Recover the root password without administrative access
Description:
If the root password is lost but you have access to an AppGate account with Admin Role access you should read Answer note Answer-0012 instead.
If both the root password and passwords to any user accounts with Admin Role access are lost this method may be used.
This method only works for AppGate Ax models which can boot from an USB stick.
Overview:
This is a rough picture of what you will have to do to recover the AppGate
- Download and prepare a bootable Open Solaris CD.
- Boot a PC with this CD (it won't harm the PC).
- Once Open Solaris is booted you'll run a command that creates a bootable USB stick (which you'll need naturally, 1Gb or more)
- Use the stick to boot the AppGate
- Either reset the password or repair the file system(s)
- Reboot normally
Detailed instructions
- Download and prepare a bootable Solaris CD. You'll find a suitable ISO image at this URL: http://www.genunix.org/distributions/belenix_site/binfiles/belenix0.6.1.iso Then use any CD-write software that can write an ISO to CD.
- Boot a PC from the CD. You may have to press F8 or F12 to select boot order or you might have to go into the BIOS to get the computer to boot from your CD. When presented with the boot loader (Sunny background) just select the first alternative. When prompted for which environment to use select command line.
- Once booted you log in with user root and password belenix. Plug in the USB stick and type 'usbdump'. Once the stick has been manufactured remove it and you can then reboot the PC.
- Plug the stick into one of the USB ports on the front of the AppGate Server and start it. Press F8 repeatedly once the fans goes into maximum regime and keep doing it until the BIOS ask your for boot media. Select Harddisks and then your USB stick.
During the USB boot you may need this:
- USB stick account: root
- USB stick password: belenix
When booting the USB, the Belenix Solaris will automatically try to find any Solaris file system on any hard disks and mount it.
So what happens at this point depends. Either you may get prompted with the USB root password because the AppGate file systems have were unmounted ungracefully or the boot continues smoothly.
In case it asks for password while booting you enter it and follow the instructions to recover the filesystem. After recovery you should reboot the from the USB again:
init 6
If the USB boot goes well you can login (see password above). If you can do:
cd /mnt/solaris1/etcthis means the AppGate root file system was mounted successfully. You can now move on to resetting the AppGate root password.
If you can't do the cd command you may need to repair the AppGate file system manually: Type the following command
fsck -y /dev/rdsk/c1d0s0 /dev/rdsk/c1d0s3Then reboot the computer again from the USB by typing
init 6
Resetting the AppGate root password
The root password is located in the /etc/shadow file in the AppGate system. On the USB booted system it will be /mnt/solaris1/etc/shadow. To edit the shadow file type:
vi shadowVi is an editor, you need to use the following keys:
- j move left
- k move right
- h move up
- l move down
- x delete the character where the cursor i located
init 6and unplug the USB.
The system should now boot as the normal AppGate system.
If you successfuly erased the root password and managed to login as root on your AppGate system you should set it to something more secure than the empty string. Use the command:
passwd.rootonly
Resetting the AppGate agadmin password
Because you have been doing this whole execise you have most likely lost the agadmin password as well. To reset password on any of the real AppGate system accounts you can use this command:
ag_passwd_util -s new-password agadminExchange the text new-password for a useful new password for the agadmin account or any other local account you have on this AppGate system.