Solved

Password Recovery for root in Solaris

Posted on 2010-11-10
19
1,587 Views
Last Modified: 2012-08-14
I have Sun Solaris 9 running on a T2000 server.

root password has been changed and I need to do a password recovery.

I have booted to a Solaris 10 CD.
At the OK prompt I typed in "boot cdrom -s"
Then I get in and vi shadow. Remove the encrypted password so the line looks like:
root::6445::::::
I save it, do a cat shadow to verify it changed. Then I try to reboot with "init 6"

But it asks for the username and password and never lets me reset the password.

I have even done all the above, but instead of "init 6: i do a "init 0", then "boot cdrom -s" and I have tried just "boot -s".

boot -s asks for the root password to perform mainentance., when I boot to cdrom again. first thing I do is check "cat shadow" again, but the encrypted password is there again.

I go ahead and try to do "passwd root" but it errors out with permissions denied.

Any help would be appreciated.
Thanks
0
Comment
Question by:ddsvi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
19 Comments
 
LVL 10

Assisted Solution

by:TRW-Consulting
TRW-Consulting earned 500 total points
ID: 34109005
I suspect you are not mounting the root filesystem after you boot up on cdrom, and so you're just editing /etc/shadow, am I correct?  You will need to mount with something like this -- mount /dev/dsk/c0t0d0s0 /mnt

Then you can edit /mnt/etc/shadow, not /etc/shadow.

After editing it, umount /mnt and reboot.
0
 
LVL 4

Author Comment

by:ddsvi
ID: 34109066
Ok that worked, good call.

Now after I reset my root password and reboot the server. it keeps coming up to the
OK prompt.

How do I get it to start booting back to the correct place again?
0
 
LVL 10

Expert Comment

by:TRW-Consulting
ID: 34109156
You should be able to type 'boot disk' from there.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 4

Author Comment

by:ddsvi
ID: 34109158
Attached is the printenv from OK.


{0} ok printenv
Variable Name           Value                          Default Value

ttya-rts-dtr-off        false                          false
ttya-ignore-cd          true                           true
keyboard-layout         US-English
reboot-command
security-mode           none                           No default
security-password                                      No default
security-#badlogins     0                              No default
verbosity               min                            min
pci-mem64?              false                          false
diag-switch?            false                          false
local-mac-address?      true                           true
fcode-debug?            false                          false
scsi-initiator-id       7                              7
oem-logo                                               No default
oem-logo?               false                          false
oem-banner                                             No default
oem-banner?             false                          false
ansi-terminal?          true                           true
screen-#columns         80                             80
screen-#rows            34                             34
ttya-mode               9600,8,n,1,-                   9600,8,n,1,-
output-device           virtual-console                virtual-console
input-device            virtual-console                virtual-console
auto-boot-on-error?     false                          false
load-base               16384                          16384
auto-boot?              true                           true
network-boot-arguments
boot-command            boot                           boot
boot-file
boot-device             disk net                       disk net
multipath-boot?         false                          false
boot-device-index       0                              0
use-nvramrc?            false                          false
nvramrc
error-reset-recovery    boot                           boot

Open in new window

0
 
LVL 4

Author Comment

by:ddsvi
ID: 34111291
I have tried boot disk
Here is what I get
AAA-1-sc> console -f
Enter #. to return to ALOM.

{0} ok boot disk

SC Alert: Host System has Reset

SC Alert: CRITICAL ALARM is set
\

Netra T2000, No Keyboard
Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
OpenBoot 4.30.4, 8064 MB memory available, Serial #89115142.
Ethernet address 0:21:28:4f:ca:6, Host ID: 854fca06.



Boot device: /pci@780/pci@0/pci@9/scsi@0/disk@1  File and args:
|
Warning: Fcode sequence resulted in a net stack depth change of 1

The file just loaded does not appear to be executable.
{0} ok

Open in new window

0
 
LVL 10

Expert Comment

by:TRW-Consulting
ID: 34111812
"No Keyboard"?  Possible hardware problem maybe?

If that's not it, then you would have to suspect the change you made  earlier.  Hopefully you didn't mess up the shadow file when you edited it.  Boot up on the CDROM, remount it, and take a look at it to make sure.
0
 
LVL 4

Author Comment

by:ddsvi
ID: 34112218

# cat shadow
root:NP:6445::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
#

Open in new window

0
 
LVL 4

Author Comment

by:ddsvi
ID: 34112226
No I just dont have a keyboard connected to the server. I am connecting to the server via the ALOM network port.
0
 
LVL 10

Expert Comment

by:TRW-Consulting
ID: 34112382
I don't know if I can help you with the boot problem.  Did it boot before you changed the 'shadow' file?

