Header Only - DO NOT REMOVE - Extreme Networks

DFE 'set system login' command with "Password must be in encrypted format." error


Userlevel 3
Article ID: 10316

Products
Matrix N-Series DFE, firmware 6.01.01.0020 and higher

Changes
Issued the 'set system login...' command using the "password" option.

Symptoms
"Password must be in encrypted format. Set was unsuccessful."

Cause
New options have been added to the 'set system login' command. Here is a comparison of the old and new command formats:Through 5.x: set system login username {super-user | read-write | read-only} {enable | disable}

6.x and higher: set system login username {super-user | read-write | read-only} {enable | disable}
[password password] [allowed-interval HH:MM HH:MM]
[allowed-days {[Sun] [Mon] [Tue] [Wed] [Thu] [Fri] [Sat]}]
[local-only {yes | no}][/code]
Historically, one would use the 'set system login' command to create a new user account, and then use the 'set password' command to set the password for the new account.

Now, given the new options of the 'set system login' command, it would appear that the administrator has the option of shortening this process into one step. However, an attempt to specify the username and password in one operation results in an error message, as shown in the following example:
    DFE(su)->set system login jdoe super-user enable password hello1234 Password must be in encrypted format. Set was unsuccessful. DFE(su)->[/code]
The Configuration Guide states, in describing the use of the "password" option:
"Specifies the encrypted password for this user account.
NOTE: This option is intended only for use in configurations generated by the show config command."

In other words, after the administrator employs the 'set system login' command to create a user account and the 'set password' command to set the user's password, the output of a 'show config' command will display the results utilizing the enhanced options of the 'set system login' command; as shown in the following example:
    DFE(su)->set system login jdoe super-user enable DFE(su)->set password jdoe Please enter new password: Please re-enter new password: Password changed. DFE(su)->show config system This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! # system set system login jdoe super-user enable password :e1b608274fc8250ff1e93b6e6145b2 0acf612c87: ! end DFE(su)->[/code]

Solution/Workaround

When configuring a user name with the 'set system login' command, do not use the "password" option available with 6.x and higher firmware. Instead, use the traditional 'set password' command to set the user's password after the user's account has been created.

0 replies

Be the first to reply!

Reply