Password Recovery for root in Solaris
I have Sun Solaris 9 running on a T2000 server.
root password has been changed and I need to do a password recovery.
I have booted to a Solaris 10 CD.
At the OK prompt I typed in "boot cdrom -s"
Then I get in and vi shadow. Remove the encrypted password so the line looks like:
root::6445::::::
I save it, do a cat shadow to verify it changed. Then I try to reboot with "init 6"
But it asks for the username and password and never lets me reset the password.
I have even done all the above, but instead of "init 6: i do a "init 0", then "boot cdrom -s" and I have tried just "boot -s".
boot -s asks for the root password to perform mainentance., when I boot to cdrom again. first thing I do is check "cat shadow" again, but the encrypted password is there again.
I go ahead and try to do "passwd root" but it errors out with permissions denied.
Any help would be appreciated.
Thanks
root password has been changed and I need to do a password recovery.
I have booted to a Solaris 10 CD.
At the OK prompt I typed in "boot cdrom -s"
Then I get in and vi shadow. Remove the encrypted password so the line looks like:
root::6445::::::
I save it, do a cat shadow to verify it changed. Then I try to reboot with "init 6"
But it asks for the username and password and never lets me reset the password.
I have even done all the above, but instead of "init 6: i do a "init 0", then "boot cdrom -s" and I have tried just "boot -s".
boot -s asks for the root password to perform mainentance., when I boot to cdrom again. first thing I do is check "cat shadow" again, but the encrypted password is there again.
I go ahead and try to do "passwd root" but it errors out with permissions denied.
Any help would be appreciated.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should be able to type 'boot disk' from there.
ASKER
Attached is the printenv from OK.
{0} ok printenv
Variable Name Value Default Value
ttya-rts-dtr-off false false
ttya-ignore-cd true true
keyboard-layout US-English
reboot-command
security-mode none No default
security-password No default
security-#badlogins 0 No default
verbosity min min
pci-mem64? false false
diag-switch? false false
local-mac-address? true true
fcode-debug? false false
scsi-initiator-id 7 7
oem-logo No default
oem-logo? false false
oem-banner No default
oem-banner? false false
ansi-terminal? true true
screen-#columns 80 80
screen-#rows 34 34
ttya-mode 9600,8,n,1,- 9600,8,n,1,-
output-device virtual-console virtual-console
input-device virtual-console virtual-console
auto-boot-on-error? false false
load-base 16384 16384
auto-boot? true true
network-boot-arguments
boot-command boot boot
boot-file
boot-device disk net disk net
multipath-boot? false false
boot-device-index 0 0
use-nvramrc? false false
nvramrc
error-reset-recovery boot boot
ASKER
I have tried boot disk
Here is what I get
Here is what I get
AAA-1-sc> console -f
Enter #. to return to ALOM.
{0} ok boot disk
SC Alert: Host System has Reset
SC Alert: CRITICAL ALARM is set
\
Netra T2000, No Keyboard
Copyright 2009 Sun Microsystems, Inc. All rights reserved.
OpenBoot 4.30.4, 8064 MB memory available, Serial #89115142.
Ethernet address 0:21:28:4f:ca:6, Host ID: 854fca06.
Boot device: /pci@780/pci@0/pci@9/scsi@0/disk@1 File and args:
|
Warning: Fcode sequence resulted in a net stack depth change of 1
The file just loaded does not appear to be executable.
{0} ok
"No Keyboard"? Possible hardware problem maybe?
If that's not it, then you would have to suspect the change you made earlier. Hopefully you didn't mess up the shadow file when you edited it. Boot up on the CDROM, remount it, and take a look at it to make sure.
If that's not it, then you would have to suspect the change you made earlier. Hopefully you didn't mess up the shadow file when you edited it. Boot up on the CDROM, remount it, and take a look at it to make sure.
ASKER
# cat shadow
root:NP:6445::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
#
ASKER
No I just dont have a keyboard connected to the server. I am connecting to the server via the ALOM network port.
I don't know if I can help you with the boot problem. Did it boot before you changed the 'shadow' file?
But by having 'NP' in the password field means you can't login as 'root'. You need to leave that blank:
root::6445::::::
And then give it a password as soon as you get logged on.
Maybe that would have something to do with the boot problem, but I doubt it.
But by having 'NP' in the password field means you can't login as 'root'. You need to leave that blank:
root::6445::::::
And then give it a password as soon as you get logged on.
Maybe that would have something to do with the boot problem, but I doubt it.
ASKER
Sorry I wasnt in the right directory when I did the cat. Here you go
# cat shadow
root:VrJ7ECVccG/og:14924::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
widespan:5ZH6rHeisk7bA:14644::::::
oracle:SbxJ1zDTX5A4A:14644::::::
#
It looks like you still have a password for root. You need to remove those 13 characters in field 2 and leave it empty if you're trying to remove root's password.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not sure if I should run this or not: fsck -F ufs /dev/md/rdsk/d0
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it comes up with a lot of questions. Not sure how to answer them
PARTIALLY TRUNCATED INODE I=5105
SALVAGE? Y
INCORRECT DISK BLOCK COUNT I=5105 (121088 should be 57136)
CORRECT?
FRAGMENT 20096 DUP I=5618 LFN 8
FRAGMENT 20097 DUP I=5618 LFN 9
FRAGMENT 20098 DUP I=5618 LFN 10
FRAGMENT 20099 DUP I=5618 LFN 11
FRAGMENT 20100 DUP I=5618 LFN 12
FRAGMENT 20101 DUP I=5618 LFN 13
FRAGMENT 20102 DUP I=5618 LFN 14
FRAGMENT 20103 DUP I=5618 LFN 15
FRAGMENT 20104 DUP I=5618 LFN 16
FRAGMENT 20105 DUP I=5618 LFN 17
EXCESSIVE DUPLICATE FRAGMENTS I=5618
CONTINUE?
PARTIALLY TRUNCATED INODE I=5105
SALVAGE? Y
INCORRECT DISK BLOCK COUNT I=5105 (121088 should be 57136)
CORRECT?
FRAGMENT 20096 DUP I=5618 LFN 8
FRAGMENT 20097 DUP I=5618 LFN 9
FRAGMENT 20098 DUP I=5618 LFN 10
FRAGMENT 20099 DUP I=5618 LFN 11
FRAGMENT 20100 DUP I=5618 LFN 12
FRAGMENT 20101 DUP I=5618 LFN 13
FRAGMENT 20102 DUP I=5618 LFN 14
FRAGMENT 20103 DUP I=5618 LFN 15
FRAGMENT 20104 DUP I=5618 LFN 16
FRAGMENT 20105 DUP I=5618 LFN 17
EXCESSIVE DUPLICATE FRAGMENTS I=5618
CONTINUE?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Wow, that was some dirty file system (no pun intended :-) ... glad to hear you got it working though.
ASKER
everything is back up and running
ASKER
Now after I reset my root password and reboot the server. it keeps coming up to the
OK prompt.
How do I get it to start booting back to the correct place again?