This procedure recovers and resets ALL passwords to default, for recovery of admin and user password. Log in as root, and check the command guide for the correct command.
Note:
- Read this procedure in full before proceeding, to ensure understanding of the activity.
- This procedure is a disruptive process as it requires the switch to be rebooted.
Procedure:
- Establish a connection to the serial port of the switch using a terminal emulation program.
- Power-cycle the device, and press the ESC key when prompted. Then enter option "2."
Secure Boot allows bootup of the system only if a valid digital signature is present on the platform.
Secure Boot Mode Enabled, System in Trusted State
Hit ESC to stop autoboot : 0
1) Start system.
2) Enter command shell.
Option?
- Enter "sboot single" to boot the system in single-user mode. The reboot looks similar to the following:
sboot single
Contact your support provider to obtain the password reset key using the following Request Code:
FbJ7XXXXXXXtup.5mjIyA==
Enter the supplied verification string.
Recovery Code:
- Send the request code to the support team to get the verification string.
- Enter the verification string received from the support team to boot in single-user mode.
Note: Each request code with its corresponding verification string can be used only once. The switch keeps prompting if the recovery code is incorrect.
Enter the supplied verification string.
Recovery Code: 4WCzXXXXXXX5D1.vXLW/iw==
Re-enter Recovery Code: 4WCzXXXXXXX5D1.vXLW/iw==
- Run the system initialization script, "/etc/rc.d/init.d/rc.sysinit."
sh-4.3# /etc/rc.d/init.d/rc.sysinit
e2fsck 1.42.9 (28-Dec-2013)
/dev/sda1: clean, 5851/59136 files, 84801/236328 blocks
Filesystem check /dev/sda1 done
e2fsck 1.42.9 (28-Dec-2013)
/dev/sda2: recovering journal
Setting free inodes count to 53408 (was 53409)
Setting free blocks count to 158187 (was 158189)
/dev/sda2: clean, 5600/59008 files, 77845/236032 blocks
Filesystem check /dev/sda2 done
FIPS mode disabled, so skipping firmware integrity check
Bypassing firmware validation.
---------mounting ramfs-------------------
root=/dev/sda1 rootfstype=ext4 console=ttyS0,9600 rootdelay=5 pcie_ports=native quiet single quiet
########Installing SWXXX81 libhil
mknod: '/mnt/dev/platform': File exists
mknod: '/mnt/dev/null': File exists
- Enter the "/sbin/passwddefault" command to reset all passwords to their default values.
sh-4.3# /sbin/passwddefault
Warning! All user(s) and password configuration will be reset to factory default.
Do you want to continue? [y/n] :y
RASLOG module initialization failed rc=-1
fabosInit error: -1
RASLOG module initialization failed rc=-1
fabosInit error: -1
RASLOG module initialization failed rc=-1
fabosInit error: -1
RASLOG module initialization failed rc=-1
fabosInit error: -1
Raslog Module Initialization failed rc=-1
fab
fabsys device openopen: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
fabsys device open: No such file or directory
All account passwords have been successfully set to factory default.
sysmodAttach open failed: No such file or directory
Logging out all the sessions of user genericmsg
Note: The error messages preceding the bold output are expected.
- Enter "/sbin/reboot -f" to reboot the switch.
sh-4.3# /sbin/reboot -f
- Once the switch has completed rebooting, use a telnet, serial, or SSH connection to log in as admin to the switch and set new passwords for all accounts.
- Following the password recovery, if the root account is required, it must be enabled with the "userconfig" command, and the interfaces configured with the "rootaccess" command.
Example:
BR-G720-2XXXX9:FIXXX8:admin> userconfig --change root -e yes
BR-G720-2XXXX9:FIXXX8:admin> rootaccess --set all
Changing root access permission will terminate existing sessions.
Please confirm to proceed (yes, y, no, n): [no] y