Solved

Unable to unlock account on VSP-7254

  • 16 February 2021
  • 5 replies
  • 106 views

Hi,

Somehow the rw account has become locked on one of our VSPs and I can’t find any way to unlock it.

Logging in as rw I get the following:

Login: rw
Password: **************


The user rw account is disabled, please contact admin for enabling the account
1 2021-02-07T22:25:37.000+00:00 WMA_R2 CP1 - 0x001985a0 - 00000000 GlobalRouter ACLI WARNING Blocked unauthorized ACLI access

 

I am able to log as a different account with RWA permissions, but all I seem to be able to do to the rw account from there is change the password, which does not help.

Any ideas?

(Firmware is 8.0.8.0)

icon

Best answer by Paul A. Leroux 16 February 2021, 16:18

The “rwa” account is the highest level of admin control.  With the “rwa” user credentials you should be able to make all the changes you need to the other accounts.   

 

 

Someone probably entered in a “no password access-level rw”  to disable the account.

 

login as RWA and use the command “password access-level rw”


then ‘cli password rw read-write” to change the password back to whatever you want.

WARNING!!!:  Use extreme care that you are only changing the rw, ro accounts.   RWA accounts passwords can not be recovered and do require an Extreme GTAC ticket and you need a support contract. And the recovery requires a reboot. 

 

 

View original

This topic has been closed for comments

5 replies

Userlevel 5

Maybe like this ?:

Sbox-VSP7200-1:1(config)#% show cli username
=============================================================
UserName AccessLevel State Type
=============================================================
ro ro disable default
rw rw disable default
rwa rwa NA default
Sbox-VSP7200-1:1(config)#%
Sbox-VSP7200-1:1(config)#% password access-level rw
Sbox-VSP7200-1:1(config)#% show cli username
=============================================================
UserName AccessLevel State Type
=============================================================
ro ro disable default
rw rw enable default
rwa rwa NA default
Sbox-VSP7200-1:1(config)#%

 

Userlevel 6
Badge +1

Jon,

You can open a GTAC case, they’ll give you a temporary password to unlock the account.

Mig

Userlevel 5

The “rwa” account is the highest level of admin control.  With the “rwa” user credentials you should be able to make all the changes you need to the other accounts.   

 

 

Someone probably entered in a “no password access-level rw”  to disable the account.

 

login as RWA and use the command “password access-level rw”


then ‘cli password rw read-write” to change the password back to whatever you want.

WARNING!!!:  Use extreme care that you are only changing the rw, ro accounts.   RWA accounts passwords can not be recovered and do require an Extreme GTAC ticket and you need a support contract. And the recovery requires a reboot. 

 

 

Thanks - the command “password access-level rw”  re-enabled the account.

That is some unnecessarily obscure syntax!

Userlevel 5


That is some unnecessarily obscure syntax!

 

No CLI Is perfect.  I call it security through obscurity.


I can’t claim this, only an assumption.  But for security reasons someone probably decided not to have the CLI PASSWORD configurations in the running config.  If you can’t see the syntax you need to know the commands to make the changes.