Linux Base Password Reset

Procedure to reset (or change) the Linux Base root and/or admin2 password(s)

If you want to reset/change the Secure Domain admin password, refer to: UCM Password Reset.

Preamble:

If the Linux Base root and/or admin2 passwords are lost, locked out, or expired, use the following procedure to recover them.
This procedure requires the Linux Base System Installer media (USB flash drive), and direct TTY (or KVM) access.

Note: If not part of a working system, it's recommended to re-install the Linux Base instead.

Procedure steps:

1 Boot into the Linux Base System Installer...

Connect to the card via a serial (COM1) TTY cable (9600-8N1), and attach the Linux Base Install Flash USB drive.
Alternively, you can use a USB keyboard/mouse and VGA monitor (KVM) attached to the CPDC face plate.

Press the cards reset button
Press f to launch the Boot Manager
Down arrow to select the USB Flash drive, and press enter

f is pressed. Go to Boot Manager.
--------------------------------------------------------------------------------
|                                Boot Manager                                  |
--------------------------------------------------------------------------------

  Boot Option Menu

   ST9160412AS
   FLASH   Drive UT_USB20

  ▲ and ▼ to change option, ENTER to select an option, ESC to exit

2 At the boot: prompt, type recovery-com1 (or recovery-kvm if using a USB keyboard and monitor)

        Welcome to the CS 1000 Linux Base System Installer

- To install via a serial console on COM1, type com1 <ENTER>.
- To install via NFS network boot on COM1, type com1-nfs <ENTER>.
  All input and output will be directed to the COM1 serial port. The system
  console will be permanently installed on COM1.

Warning: kvm install is only supported on CPDC and COTS platforms.
- To install via an attached keyboard/monitor/mouse, type kvm <ENTER>.
- To install via NFS network boot on KVM, type kvm-nfs <ENTER>.
  All input and output will be directed to the attached keyboard/monitor/mouse.
  During installation, you will be given the opportunity to permanently
  install the system console on a user specified serial port. If you choose
  not to, the system console will be permanently installed on the attached
  keyboard/monitor/mouse.

       ***The default is --- com1***.
boot: recovery-com1

Red Hat will load, and after a short delay, the Recovery Console will display:

Recovery Console: Please, be careful. You may break your system.

 You may choose to do one of the following:
 1) Boot loader recovery
 2) Password recovery
 3) Check installation media
 4) Log files inspection
 5) Recovery shell
 6) Check file system
 7) Reboot system
Select an option (1-7):2

3 Select 2) Password recovery, then select the username you want to reset:

Password recovery:
 You may change password one of the following users:

 1) root
 2) admin2
 3) exit

Select an option (1-3):2

4 Enter, and re-enter a new password...

Changing password for user admin2.

You can now choose the new password.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use an 8 character long
password with characters from all of these classes.  An upper
case letter that begins the password and a digit that ends it do
not count towards the number of character classes used.

Enter new password:
Re-type new password:

When successful, the following will display

passwd: all authentication tokens updated successfully.

User password has been changed successfully!
Press <Enter> to continue:

5 Press <Enter>, and then 7) Reboot system

Recovery Console: Please, be careful. You may break your system.

 You may choose to do one of the following:
 1) Boot loader recovery
 2) Password recovery
 3) Check installation media
 4) Log files inspection
 5) Recovery shell
 6) Check file system
 7) Reboot system
Select an option (1-7):7

Would you like to reboot system now? (Y/N) [N]? y
Running reboot...

6 Login to the Command Line Interface (CLI) to confirm the new password works. Type ifconfig to display the E/TLAN IP's.

Remember to disable password ageing (must login as root):

# passwd root -x -1 and
# passwd nortel -x -1

Refer to Linux Password Expiration for further details.

Note: Following a Linux Base password change/reset, it is recommended to unregister and then re-register the Call Server elements to the secure domain. In the Call Server, LD 117, perform the following:

=> Unregister UCMSecurity CS
=> Register UCMSecurity CS

Refer to UCM Registration Commands, and Check Registered Elements for more details.