Solved: Nexus admin user - can't login to the CLI

paulcahill · ‎11-16-2018

I was copying an pasting some configs between two nexus devices and some how fat-fingered something and the admin user can no longer login to the command line. I can still login as the root user and run an "su admin" and login to the device that way. Need to get it fixed. On the switch that works:

username admin password 5 $5$vmOXlxBj$FbuM28SGUyj/E2H1BS.KIr.pMJU5f0MGrDTEPezIfO
6 role network-admin

On the switch that doesn't work:

username admin password 5 $5$vmOXlxBj$FbuM28SGUyj/E2H1BS.KIr.pMJU5f0MGrDTEPezIfO
role network-admin

So how do I fix that? Is that what broke the account?

paul driver · ‎11-17-2018

Hello

Sounds like you could have possibly overwrote the username admin account password somehow which can easily be done when you past config

Anyhow Logon with the su-admin account.

conf t

username admin role network-admin password xxxxxx

copy running-config startup-config

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Richard Burts · ‎11-16-2018

As I understand your post the difference between the switches is the number 6 appears in the working switch and not in the problematic switch. I am not sure what that number would represent. So I am not sure if it is really the problem. If you are able to login to the problematic switch can you then just copy/paste the line with the 6 into the problematic switch and see if it fixes the issue?

My guess is that it will not fix the issue. In that case I am guessing that something else is the problem. As a start in investigating this possibility could you post the output of show run | include aaa

HTH

Rick

HTH

Rick

paul driver · ‎11-17-2018

Hello

Sounds like you could have possibly overwrote the username admin account password somehow which can easily be done when you past config

Anyhow Logon with the su-admin account.

conf t

username admin role network-admin password xxxxxx

copy running-config startup-config

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paulcahill · ‎11-19-2018

So the line was line-wrapping at the 80th column even though my columns were set to much wider than that. the copy and paste did not pick up on that and sent it as a separate line, chopping off the last character in the password hash, breaking the password. I didn't notice that on the other switch because, for some reason, that window had more columns!

I need to get more sleep.

Thanks for all the replies.

Georg Pauwen · ‎11-17-2018

Hello,

have you tried to do a network-admin password recovery ?

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/password_recovery/b_nx_os_pwr/nx_os_pw.html

pieterh · ‎11-19-2018

as the "user ...... role....." command is a one-line command

username user-id [password [0 | 5]password] [expire date] [role role-name]

My guess is the "6" is either seen as part of the encrypted password, or seen as the account is (has been) valid for 6 days.

so copy the good line and paste it in the other switch