Password Recovery Procedure for the CNS Configuration Registrar

Document ID: 28960

|More

Downloads

Related Discussion

Introduction
Prerequisites
      Requirements
      Conventions
Step-by-Step Procedure
      Versions Prior to 1.2
      Version 1.2
      Version 1.3 and Later
Cisco Support Community - Featured Conversations
Related Information

Introduction

This document describes how to recover a password on a CNS Configuration Registrar.

Prerequisites

Requirements

To perform this procedure you must:

be connected to the IE 2100 appliance through the serial port (console).
determine a strong password, that cannot be easily guessed.

Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.

Step-by-Step Procedure

Versions Prior to 1.2

This procedure is only valid for appliances running earlier versions of the software. It requires that you first clear the password and enter a new one later.

Reboot the appliance. At boot time (on the console), you see a message instructing you to press Esc for a menu. The following menu appears:
```
Current Boot Device: SCSI Hard Disk 
1-Change boot order to Bootflash 
2-Exit without saving changes 
3-Save changes and exit 
```
Press 1 and configure the system to boot from the bootflash. Then, press 3 to boot it from the bootflash.
Once the machine is rebooted, you are running a tiny Linux system (as root), based in memory. You must mount the partition that contains the /etc directory (in this example the partition is the 11th on the first SCSI disk, but it may vary between versions):
```
[root@CiscoMaintImage /]# mount -t ext2 /dev/sda11 /mnt 
```
Once the partition is mounted, you must edit the file /mnt/etc/shadow to give the root no password. Using a file editor, edit the file and remove the second field in the line corresponding to the root account (if you are not familiar with an editor, ask your local UNIX administrator for help).

Change:
```
    root:$1$uukl7Gto$XHk5c42C6EH6Qn.0dBJFA1:12229:0:99999:7:-1:-1:134539580
```
To:
```
    root::12229:0:99999:7:-1:-1:134539580
```
Note: The second field in the shadow file contains an encrypted password. The value of this field may be different between two identical systems. Removing this field makes sure that there is no password configured for the root account.
Next, unmount the disk, as follows:
```
[root@CiscoMaintImage /]# unmount /mnt 
```
This assures that the changes are saved to the disk.
Reload the appliance by typing reboot or by pressing the reset button, and let the appliance boot normally.
When you are prompted for a user name, type root.
When prompted for the password, press Enter.
Once logged into the system, set a new strong password for the root to prevent unauthorized access. This can be done through the command passwd at the shell prompt:
```
sh-2.04# passwd
New UNIX password: 
Retype new UNIX password: 
passwd: all authentication tokens updated successfully
sh-2.04#
```

Version 1.2

The example shown here is password recovery on a IE 2100 version 1.2.

First, reboot the appliance. The console port displays messages stating that the system is shutting down. Once the appliance restarts, you get the boot prompt:
```
LILO 
boot:
```
Press the Tab key, and you see a list of all the images that are installed on the machine (usually, there is only one image installed). For the purposes of this document, assume that one of the images is called ie2100.
Boot the appliance in single user mode by typing the following at the prompt:
```
ie2100 single
```
The IE 2100 will boot in single user mode, and after the system initialization, you get a root prompt, without having to type in a username or password:
```
[... sys init messages ...]
Turning on user and group quotas for local filesystems:  [  OK  ]
Enabling swap space:  [  OK  ]
sh-2.04# 
```

At this prompt, type the command passwd and enter the new (strong) password for the root user:

sh-2.04# passwd
New UNIX password: 
Retype new UNIX password: 
passwd: all authentication tokens updated successfully
sh-2.04#

Once you change the password, type reboot.
When prompted for a name, type root.
When prompted for the password, type the new password.

Version 1.3 and Later

The example shown here is password recovery on a IE 2100 version 1.3 and later.

Reboot the appliance. The system shuts down, and restarts. Once the appliance restarts, you should see the following screen:
Press the key e to edit the boot parameters. The following screen is displayed:
Using the arrows, select the entry kernel /vmlinuz-2.4.18-17.7.x ro root=/dev/sda7 console=ttyS0,9600n8.
Press the key e to enter the editor.
Go to the end of the line, and add single after the parameter console=ttyS0,9600n8:
```
kernel /vmlinuz-2.4.18-17.7.x ro root=/dev/sda7 console=ttyS0,9600n8 single
```
Press Enter once you have added the parameter single (you may not see this parameter added to the previous screen due to screen size).

Note: This parameter tells the kernel to start in single user mode.
Press b to boot in single user mode. After the system initialization, you see a root prompt, without having to type in a username or password:
```
[... sys init messages ...]
Turning on user and group quotas for local filesystems:  [  OK  ]
Enabling swap space:  [  OK  ]
sh-2.04# 
```

At this prompt, type the command passwd and enter the new (strong) password for the root user:

sh-2.04# passwd
New UNIX password: 
Retype new UNIX password: 
passwd: all authentication tokens updated successfully
sh-2.04#

Once you change the password, type reboot, and let the machine boot normally.
When prompted for a name, type root.
When prompted for the password, type the new password.

Cisco Support Community - Featured Conversations

Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers. Below are just some of the most recent and relevant conversations happening right now.

Related Information

Updated: Oct 26, 2005

Document ID: 28960

Cisco Configuration Engine