This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to unlock account on VSP-7254

Unable to unlock account on VSP-7254

Go to solution
Jon_P
New Contributor III

‎02-16-2021 11:23 AM

Hi,

Somehow the rw account has become locked on one of our VSPs and I can’t find any way to unlock it.

Logging in as rw I get the following:

Login: rw
Password: **************


The user rw account is disabled, please contact admin for enabling the account
1 2021-02-07T22:25:37.000+00:00 WMA_R2 CP1 - 0x001985a0 - 00000000 GlobalRouter ACLI WARNING Blocked unauthorized ACLI access

 

I am able to log as a different account with RWA permissions, but all I seem to be able to do to the rw account from there is change the password, which does not help.

Any ideas?

(Firmware is 8.0.8.0)

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
EXTR_Paul
Extreme Employee

‎02-16-2021 03:18 PM

The “rwa” account is the highest level of admin control.  With the “rwa” user credentials you should be able to make all the changes you need to the other accounts.   

 

 

Someone probably entered in a “no password access-level rw”  to disable the account.

 

login as RWA and use the command “password access-level rw”


then ‘cli password rw read-write” to change the password back to whatever you want.

WARNING!!!:  Use extreme care that you are only changing the rw, ro accounts.   RWA accounts passwords can not be recovered and do require an Extreme GTAC ticket and you need a support contract. And the recovery requires a reboot. 

 

 

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
EXTR_Paul
Extreme Employee

‎02-17-2021 03:19 PM

 

No CLI Is perfect.  I call it security through obscurity.


I can’t claim this, only an assumption.  But for security reasons someone probably decided not to have the CLI PASSWORD configurations in the running config.  If you can’t see the syntax you need to know the commands to make the changes.  

0 Kudos

Go to solution
Jon_P
New Contributor III

‎02-17-2021 03:01 PM

Thanks - the command “password access-level rw”  re-enabled the account.

That is some unnecessarily obscure syntax!

0 Kudos

Go to solution
EXTR_Paul
Extreme Employee

‎02-16-2021 03:18 PM

The “rwa” account is the highest level of admin control.  With the “rwa” user credentials you should be able to make all the changes you need to the other accounts.   

 

 

Someone probably entered in a “no password access-level rw”  to disable the account.

 

login as RWA and use the command “password access-level rw”


then ‘cli password rw read-write” to change the password back to whatever you want.

WARNING!!!:  Use extreme care that you are only changing the rw, ro accounts.   RWA accounts passwords can not be recovered and do require an Extreme GTAC ticket and you need a support contract. And the recovery requires a reboot. 

 

 

0 Kudos

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎02-16-2021 03:16 PM

Jon,

You can open a GTAC case, they’ll give you a temporary password to unlock the account.

Mig

0 Kudos
GTM-P2G8KFN