*
News: SMF - Just Installed!


Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

FSM root account reset password? 10200

Super Newbie Posts: 37 Karma: +0/-0 *
FSM root account reset password?
« on: September 04, 2014, 03:09:16 AM »
Dear all,

My customer currently experience with root account login of FSM. For some reason to fix Dynamic LPAR bug fix configuration of FSM they need to login to root account and make some command to check, but when they got no luck with using password which is set for USERID in initial setup wizard. Do anyone know how to reset root password? Can we use the following command without -o option to bypass old password?

smcli chuserpwd [-v] {-u user_name}{-o existing_password}{-p new_password}
Super Newbie Posts: 35 Karma: +3/-0 *
Re: FSM root account reset password?
« Reply #1 on: September 04, 2014, 01:16:17 PM »

I am so sorry for your loss :-(

You weren't entirely clear on how they were trying to login as root, so I'll start with some basic stuff  (that I learned the hard way).

First of all, IBM ONLY supports getting to root by going through the "pe" account, and NOT as logging in ass root (like ssh root@FSM).  I don't like that at all, IMHO.


Steps for gaining root access:

1)  Log in as "pe" id:  pe

       ssh pe@<fsm_ip_address>

2) Run this command: lsconfig -v |grep UVMID

3) Contact IBM Support and tell them you need 7 days of pesh passwords.  They need to know the UVMID string.  Once you get that, then you can proceed to the next step.

4) Still logged in as "pe", run the following command: pesh UVMID_STRING
    For example, I would run: pesh 1234:4567:7890:abcd

5) At the password prompt, enter the password for the day.

6) This drops you into a regular, full access Linux command prompt.   However, this is still running as user "pe", not "root".

7) Run command: su

8) At the password prompt, enter the FSM System (root) password.
(this will be the original pe password used, when setting up FSM)
(IBM likes the default of "Passw0rd")

9) Root access achieved.


SAMPLE RETURN EMAIL FROM IBM WITH DAILY PASSWORDS FOLLOWS

Serial:  1234:4567:7890:abcd
Date               Password
----               --------
05/21/2014     5e555584
05/22/2014     255555bc
05/23/2014     c66666f3
05/24/2014     97777a52
05/25/2014     87777b16
05/26/2014     7777a99c
05/27/2014     bfb7777a


NOW, assuming you did all that, and you can't get a root shell, then you have a problem.  By IBM's design, you can't run the
smcli chuserpwd  without knowing what the root password already is.

Also, if there were "Special characters" in the root password, they may NOT have properly put into the stored&encrypted root password.  (Please see http://wsscanlan.wordpress.com/2014/03/17/fsm-special-characters-not-invited/ for a general warning about that.)

So, if you CAN'T get root through the pe command, then you have a real problem, which may or may not be a horrible problem.  If you have support from IBM, you can call and ask them to help you reset the root password.  If they can do it, it will take 3-4 hours of work, and your FSM will be down for most of that time.  If you don't have support, the only way I've ever heard of is to reinstall the FSM from the recovery partition.  I've NEVER done that and it looks horrible to me.

Please let us know if this was helpful at all.

>>>>>>>>Ericw

Super Newbie Posts: 37 Karma: +0/-0 *
Re: FSM root account reset password?
« Reply #2 on: September 08, 2014, 04:26:54 AM »
Thanks for your reply. My customer said that they are in processing request 7 days of pesh passwords from IBM. I hope they dont have to reinstall FSM. As you said this is really disaster  :-\