Reset Search
 

 

Article

Password Recovery of a Virtual NAC

« Go Back

Information

 
TitlePassword Recovery of a Virtual NAC
Objective
Recover the root password on a Virtual NAC
Environment
vSphere Client
Virtual NAC
Procedure
This procedure assumes a working knowledge of the Linux "vi" editor.  It also requires a copy of a Linux "Live CD". For the example, the Fedora 17 Live CD (http://archive.fedoraproject.org/pub/archive/fedora/linux/releases/17/Live/x86_64/Fedora-17-x86_64-Live-Desktop.iso) was used.  Use of other distributions (and even versions of Fedora later than F18) is not known to work with this method.  Finally, it requires the editing of a sensitive system file.  >>Proceed with caution<<.
 
1. Upload a copy of Fedora 32-Bit Live CD to the Datastore of the ESXi
                a. Bring up the vSphere Client "Inventory" Screen
                b. Select "root" of VM Tree (the Physical Host Server itself)
                c. Select "Configuration" Tab
                d. Right-click on a Datastore, and select "Browse Datastore..."
                e. Select the "Upload files to this datastore" icon -> "Upload file..."
                f. Browse to the previously downloaded Fedora 32-Bit Live CD ISO image, and select it
                g. Select "Open", and answer the "Upload/Download Operation Warning" dialogue box appropriately
 
2. Add a CD-ROM to the Virtual NAC on which the Password needs to be recovered
                a. Select the NAC virtual machine from the VM Tree
                b. Select "Summary" Tab
                c. Select "Power Off" from the "Commands" area of the Summary Tab
                d. Once the VM has powered down, select "Edit Settings" from the Commands
                e. In the resulting "Virtual Machines Properties" dialogue box, select the "Hardware" Tab -> "Add..." button
                f. In the resulting "Add Hardware" dialogue box, select the "CD/DVD Drive" as the type of device to add, and press "Next"
                g. Select the "Use ISO image" radio-button, and press "Next"
                h. Browse to the previously uploaded Fedora 32-Bit Live CD ISO image, and select "OK"
                i. Leave the "Connect at power on" check-box checked, and press "Next"
                j. Leave the "Virtual Device Node" at defaults, and press "Next"
                k. Select "Finish"
 
3. Change the device boot order to boot from newly added CD-ROM Drive
                a. Still in the "Virtual Machines Properties" dialogue, select the "Options" Tab -> "Boot Options"
                b. Select the "Force BIOS Setup" check-box
                c. Select "OK" to close the "Virtual Machines Properties" dialogue
                d. Select "Power On" from the "Commands" area of the Summary Tab
                e. Select "Console" Tab
                f. Using the Arrow keys, access the "Boot" section of the BIOS and highlight the "CD-ROM Drive"
                g. Using the <+> key, move the CD-ROM Drive to the top of the Boot order
                h. Press the <F10> key to Save and Exit
                i. Confirm the Save by pressing the <Enter> key
                j. When presented the Fedora boot screen, hit the <Tab> key to stop the boot process and display the boot parameters as a string of text
 
4. Enter into Fedora "Single User Mode"
                a. At the end of the text string displayed in the step above, type in "single" and press the <Enter> key
 
5. Mount the NAC Hard Drive
                a. When presented the CLI prompt, type in "mount /dev/sda1 /mnt" and press the <Enter> key
                b. NOTE: On later revisions of the NAC Appliance, the use of a Logical Volume Group will cause the above command to fail. If this occurs, please use the following syntax instead: "mount /dev/systemvg/root /mnt"
 
6. Remove the existing unknown root password
                a. When again presented the CLI prompt, edit the password file by typing in "vi /mnt/etc/shadow" and pressing the <Enter> key
                b. Find the line of text that starts with "root"
                Note: The desired line will look something like "root:<some_text>:<a_number>:0:::::"
                c. Remove all text between the first and second colon
                Note: The resulting line will look something like "root::<a number>:0:::::"
                d. Write changes to the read-only file with the "w!" vi command, and quit vi
 
7. Reboot from the Hard Drive
                a. At the CLI prompt, typing in "init 0" and press the <Enter> key
                b. Select "Summary" Tab -> "Edit Settings" -> "Options" Tab -> "Boot Options"
                c. Select the "Force BIOS Setup" check-box
                d. Select "OK" to close the "Virtual Machines Properties" dialogue
                e. Select "Power On" from the "Commands" area of the Summary Tab
                f. Select "Console" Tab
                g. Using the Arrow keys, access the "Boot" section of the BIOS and highlight the "CD-ROM Drive"
                h. Using the <-> key, move the CD-ROM Drive below the "+Hard Drive" in the Boot order
                i. Press the <F10> key to Save and Exit
                j. Confirm the Save by pressing the <Enter> key
 
8. Set new root password
                a. Once the NAC has fully booted from the Hard Drive, login as "root" (no password)
                b. At the CLI prompt, type in "passwd" and press the <Enter> key
                c. Follow the on-screen prompts to set the new root password
 
Additional notes
Note that an alternative may be to shut down the existing NAC VM and create a new one.  The NAC configuration is held inside the NetSight database.  Once a new VM is brought up the configuration may be enforced down from the NetSight Extreme Management Center or NAC Manager

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255