Wsman 401 Unauthorized


#1

Me and a friend are working on our bachelors, and we are trying to set up a cloud service based on Ubuntu MaaS. As much ‘plug and play’ as it is supposed to be, we have constantly been running headfirst into problems.

We are working HP Z4 G4 Workstation (1JP11AV) machines.

So our problems are as follows: The BMC (or Intel AMT as it is in our case) works for powering on/off the machines. So we have given MaaS the correct IP and password. unfortunately, when we use wireshark to read the packages sendt back and forth between our region/rack-controller and the machine we are trying to commission; we get HTTP/1.1 401 Unauthorized

in the tcp stream we find this coming from the machine we are trying to commission:

“Log on failed. Incorrect user name or password, or user account temporarily locked.”

And in the packets from our Region/rack, we can’t find any credentials being sendt. I am starting to think there is a bug in the MaaS package somewhere.


#2

Seems that Maas does not like the latest AMT versions. AMT 9.0 and later does not support SOAP. and we might have to downgrade amttool to < 9.0

Edit: Clarifying that 9.0 of ATM removed SOAP support
Edit: Is SOAP irrelevant? WS-man seems to have replaced it, and we have WS-Man installed. The problem still seems to be that wsman does not post credentials


#3

Hi yuven,

you’re correct that SOAP support in amttool doesn’t matter. MAAS uses amttool for AMT < 9.0 and WS-Man for >= 9.0. So if you have the wsmancli package installed on the rack controller, it should work. I myself have two AMT machines here, 4.0.8 and 9.5.30, and both work.

I would double check that the IP and Password are correctly set in MAAS, and try running ‘AMT_PASSWORD= amttool info’ works from the rack controller. For AMT >= 9.0, it will give you the AMT version at least. Which version are the machine running, BTW?

Gettings 401s is normal, but there should of course be a similar 200 response after that. They way HTTP authentication works is that you first make a request without the credentials, and then you get a 401 response with a WWW-Authenticate header with details about how to supply the credentials.


#4

Hi I’m the friend…

running ‘AMT=PASSWORD=<amt_password> amttool 10.0.0.12 info’ and we get ‘401 Unauthorized at /usr/bin/amttool line 126’
AMT version is 11.11.50
We are running on Ubuntu 18.04
Maas is version 2.5

We are not getting any 200 response (except for the ‘404 Not found at /usr/bin/amttool line 242’ when we are running ‘amttool 10.0.0.12 info’)

Thanks for replying! :slight_smile: