02-16-2021 11:23 AM
Hi,
Somehow the rw account has become locked on one of our VSPs and I can’t find any way to unlock it.
Logging in as rw I get the following:
Login: rw
Password: **************
The user rw account is disabled, please contact admin for enabling the account
1 2021-02-07T22:25:37.000+00:00 WMA_R2 CP1 - 0x001985a0 - 00000000 GlobalRouter ACLI WARNING Blocked unauthorized ACLI access
I am able to log as a different account with RWA permissions, but all I seem to be able to do to the rw account from there is change the password, which does not help.
Any ideas?
(Firmware is 8.0.8.0)
Solved! Go to Solution.
02-16-2021 03:18 PM
The “rwa” account is the highest level of admin control. With the “rwa” user credentials you should be able to make all the changes you need to the other accounts.
Someone probably entered in a “no password access-level rw” to disable the account.
login as RWA and use the command “password access-level rw”
then ‘cli password rw read-write” to change the password back to whatever you want.
WARNING!!!: Use extreme care that you are only changing the rw, ro accounts. RWA accounts passwords can not be recovered and do require an Extreme GTAC ticket and you need a support contract. And the recovery requires a reboot.
02-17-2021 03:19 PM
No CLI Is perfect. I call it security through obscurity.
I can’t claim this, only an assumption. But for security reasons someone probably decided not to have the CLI PASSWORD configurations in the running config. If you can’t see the syntax you need to know the commands to make the changes.
02-17-2021 03:01 PM
Thanks - the command “password access-level rw” re-enabled the account.
That is some unnecessarily obscure syntax!
02-16-2021 03:18 PM
The “rwa” account is the highest level of admin control. With the “rwa” user credentials you should be able to make all the changes you need to the other accounts.
Someone probably entered in a “no password access-level rw” to disable the account.
login as RWA and use the command “password access-level rw”
then ‘cli password rw read-write” to change the password back to whatever you want.
WARNING!!!: Use extreme care that you are only changing the rw, ro accounts. RWA accounts passwords can not be recovered and do require an Extreme GTAC ticket and you need a support contract. And the recovery requires a reboot.
02-16-2021 03:16 PM
Jon,
You can open a GTAC case, they’ll give you a temporary password to unlock the account.
Mig