Link to home
Create AccountLog in
Avatar of ddsvi
ddsviFlag for United States of America

asked on

Password Recovery for root in Solaris

I have Sun Solaris 9 running on a T2000 server.

root password has been changed and I need to do a password recovery.

I have booted to a Solaris 10 CD.
At the OK prompt I typed in "boot cdrom -s"
Then I get in and vi shadow. Remove the encrypted password so the line looks like:
root::6445::::::
I save it, do a cat shadow to verify it changed. Then I try to reboot with "init 6"

But it asks for the username and password and never lets me reset the password.

I have even done all the above, but instead of "init 6: i do a "init 0", then "boot cdrom -s" and I have tried just "boot -s".

boot -s asks for the root password to perform mainentance., when I boot to cdrom again. first thing I do is check "cat shadow" again, but the encrypted password is there again.

I go ahead and try to do "passwd root" but it errors out with permissions denied.

Any help would be appreciated.
Thanks
SOLUTION
Avatar of TRW-Consulting
TRW-Consulting
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of ddsvi

ASKER

Ok that worked, good call.

Now after I reset my root password and reboot the server. it keeps coming up to the
OK prompt.

How do I get it to start booting back to the correct place again?
You should be able to type 'boot disk' from there.
Avatar of ddsvi

ASKER

Attached is the printenv from OK.


{0} ok printenv
Variable Name           Value                          Default Value

ttya-rts-dtr-off        false                          false
ttya-ignore-cd          true                           true
keyboard-layout         US-English
reboot-command
security-mode           none                           No default
security-password                                      No default
security-#badlogins     0                              No default
verbosity               min                            min
pci-mem64?              false                          false
diag-switch?            false                          false
local-mac-address?      true                           true
fcode-debug?            false                          false
scsi-initiator-id       7                              7
oem-logo                                               No default
oem-logo?               false                          false
oem-banner                                             No default
oem-banner?             false                          false
ansi-terminal?          true                           true
screen-#columns         80                             80
screen-#rows            34                             34
ttya-mode               9600,8,n,1,-                   9600,8,n,1,-
output-device           virtual-console                virtual-console
input-device            virtual-console                virtual-console
auto-boot-on-error?     false                          false
load-base               16384                          16384
auto-boot?              true                           true
network-boot-arguments
boot-command            boot                           boot
boot-file
boot-device             disk net                       disk net
multipath-boot?         false                          false
boot-device-index       0                              0
use-nvramrc?            false                          false
nvramrc
error-reset-recovery    boot                           boot

Open in new window

Avatar of ddsvi

ASKER

I have tried boot disk
Here is what I get
AAA-1-sc> console -f
Enter #. to return to ALOM.

{0} ok boot disk

SC Alert: Host System has Reset

SC Alert: CRITICAL ALARM is set
\

Netra T2000, No Keyboard
Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
OpenBoot 4.30.4, 8064 MB memory available, Serial #89115142.
Ethernet address 0:21:28:4f:ca:6, Host ID: 854fca06.



Boot device: /pci@780/pci@0/pci@9/scsi@0/disk@1  File and args:
|
Warning: Fcode sequence resulted in a net stack depth change of 1

The file just loaded does not appear to be executable.
{0} ok

Open in new window

"No Keyboard"?  Possible hardware problem maybe?

If that's not it, then you would have to suspect the change you made  earlier.  Hopefully you didn't mess up the shadow file when you edited it.  Boot up on the CDROM, remount it, and take a look at it to make sure.
Avatar of ddsvi

ASKER


# cat shadow
root:NP:6445::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
#

Open in new window

Avatar of ddsvi

ASKER

No I just dont have a keyboard connected to the server. I am connecting to the server via the ALOM network port.
I don't know if I can help you with the boot problem.  Did it boot before you changed the 'shadow' file?

But by having 'NP' in the password field means you can't login as 'root'.   You need to leave that blank:

root::6445::::::

And then give it a password as soon as you get logged on.

Maybe that would have something to do with the boot problem, but I doubt it.
Avatar of ddsvi

ASKER

Sorry I wasnt in the right directory when I did the cat. Here you go
# cat shadow
root:VrJ7ECVccG/og:14924::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
widespan:5ZH6rHeisk7bA:14644::::::
oracle:SbxJ1zDTX5A4A:14644::::::
#

Open in new window

It looks like you still have a password for root. You need to remove those 13 characters in field 2 and leave it empty if you're trying to remove root's password.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of ddsvi

ASKER

Not sure if I should run this or not: fsck -F ufs /dev/md/rdsk/d0
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of ddsvi

ASKER

it comes up with a lot of questions. Not sure how to answer them

PARTIALLY TRUNCATED INODE I=5105
SALVAGE? Y

INCORRECT DISK BLOCK COUNT I=5105 (121088 should be 57136)
CORRECT?

FRAGMENT 20096 DUP I=5618 LFN 8
FRAGMENT 20097 DUP I=5618 LFN 9
FRAGMENT 20098 DUP I=5618 LFN 10
FRAGMENT 20099 DUP I=5618 LFN 11
FRAGMENT 20100 DUP I=5618 LFN 12
FRAGMENT 20101 DUP I=5618 LFN 13
FRAGMENT 20102 DUP I=5618 LFN 14
FRAGMENT 20103 DUP I=5618 LFN 15
FRAGMENT 20104 DUP I=5618 LFN 16
FRAGMENT 20105 DUP I=5618 LFN 17
EXCESSIVE DUPLICATE FRAGMENTS I=5618
CONTINUE?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Wow, that was some dirty file system (no pun intended :-) ... glad to hear you got it working though.
Avatar of ddsvi

ASKER

everything is back up and running