But by having 'NP' in the password field means you can't login as 'root'.   You need to leave that blank:

root::6445::::::

And then give it a password as soon as you get logged on.

Maybe that would have something to do with the boot problem, but I doubt it.
0
 
LVL 4

Author Comment

by:ddsvi
ID: 34112470
Sorry I wasnt in the right directory when I did the cat. Here you go
# cat shadow
root:VrJ7ECVccG/og:14924::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
widespan:5ZH6rHeisk7bA:14644::::::
oracle:SbxJ1zDTX5A4A:14644::::::
#

Open in new window

0
 
LVL 10

Expert Comment

by:TRW-Consulting
ID: 34113196
It looks like you still have a password for root. You need to remove those 13 characters in field 2 and leave it empty if you're trying to remove root's password.
0
 
LVL 4

Accepted Solution

by:
ddsvi earned 0 total points
ID: 34115567
Alright I am a little closer :P.

my Boot Archive got corrupt for whatever reason
Resolution:

ok  boot -F failsafe

Mount root to /a, then do:

bootadm update-archive -R /a




Now Server gets past ok prompt and now I get this error:
NOTICE: /: unexpected free inode 9503, run fsck(1M)
The / file system (/dev/md/rdsk/d0) is being checked.

WARNING - Unable to repair the / filesystem. Run fsck
manually (fsck -F ufs /dev/md/rdsk/d0).

Nov 11 20:30:32 svc.startd[7]: svc:/system/filesystem/usr:default: Method "/lib/svc/method/fs-usr" failed with exit status 95.
Nov 11 20:30:32 svc.startd[7]: system/filesystem/usr:default failed fatally: transitioned to maintenance (see 'svcs -xv' for details)
Requesting System Maintenance Mode
(See /lib/svc/share/README for more information.)
Console login service(s) cannot run

Root password for system maintenance (control-d to bypass):

Open in new window

0
 
LVL 4

Author Comment

by:ddsvi
ID: 34115575
Not sure if I should run this or not: fsck -F ufs /dev/md/rdsk/d0
0
 
LVL 10

Assisted Solution

by:TRW-Consulting
TRW-Consulting earned 500 total points
ID: 34115863
Oh absolutely, What other choice do you have?  And it shouldn't hurt anything, the worst it can do is say you have unrecoverable errors.
0
 
LVL 4

Author Comment

by:ddsvi
ID: 34115978
it comes up with a lot of questions. Not sure how to answer them

PARTIALLY TRUNCATED INODE I=5105
SALVAGE? Y

INCORRECT DISK BLOCK COUNT I=5105 (121088 should be 57136)
CORRECT?

FRAGMENT 20096 DUP I=5618 LFN 8
FRAGMENT 20097 DUP I=5618 LFN 9
FRAGMENT 20098 DUP I=5618 LFN 10
FRAGMENT 20099 DUP I=5618 LFN 11
FRAGMENT 20100 DUP I=5618 LFN 12
FRAGMENT 20101 DUP I=5618 LFN 13
FRAGMENT 20102 DUP I=5618 LFN 14
FRAGMENT 20103 DUP I=5618 LFN 15
FRAGMENT 20104 DUP I=5618 LFN 16
FRAGMENT 20105 DUP I=5618 LFN 17
EXCESSIVE DUPLICATE FRAGMENTS I=5618
CONTINUE?
0
 
LVL 10

Assisted Solution

by:TRW-Consulting
TRW-Consulting earned 500 total points
ID: 34116203
I would answer 'y' to everything.  If the questions are too numerous you can add the '-y' option to 'fsck' so that it will assume a 'y' response to every question.
0
 
LVL 4

Assisted Solution

by:ddsvi
ddsvi earned 0 total points
ID: 34122075
Well I finally got it fixed.

I did the fsck and when it was done it came back to the same spot. tried it a couple of times, eventually the server got in worse shape and got stuck back at the OK prompt. I then booted back tothe CD. But it would not let me mount the c0t1d0s0 any longer because it had to many errors.

So i ran fsck -y c0t1d0s0, then it rebooted and came back with the unexpected free inode errors.

So i ran fsck -y -F ufs /dev/md/rdsk/d0   again and this time it rebooted clean and booted all the way up. I am able to log in with root.

Went ahead and rebooted a couple more times just to make sure it was good.

Thanks for the help
0
 
LVL 10

Expert Comment

by:TRW-Consulting
ID: 34122154
Wow, that was some dirty file system (no pun intended :-) ... glad to hear you got it working though.
0
 
LVL 4

Author Closing Comment

by:ddsvi
ID: 34153323
everything is back up and running
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question