This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hongyu_Chen
Participant
‎2023-05-08 08:59 AM
Jump to solution

How to reset smart-1 6000L idrac admin password

Hi,

We have a smart-1 6000L appliance.  I lost the password for idrac admin user. 

In the log, it shows a password for admin has been generated, but I don't recall I have done that. 

[Expert@host:0]# more /var/log/cp_idrac.log
[04/17/23@11:33:57]:in idrac_set_user_password user=admin
[04/17/23@11:33:57]:in idrac_set_user_password user_id = 2 user=admin
New password was generated successfully for iDRAC admin user..
[04/17/23@12:32:08]:in idrac_set_user_password user=admin
[04/17/23@12:32:09]:in idrac_set_user_password user_id = 2 user=admin
New password was generated successfully for iDRAC admin user..

 

I tried admin/admin but no luck.

 

I have also tried this command "SetiDRACUser" to reset the password but seems it can only change password for user id range between 3-16, while admin's id is 2. 

 

[Expert@host:0]# SetiDRACUser
Enter User ID: 2
Enter User name: admin
Enter Password:
Enter Password again:
Error:User ID Should be in the range [3-16]
Set new user failed, See /var/log/cp_idrac.log
[Expert@host:0]#

 

Below is the output of the log:

Starting: Set iDRAC User
[05/08/23@11:56:45]:in idrac_set_user_password_enforce user=admin
[05/08/23@11:56:45]:Error:User ID Should be in the range [3-16]
[05/08/23@11:56:45]:User ID validation failed

 

How do I reset the idrac admin password?

 

Thanks. 

0 Kudos
1 Solution

Accepted Solutions
eladni
Employee Alumnus
Employee Alumnus
‎2023-05-09 05:11 AM
Jump to solution

Hi, 

Access to iDRAC is supported only with operator user.
Admin user is not supported nor recommended by Check Point
Note that any reboot of the system will reset the admin user and password.

View solution in original post

0 Kudos
18 Replies
AkosBakos
Mentor Mentor
Mentor
‎2023-05-08 09:34 AM
Jump to solution

Hi,

Have you tried to upgrade the LOM? Maybe it flashes the current settings, the you can use lomipset.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Hongyu_Chen
Participant
‎2023-05-08 11:36 AM
In response to AkosBakos
Jump to solution

Hi Akol,

I upgraded the idrac firmware per your suggestion, still no luck. 

Regards,

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2023-05-08 11:48 AM
In response to Hongyu_Chen
Jump to solution

Hi,

Have you tried the #ipmetool command?

Reset the whole LOM card:

https://support.checkpoint.com/results/sk/sk127573

[Expert@HostName:0]# ipmitool raw 0x2e 0x02

Otherwise, I think it is time to involve the TAC.

Akos

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend
‎2023-05-08 12:22 PM
In response to Hongyu_Chen
Jump to solution

Yup, what @AkosBakos gave you is a solution (also per below link)

https://community.checkpoint.com/t5/Security-Gateways/LOM-password-reset-on-5600-and-12400-appliance...

Cheers,

Andy

0 Kudos
Hongyu_Chen
Participant
‎2023-05-08 12:32 PM
In response to the_rock
Jump to solution

Thanks Andy, Akos for your prompt reply. 

Following command works for me. 

 

ipmitool user set password 2 vpn123

 

Regards,

the_rock
Legend
Legend
‎2023-05-08 12:34 PM
In response to Hongyu_Chen
Jump to solution

If thats your new LOM password, dont worry, we wont tell anyone ; - )

Just kidding...happy it worked mate, good job! 👍

Andy

eladni
Employee Alumnus
Employee Alumnus
‎2023-05-09 05:11 AM
Jump to solution

Hi, 

Access to iDRAC is supported only with operator user.
Admin user is not supported nor recommended by Check Point
Note that any reboot of the system will reset the admin user and password.

0 Kudos
the_rock
Legend
Legend
‎2023-05-09 05:13 AM
In response to eladni
Jump to solution

Never heard that before...I recall last year I was on phone with TAC Tier 3 and we used admin account and they never mentioned anything about it. Is there an sk or somewhere stating this?

Andy

eladni
Employee Alumnus
Employee Alumnus
‎2023-05-09 05:38 AM
In response to the_rock
Jump to solution

Please see https://support.checkpoint.com/results/sk/sk122914 under known limitations:
[ Access to iDRAC is available only with restricted operator user ]

the_rock
Legend
Legend
‎2023-05-09 05:41 AM
In response to eladni
Jump to solution

Maybe TAC never mentioned anything as client was using 6200, so I dont see that model listed in the sk.

Andy

0 Kudos
Hongyu_Chen
Participant
‎2023-05-09 06:58 AM
In response to eladni
Jump to solution

Hi,

I just rebooted the machine and the admin user still exist. 

 

the_rock
Legend
Legend
‎2023-05-09 07:09 AM
In response to Hongyu_Chen
Jump to solution

Cant say Im surprised, I would not think reboot would ever get rid of that account. 

Andy

Plus this -> Access to iDRAC is available only with restricted operator user.

Does NOT even give issue ID. so logically tells me that sk should be updated.

0 Kudos
eladni
Employee Alumnus
Employee Alumnus
‎2023-05-09 07:15 AM
In response to Hongyu_Chen
Jump to solution

Admin  user and password will *reset* after reboot.

 

0 Kudos
the_rock
Legend
Legend
‎2023-05-09 07:17 AM
In response to eladni
Jump to solution

@eladni Does not sound like that happens at all... @Hongyu_Chen can you confirm?

Andy

0 Kudos
Hongyu_Chen
Participant
‎2023-05-09 07:19 AM
In response to the_rock
Jump to solution

admin password was not reset after reboot. 

the_rock
Legend
Legend
‎2023-05-09 07:26 AM
In response to Hongyu_Chen
Jump to solution

Thats what I thought as well, tx for confirming. @eladni , thats why I said sk is wrong and should be updated. Apologies if Im misunderstanding something...

Andy

0 Kudos
eladni
Employee Alumnus
Employee Alumnus
‎2023-05-10 04:02 AM
In response to the_rock
Jump to solution

HI, regarding the reboot/reset - thanks for the input, we will check it internally and update.

Nevertheless, the SK mentioned admin user is not supported.
It will not be supported so no required changes in SK at the moment.

Thanks

the_rock
Legend
Legend
‎2023-05-10 04:33 AM
In response to eladni
Jump to solution

Ok, fair enough 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events