Friday, July 29, 2016

OS root account unlock and reset

As many of you know the Gateway is built on top of RedHat Enterprise Linux running on Oracle Fire hardware, so some these procures are specific to vendors and not so much the gateway itself.
This was performed on a hardware appliance, commands for VM vary slightly.

Oracle Integrated Lights-Out Manager root password reset

  1. Connect to the iLOM serial port and login using the 'default' account (see reference for default account password).
  2. You will be prompted to press the physical presence button (located on the back of the server next to the iLOM serial port).
  3. After login is completed you may then change the password for the iLOM 'root' user:
    • set /SP/users/root password
Ref:
http://docs.oracle.com/cd/E24707_01/html/E24528/z400203c1534691.html

RedHat Enterprise Linux root password reset

  1. Connect to the system console and start (or restart if running) the OS.
  2. When prompted press any key to enter the boot loader menu.
  3. Press 'p' to enter the GRUB password (see referenced article for default password).
  4. Press 'e' to edit the kernel boot command.
  5. Select the 'kernel ...' line and press 'e' to edit.
  6. Append to the end of the line:
    • init=/bin/bashAnd if connected to a hardware appliance via the iLOM serial port then also append to the end of the line:
    • console=ttyS0Press Enter to save the changes
    • If you run into issues with the above parameters then the two following parameters may be useful in troubleshooting:
      panic=0
      --system noinitrd
  7. Then press 'b' to boot the kernel with the modified command parameters.
  8. Mount the root file system with the following command:
    • mount -o remount,rw /
  9. Change the root password:
    • passwd
    • Note: your new password should adhere to the system password policy.
  10. Re-mount the root file system with the following command:
    • mount -o remount,ro /
  11. Save the changes and restart the appliance:

    • sync; reboot -f

  12. Note: the above password reset will not unlock the root account
    • but this command will:
      /sbin/pam_tally2 --reset --user root
Ref:
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec0000001436.aspx

admin password reset

(The most direct way is ssgconfig menu option 2, option 8.  However if that is not working then you may use the following approach.)
(This section copied directly from the referenced article.)
  1. Login into the command shell of a gateway database node.
  2. Elevate to the root account (option 3).
  3. Run the following command:
    • /opt/SecureSpan/Appliance/bin/resetAdmin.sh root [MySQL root account password]
  4. Enter the Admin account name when prompted. This is the Administrative user name that was created when the Gateway was initially configured.
  5. When the script is complete, the password for the Administrative user is reset back to password. You should now log into the Policy Manager and change the password to a more secure password.
Ref:
https://docops.ca.com/ca-api-gateway/9-0/en/troubleshoot/troubleshooting-password-issues#TroubleshootingPasswordIssues-ResettingtheAdministrativePassword
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)