System Platform Password Attempts Reset


System Platform may not need it’s password reset or you have reset it but still access then try this;

  • Run the following command pam_tally –user admin –reset
  • Run the command “ssh cdom.vsp”
  • Run the command : pam_tally –user admin –reset
  • Type “exit” which returns to Dom0
  • Run the following commands :
    service ldap restart
    service libvirtd restart
  • Close all the windows and login back with the admin/passwd (your previous admin passwd)
    The above steps are non service impact .

Reset the System Platform (cdom) Password


This is a great bit of work from a good friend and colleague of mine on how to reset the System Platform (cdom admin password) there is an issue with it in releases prior to 6.0.3.3.3 but the fix didn’t work on this occasion so we reset the password manually.
[root@company-dom0-2 ~]# grep ^rootdn /etc/openldap/slapd.conf
rootdn          “cn=Manager,dc=vsp”
 

[root@company-dom0-2 ~]# ldapsearch -D “cn=Manager, dc=vsp” -w root01 -b “uid=admin,ou=People,dc=vsp”
# extended LDIF
#
# LDAPv3
# base <uid=admin,ou=People,dc=vsp> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# admin, People, vsp
dn: uid=admin,ou=People,dc=vsp
uid: admin
cn: admin
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 501
gidNumber: 555
homeDirectory: /home/admin
userPassword:: e1NTSEF9YXIxRit4QnBaaGRYWmVRU1NOM0xmYTRobUdKS1xxx2c=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@company-dom0-22 ~]# ldappasswd -D “cn=Manager, dc=vsp” -w root01 -S “uid=admin,ou=People,dc=vsp”
New password:
Re-enter new password:
[root@company-dom0-2 ~]# ldapsearch -D “cn=Manager, dc=vsp” -w root01 -b “uid=admin,ou=People,dc=vsp”
# extended LDIF
#
# LDAPv3
# base <uid=admin,ou=People,dc=vsp> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# admin, People, vsp
dn: uid=admin,ou=People,dc=vsp
uid: admin
cn: admin
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 501
gidNumber: 555
homeDirectory: /home/admin
userPassword:: e1NTSEF9bUFjUk8wUTBEWjZvL1JGbDd2cU1UdkY2SENTxxxtQWc=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@company-dom0-2 ~]# ssh
admin@cdom.vsp
Password:
Last login: Mon Dec  2 10:52:46 GMT 2013 from 127.0.0.1 on ssh
Last failed login: Thu Feb 27 16:38:36 GMT 2014 from 192.1.1.1 on ssh:notty
There were 23 failed login attempts since the last successful login.
[admin@company-dom0-2 ~]$ exit
logout

IPSI Sanity Errors Gotcha


Had bit of a gotcha moment which caught me out and took a little longer than I would have liked to resolve.

The customer was experiencing the whole port network reset but from the logs we were seeing sanity errors, they investigated the network and found nothing. I replaced the IPSI board, cable and adapter but no change and we reached a stalemate both thinking it was each other. In the event we run a wireshark trace on the port but that came to nothing.

By accident while searching the Avaya site for IPSI related issues I came across an old Avaya PSN1380u issued back in 2007. In affect a momentary power shutdown can be caused when CM performs Test 51 Ring Application Test on TN2215 boards.

The resolution is to either install an additional TN2215 in the rack, replace it with a TN2215 vintage 18 or higher or replace the power supplies with units without the DT in the serial number. In this case the analogue TN2215 card which was at vintage 15, along with the 655A power supply’s having DT serial numbers.

I busied out the analogue board and disabled test 51 as a temporary measure and it stopped.

Analogue Board
01A08    ANALOG LINE             TN2215   000015

Power Supplies
01A00     08DT50664809   Power Unit 655A Rev 01 700381452   1.12
01A15     08DT37555245   Power Unit 655A Rev 01 700381452   1.12

Reset Weblm Password


Reset weblm password on AES,

Create staging area and extract original .war file:

mkdir /tmp/WebLMwar
cp /usr/share/tomcat-5.5.9/webapps/WebLM.war /tmp/WebLMwar/
cd /tmp/WebLMwar/
jar xvf WebLM.war

Verify and backup old User.xml

cat /usr/share/tomcat-5.5.9/webapps/WebLM/admin/Users.xml
cp /usr/share/tomcat-5.5.9/webapps/WebLM/admin/Users.xml /tmp/WebLMwar/Users.xml.bkup
cp /usr/share/tomcat-5.5.9/webapps/WebLM/admin/Users.xml /usr/share/tomcat-5.5.9/webapps/WebLM/admin/Users.xml.bkup

verify new file:

cat admin/Users.xml

Overwrite, verify, and change permission old/new file:

cp admin/Users.xml /usr/share/tomcat-5.5.9/webapps/WebLM/admin/Users.xml
cat /usr/share/tomcat-5.5.9/webapps/WebLM/admin/Users.xml
chmod 666 /usr/share/tomcat-5.5.9/webapps/WebLM/admin/Users.xml
ls -la /usr/share/tomcat-5.5.9/webapps/WebLM/admin/Users.xml

cleanup:

cd ..
rm -R WebLMwar/
rm WebLM.war
ls -la

System Manager Resetting The Password


Log in via putty to system manager using admin/admin (default)

[admin@SMGR-01 account]# su – root

enter the root password (default root/root01)

[root@SMGR-01 ~]# groupadd -g 600 securityadmin

[root@SMGR-01 ~]# groups admin

admin : admin

[root@SMGR-01 ~]# usermod -aG securityadmin admin

[root@SMGR-01 ~]# groups admin

admin : admin securityadmin

[root@SMGR-01 ~]#

In your web browser enter the system manager address 10.x.x.x/smgr

Log with your admin password (default admin / admin) you will get a security message ignore it and change the web address to https://10.x.x.x/passwordReset/

Change your password to something simple like admin01 as you will need to change it again.

Now close your browser and open it againg and goto your system manager web address 10.x.x.x/smgr

** SMGR 6.3 : It appears in System Manager 6.3 you may need to http://10.x.x.x/local-login instead of the procedure above**

Click the reset password link in the bottom right and change the password making note of the password rules.

Login to 1system manager with you new password 10.x.x.x/smgr and you should now be able to access.

Finally go back to the shell and clean up

[root@SMGR-01 ~]# groupdel securityadmin

[root@SMGR-01 ~]# groups admin

admin : admin

All finished you can now exit.