Advanced Management Module (AMM)'s web interface:
- Navigate to the Service Processor's Ethernet over USB interface section on the blade configuration web page. The section lists all blades in the chassis which are capable of enabling and disabling the Ethernet over USB interface.
- Select the checkboxes next to the blade(s) that you want to enable or disable.
- Click the Disable button to disable the Ethernet over USB interface on the selected blades, or click the Enable button to enable the interface.
Additional Information
The IMM implements an Ethernet over USB interface for in-band access. Applications can access the IMM's Ethernet over USB interface and do not require root access to be run. The IMM does require authentication when it is accessed using the Ethernet over USB interface, so if users do not know the userid and password settings, they can be prevented from accessing the IMM.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
19 April 2023
UID
ibm1MIGR-5079611