cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco DCNM change admin password using CLI

10745
Views
0
Helpful
2
Comments

 

 

Introduction

Cisco DCNM implements user-based access to allow you to control who can access a Cisco DCNM server by using the Cisco DCNM client. User access is secured by a password. Cisco DCNM supports strong passwords. You can use local authentication as the primary authentication mode. If you specify RADIUS or TACACS+ as the primary authentication mode, the Cisco DCNM server always falls back to local authentication if no authentication server for the current authentication mode is reachable.

 

RADIUS and TACACS+ Authentication

You can configure Cisco DCNM to authenticate users with either the RADIUS or TACACS+ AAA protocol. Cisco DCNM supports primary, secondary, and tertiary authentication servers for RADIUS and TACACS+. Only a primary server is required. For each authentication server, you can specify the port number that the server listens to for authentication requests.

 

User Role Assignment by RADIUS and TACACS+

Cisco DCNM supports the assignment of a user role by the RADIUS or TACACS+ server that grants a user access to the Cisco DCNM client. The user role assigned to a user is in effect for the current session in the Cisco DCNM client only.

To assign a Cisco DCNM user role by RADIUS, configure the RADIUS server to return the RADIUS vendor-specific attribute 26/9/1, which is the Cisco-AV-Pair attribute. To assign a Cisco DCNM user role by TACACS+, the TACACS+ server must return a cisco-av-pair attribute-value pair. If an authentication response does not assign the user role, Cisco DCNM assigns the User role.

 

Change Admin Password

Follow the steps to change admin password.

1.  SSH to the DCNM server

2.  cd to /usr/local/cisco/dcm/fm/bin

3.  "./addUser.sh  --help" to see the syntax of the command.

The syntax for the addUser.sh script is "./addUser.sh <username> <password> <dbpassword>".  The adduser script can be used to add new user accounts or to change the password of existing user accounts.

4.  To change the admin password, the command would look something like this,

"./addUser.sh admin <new password> <dbpassword>"

If you have forgetten the database password, then you can find it in the file, /usr/local/cisco/dcm/jboss-as.7.2.0-Final/standalone/conf/postgres.cfg.xml.  Use the command "cat /usr/local/cisco/dcm/jboss-as.7.2.0-Final/standalone/conf/postgres.cfg.xml" to print the contents of the file to the screen.

 

Related Information

Administering DCNM Authentication Settings
Cisco DCNM License Management
Cisco Prime DCNM - change GUI admin password from CLI

Comments
amadsen7193
Beginner

I am attempting to use the 10.x virtual app. When I installed it I gave the installation process a password for the administrator user. After starting the vApp I attempted to log into the web GUI with admin and the password I gave it during the installation. This failed. I then logged into the vApp with root and the same password I used in the installation and I was able to access the vApp via SSH. I followed you instructions to reset the Admin password and got this as a result:

[root@ame-vadcnm02 bin]# ./addUser.sh admin ******** **********
Server configuration file loaded: /usr/local/cisco/dcm/fm//conf/server.properties
log4j:WARN No appenders could be found for logger (fms.db).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Log4j loaded: /usr/local/cisco/dcm/fm//conf/log4j_fms.xml
Password validation is finished!
User exists.

The password still does not work. Any suggestions?

amadsen7193
Beginner

One additional comment, in the 10.x vApp the file /usr/local/cisco/dcm/jboss-as.7.2.0-Final/standalone/conf/postgres.cfg.xml does not exist. It appears to now be  /usr/local/cisco/dcm/jboss-as-7.2.0.Final/standalone/conf/postgressql.cfg.xml and the password is hashed so it is unusable.