AIX: Recovering A Lost Root Password On A P-Series LPAR, Using A NIM Server (c) Symmetric Web Sites, Inc. Author: Mark Hopkins Email Date: 03.24.2008 Ever had the need to reset your forgotten "root" password on an AIX server? Ever been frustrated by the lack of complete information on the subject? Well, stick around and we will walk you through one way (perhaps the best way) to recover from this problem. Article Index Background Assumptions / Requirements Procedure o Prepare the NIM Server o Shutdown the LPAR o Boot the LPAR in SWS (Service Mode) o Boot Single-User Mode from the NIM o Reset the Password o Verify the Results Conclusion Printing Background One day, while performing my normal administrative duties on UNIX servers, I found that I could not log into a server as the "root" user. So, after trying every possible password that we could think of, we found ourselves without "root" access. Hmmmmmm, I thought, what an unusual problem. Yeah right; in the crazy world of IT, this problem is more common than you might think. Well, after looking for information on the topic, we found what we needed on IBM's web site. However, as usual, the article presumed a certain level of knowledge, that fortunately we had. We realize that not everyone may not always have this knowledge, so once again we will elaborate. We also wanted to document this procedure for ourselves, in the event we had to perform this quickly in the future. Another good result of such documentation is that it can be used to train other UNIX systems administrators so that they can react quickly to this
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
AIX: Recovering A Lost Root Password On A P-Series LPAR, Using A NIM Server
(c) Symmetric Web Sites, Inc.
Author: Mark Hopkins Email Date: 03.24.2008
Ever had the need to reset your forgotten "root" password on an AIX server? Ever been frustrated by the lack of complete information on the subject? Well, stick around and we will walk you through one way (perhaps the best way) to recover from this problem.
Article Index Background Assumptions / Requirements Procedure
o Prepare the NIM Server o Shutdown the LPAR o Boot the LPAR in SWS (Service Mode) o Boot Single-User Mode from the NIM o Reset the Password o Verify the Results
Conclusion Printing
Background
One day, while performing my normal administrative duties on UNIX servers, I found that I could not log into a server as the "root" user. So, after trying every possible password that we could think of, we found ourselves without "root" access. Hmmmmmm, I thought, what an unusual problem. Yeah right; in the crazy world of IT, this problem is more common than you might think. Well, after looking for information on the topic, we found what we needed on IBM's web site. However, as usual, the article presumed a certain level of knowledge, that fortunately we had. We realize that not everyone may not always have this knowledge, so once again we will elaborate. We also wanted to document this procedure for ourselves, in the event we had to perform this quickly in the future. Another good result of such documentation is that it can be used to train other UNIX systems administrators so that they can react quickly to this problem.
Assumptions / Requirements
For this article the assumptions might be a bit obvious. We assume that you have solid AIX experience as well as pSeries LPAR and NIM (Network Installation Management) server experience. Certainly all of this knowledge is necessary from conceptional standpoint is absolutely necessary. Technical requirements are as follows:
Access to the AIX server console. We are using the Web-based System Manager". "Root" access.
A NIM server with "root" access. Web-Based System Manager Remote Client is installed on your workstation.
An SSH terminal emulation package. We are using PuTTY.Procedure
Now that we have laid the groundwork, let's get going with the actual steps.
Prepare the NIM Server Single-User access to an AIX system can be attained by booting form CDROM or from a NIM server. If using a NIM server as we are, steps must be taken to "allow" the maintenance boot. This is perhaps a security issue and this maintenance boot is granted as one-time only. If another boot is required, another NIM server preparation must occur. The best way to allow a maintenance boot is by simply executing the following two commands, which (1) resets the current maintenance boot for the server with NIM, and (2) requests that the server (cjdvioa06) be allowed a maintenace boot using the NIM server.
# nim -o reset -a force=yes cjdvioa06 # nim -o maint_boot cjdvioa06
Shutdown the LPAR Log into your server, or LPAR as in our case, as shown here. This of course requires that you have successfully installed the Web-Based System Manager Remote Client on to your desktop.
Once the handshaking is complete, log in.
Depending on the speed of your network connection, the following could appear for what seems like forever.
Now expand the gui as shown and highlight the server of interest.
Right click on the highlighted server and select Shut Down Partition as shown here.
It seems best to allow the operating system the opportunity to shut down gracefully. Choose Operating System and click OK to continue.
After a few moments, you should see the following. Notice that the state is "Not Activated". The server is down.
Boot the LPAR in SWS (Service Mode) Once again right click on the highlighted partition. This time select Activate.
On the following screen we need to click Open a terminal window.... and then click the Advanced button.
Select SMS as our Boot mode and then click OK to continue.
Click OK to boot the system in maintenance mode.
Boot Single-User Mode from the NIM Very shortly you should see the following screen. Select 5 and carriage return to begin the laborious process of booting single-user mode.
Enter a 1 and a carriage return to continue.
We are booting over the network so enter a 6 and a carriage return to continue.
Here you simply need to know which adapter is connected to your NIM server network. Ours is 2 as we have entered, and a carriage return to continue.
Enter a 3 here for Service Mode Boot, and a carriage return to continue.
One last chance to abort, or enter a 1 to continue.
If withing a few moments, you see a screen like the following, all is well. "Packet Count" is always a good sign when network booting.
Here enter a 1 for VT100 mode.
Here enter a 1 for English.
Reset the Password We want to change a password. This invlolves a file (/etc/passwd) in the root volume group. We select 1 here to access rootvg.
Ignore the warning by entering 0 to continue.
Select the appropriate volume group. We currently only have one. Must be it!!!!
Chose 1 to mount the file systems and get shell access.
Now, change the password and resync the filesystems. The also reboot. Notice the account we are resetting the "padmin" account, not "root". This is because the server we are working on is a VIO server, and direct "root" access is not permitted. All login is performed as "padmin". This is irrelavent and you can feel free to substitute "root".
You should see the system rebooting as shown.
Reboot looks clean; time to proceed. All is well to this point. Almost finished.
Verify the Results Let's use PuTTY to make an ssh connection to the server. Notice that when we log in as "padmin" with our new password, we are immediately forced to change it again. This is something native to AIX; probably security-related. So we change it and we are granted access. Now we are finished.
Conclusion
We have now thoroughly explained this process, probably more so than anyone else. Hopefully we have solved your particular problem, but if not please feel free to drop us a line and we will address it as time allows.
Printing This Article
If you have trouble printing this article, be sure to set your browser Page Properties correctly. Go to File -> Page Setup and set your left and right margins to .125 inches.
Related Documents
