cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1351
Views
0
Helpful
6
Replies

Account Expiry of local Admin account in CSPC 2.10

billlippai
Level 1
Level 1

We updated our collector servers to version 2.10.0 as per the recommendation to go back to this version due to the CentOS back level in January of this year and patched to 2.10.0.1 at the same time. We are now attempting to go to 2.10.0.3 and as part of our update process, we confirm all good by shutting down the system from the command line. 

 

Using collectorlogin, it indicated that the account had expired on login which has occurred previously, and we simply do the 

# pwdreset collectorlogin 90 to re-enable the account from the admin user. Attempting to log on with the admin user which if the password expired would prompt for a change, however now results in the account logging on and it throwing the same "Your account has expired; please contact your system administrator" message. It appears both of our collectors have automatically locked us out of being able to administer them after 90 days as it appears that the admin account has some type of expiry set now.

 

We log into the GUI regularly as part of onboarding new devices but the CLI we only need to get to when upgrading or troubleshooting so it is way more inconsistent and may not happen in the 90 day window. 

 

It appears there is a process to recover the root password in the manual using the grub user, however in this case I know the passwords, I just need to unlock one of the two accounts. I am not familiar with being able to do that if it can be done using the grub process and am wondering if anyone has a process/link to assist in trying that. I have a case opened with TAC, however it is progressing slowly and very likely I will end up having to rebuild these servers as if I had lost the passwords, though this is a flaw in the security setup which we did not do.  

 

Any assistance would be appreciated. Thanks. 

 

 

6 Replies 6

kaptanej
Cisco Employee
Cisco Employee

Hi , 

 

I am the in-charge of this post and I will be assisting you on this issue shortly .

 

Thanks & Regards, 

Kapil Taneja 

TN0519
Level 1
Level 1

I just had this problem, but was able to get to the console and login as root.  From there I was able to set the passwords for the admin and collectorlogin user

 

passwd admin

passwd collectorlogin

 

I was then able to SSH and login as either of those.

kaptanej
Cisco Employee
Cisco Employee

Hi , 

 

Please let us know if you need any further assistance on the issue .

 

Thanks & Regards, 

Kapil Taneja

Hi Kapil, 

 

Yes I still require assistance in getting into the device. 

 

The suggestion of logging in as Root seems contradictory to other posts where:

Attempts to connect directly to the user root will cause a lock on that account requiring reboot

I attempted a root login from the VMConsole and after that even the admin account would no longer error. 

 

Thanks. -Bill 

Hi Bill , 

 

Please share the customer's availability for the webex session so that we can troubleshoot on the issue . 

Also please share the email address so that we can keep you updated on the issue .

 

Thanks & Regards, 

Kapil Taneja

kaptanej
Cisco Employee
Cisco Employee

Hi Bill , 

Here is the resolution summary that we have provided on the issue :

* Customer’s account was getting expired due to 90 days of time period .
* Customer was asked to have a webex session so that we can troubleshoot the issue .
* Change the customer’s account admin age so that it cannot be locked .
* Age expiration and inactivation has been changed to ‘ Never ’ .
* Customer has given the confirmation for the same .
* Customer has given the confirmation for the case closure.
* Hence, proceeding with the case closure.

Thanks & Regards, 

Kapil Taneja