[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 597
  • Last Modified:

how can i change root password linux without knowing it but being logged in as root?

hello,

how can i change root password linux without knowing it but being logged in as root?
what I did:

system# passwd root
Changing password for root.
Enter login(LDAP) password: "currentpassword"
New Password: "rootroot DELTE CTRL+C I don't know what I did"
Bad password: too short
Reenter New Password: CTRL+C ENTER
LDAP password information changed for root

Now the problem is I don't know the root password but I can connect as root on another server and then ssh to this.
A little help please!
Thank you!
0
lyncks
Asked:
lyncks
  • 5
  • 2
  • 2
  • +2
1 Solution
 
farzanjCommented:
Do you have the file /etc/slapd.conf? Can you open it?  Do you see the manager password in it?  You need access to your ldap and LDAP manager has a different password.  If you can change the root password using the LDAP manager's information, you can do it.

For a non LDAP system, you could simply type passwd and it would not have asked you anything.
0
 
farzanjCommented:
You have to log on to the LDAP server where you should have /etc/slapd.conf or you can also look for /etc/ldap.conf file.  It depends upon the type of LDAP server you have.
0
 
celazkonCommented:
Is it a physical server, or virtual? Easy option is to access the console and boot in single user mode
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
farzanjCommented:
@celazkon"

Are you sure going to single user mode would change the LDAP password for root?  How would it help if LDAP is not even connected?

The asker is asking about changing the root password given that he doesn't have the existing password.  He already has the root prompt which is what you would get going to single user mode.  But to change the LDAP password, he should come the LDAP route, IMHO.
0
 
Hugh McCurdyCommented:
Can you boot to single user mode or otherwise use an alternate boot and mount the partition that contains /etc ?

If you can do that, I'd make backup copies of /etc/shadow and /etc/passwd and then clear out the password fields.
0
 
Dave HoweCommented:
if you are logged in as root, then just passwd will do.

if you don't log in as root, but have sudo rights, then sudo su - will get you logged in as root, THEN you can run passwd

one of the peculiarities of account 0 is that it doesn't ask for the old password in passwd, even if its changing password for root.
0
 
farzanjCommented:
I think what every one is ignoring is the fact that the root password is also stored in LDAP.  Whenever I implemented LDAP, I kept root an exception but some people centralize that as well.  

With LDAP you cannot change even root password without knowing the current password even if you are root.
0
 
Hugh McCurdyCommented:
0
 
celazkonCommented:
@farzani

Your right, I didn't realize that the user needs to change the centrally managed root account's password. My suggestion is of course valid only for local root.
0
 
farzanjCommented:
Thanks Celazkon

I still believe the right way is to access through the config files of ldap server.  It frequently contains server password and with that you should be able to change the root password in the ldap
0
 
lyncksAuthor Commented:
Hello,
Sorry for the delayed answer, being afk but working. The problem was solved that day without seeing your responses, with support's help :( but after many cruel hours. The main problem was that passwd didn't take into consideration CTRL+C (the system is running a modified linux).
Bellow it's the procedure applied:
 
2. As root user, edit file /etc/openldap/slapd.conf:

> vi /etc/openldap/slapd.conf

Remove the comment from the beginning of line 76: rootpw "password"

Save the file.

3. Find the slapd process and kill it:

> ps -ef | grep slapd

> kill <found process id>


Note: The slapd process restarts immediately, it can be checked with a repeated "ps -ef | grep slapd".

 

4. You can now change the LDAP password of the root user using the password from the slapd.conf file (in step 2):

> passwd --cluster root

Changing cluster password for "root".

New password: <enter a new password>

Re-enter new password: <re-enter the new password>

Enter LDAP Password: <enter here the rootpw password from the /etc/openldap/slapd.conf file>

Cluster password of "root" has been changed.

5. Edit the /etc/openldap/slapd.conf, and comment out the line 76:

# rootpw "password"

Save the file.
6. Find the slapd process and kill it:

> ps -ef | grep slapd

> kill <found process id>

 
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 5
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now