This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Password Recovery on Edge-Core AS4610 when the Internal Clock Has Reset

Follow

Issue

Recovering the password on the Edge-Core AS4610 platform may require additional steps if the internal clock has been reset.

Environment

  • Cumulus Linux 3.y.z

Cause

A clock reset occurs if the switch has been unplugged or powered down for an extended period of time. Resetting a user password before adjusting the system date may result in a negative value being set in the /etc/shadow in the third column "Date of Last Password Change". Once this occurs the current user account becomes disabled and that user cannot log in with this user account.

Essentially, password recovery fails if you set the time after changing the password. If NTP is configured, the switch may update the time automatically during a full boot.

Below is an example of a /etc/shadow with a valid root user entry and an invalid cumulus user entry — note the negative value for "Date of Last Password Change":

root:XXXXXXXXX:17143::::::
cumulus:XXXXXXXXXX:-12756:0:99999:7:::

Solution

Before attempting to recover the password, ensure that the system and hardware clocks are set correctly first.

Set the year to a minimum of 2000, as the hardware clock is not designed to accept dates before this time. Attempting to set a date prior to this results in the date being set into the future, which invalidates the user when normal time is restored.

  1. From the console, boot the switch, interrupting the U-Boot countdown to enter the U-Boot prompt. Enter the following:
    => run cl_bootrecover
  2. Set the operating system time and push the value to the hardware clock:
    # date -s 20161208
    Thu Dec  8 00:00:00 UTC 2016
    # hwclock -w
  3. Confirm the hardware clock time:
    # hwclock -r
    Thu 08 Dec 2016 12:01:09 AM UTC  -0.921842 seconds
  4. Reset the password:
    root@switch:~# passwd
    Enter new UNIX password:
    Retype new UNIX password:
    passwd: password updated successfully

 

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk