Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2206
Views
7
Helpful
4
Replies

ISE configuration data restore CLI account

Go to solution
Madura Malwatte
Level 4
Level 4

‎04-11-2019 04:41 AM

Just want to confirm, when a configuration data backup from another node is restored on a local node, does the existing CLI and GUI account credentials get overwritten by the one's from the backup? So I will no longer be able to get into the CLI and GUI with the old credentials? And only way to reset the password is then using the methods outlined here ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nadav
Level 7
Level 7

‎04-11-2019 08:29 AM

The GUI admins are shared configuration for the deployment. So whatever GUI admins are in the backup is what you'll have for all nodes in the deployment after restoring.

 

As for CLI admins, that's per node. When you restore via CLI you have the option of restoring ADE-OS (via the "include-adeos" keyword). If you do so that also includes the local CLI users for the relevant nodes.

View solution in original post

4 Replies 4

Go to solution
paul
Level 10
Level 10

‎04-11-2019 06:28 AM

I believe the restore will only affect the GUI admin password, but it has been a while since I tested this.  My admin accounts for CLI and GUI are usually kept the same.  The only time those accounts are matched are during the initial setup script.  After the initial script the CLI and GUI accounts are managed independently.  The restore should only be restoring the ISE application information which contains the GUI password.  The link you put in your post is the way to reset both the CLI and GUI passwords.

Go to solution
Nadav
Level 7
Level 7

‎04-11-2019 08:29 AM

The GUI admins are shared configuration for the deployment. So whatever GUI admins are in the backup is what you'll have for all nodes in the deployment after restoring.

 

As for CLI admins, that's per node. When you restore via CLI you have the option of restoring ADE-OS (via the "include-adeos" keyword). If you do so that also includes the local CLI users for the relevant nodes.

Go to solution
Madura Malwatte
Level 4
Level 4
In response to Nadav

‎04-12-2019 05:47 AM

Hi Nadav,

 

This is exactly it. When I have done restore's before I never included the ADE-OS, hence why the existing CLI accounts always worked. This latest restore I used "include-adeos", and it wiped out the existing account.

 

I couldn't find much info about what the ADE-OS includes, but seems it includes the network settings such as IP address, ntp, domain, hostname, CLI account, etc? There is not much mention what it does in administrator guide. 

Go to solution
Nadav
Level 7
Level 7
In response to Madura Malwatte

‎04-12-2019 01:05 PM

I'd imagine it's the entirety of your ADE-OS. Basically everything you see under "show run", and maybe also the system logs. 

0 Helpful
Customers Also Viewed These Support Documents