Linux Base Password Reset
Procedure to reset (or change) the Linux Base root and/or admin2 password(s)
If you want to reset/change the Secure Domain admin password, refer to: UCM Password Reset.
Preamble:
If the Linux Base root and/or admin2 passwords are lost, locked out, or expired, use the following procedure to recover them.
This procedure requires the Linux Base System Installer media (USB flash drive), and direct TTY (or KVM) access.
Procedure steps:
1 Boot into the Linux Base System Installer...
Connect to the card via a serial (COM1) TTY cable (9600-8N1), and attach the Linux Base Install Flash USB drive.
Alternively, you can use a USB keyboard/mouse and VGA monitor (KVM) attached to the CPDC face plate.
- Press the cards reset button
- Press f to launch the Boot Manager
- Down arrow to select the USB Flash drive, and press enter
f is pressed. Go to Boot Manager. -------------------------------------------------------------------------------- | Boot Manager | -------------------------------------------------------------------------------- Boot Option Menu ST9160412AS FLASH Drive UT_USB20 ▲ and ▼ to change option, ENTER to select an option, ESC to exit
2 At the boot: prompt, type recovery-com1 (or recovery-kvm if using a USB keyboard and monitor)
Welcome to the CS 1000 Linux Base System Installer - To install via a serial console on COM1, type com1 <ENTER>. - To install via NFS network boot on COM1, type com1-nfs <ENTER>. All input and output will be directed to the COM1 serial port. The system console will be permanently installed on COM1. Warning: kvm install is only supported on CPDC and COTS platforms. - To install via an attached keyboard/monitor/mouse, type kvm <ENTER>. - To install via NFS network boot on KVM, type kvm-nfs <ENTER>. All input and output will be directed to the attached keyboard/monitor/mouse. During installation, you will be given the opportunity to permanently install the system console on a user specified serial port. If you choose not to, the system console will be permanently installed on the attached keyboard/monitor/mouse. ***The default is --- com1***. boot: recovery-com1
Red Hat will load, and after a short delay, the Recovery Console will display:
Recovery Console: Please, be careful. You may break your system. You may choose to do one of the following: 1) Boot loader recovery 2) Password recovery 3) Check installation media 4) Log files inspection 5) Recovery shell 6) Check file system 7) Reboot system Select an option (1-7):2
3 Select 2) Password recovery, then select the username you want to reset:
Password recovery: You may change password one of the following users: 1) root 2) admin2 3) exit Select an option (1-3):2
4 Enter, and re-enter a new password...
Changing password for user admin2. You can now choose the new password. A valid password should be a mix of upper and lower case letters, digits, and other characters. You can use an 8 character long password with characters from all of these classes. An upper case letter that begins the password and a digit that ends it do not count towards the number of character classes used. Enter new password: Re-type new password:
When successful, the following will display
passwd: all authentication tokens updated successfully. User password has been changed successfully! Press <Enter> to continue:
5 Press <Enter>, and then 7) Reboot system
Recovery Console: Please, be careful. You may break your system. You may choose to do one of the following: 1) Boot loader recovery 2) Password recovery 3) Check installation media 4) Log files inspection 5) Recovery shell 6) Check file system 7) Reboot system Select an option (1-7):7
Would you like to reboot system now? (Y/N) [N]? y Running reboot...
6 Login to the Command Line Interface (CLI) to confirm the new password works. Type ifconfig to display the E/TLAN IP's.
Remember to disable password ageing (must login as root):
- #
passwd root -x -1
and - #
passwd nortel -x -1
Refer to Linux Password Expiration for further details.
Note: Following a Linux Base password change/reset, it is recommended to unregister and then re-register the Call Server elements to the secure domain. In the Call Server, LD 117, perform the following:
- =>
Unregister UCMSecurity CS
- =>
Register UCMSecurity CS
Refer to UCM Registration Commands, and Check Registered Elements for more details.