Fibre Channel (SAN)

Reply
New Contributor
Posts: 2
Registered: ‎11-09-2017
Accepted Solution

How to reset primary authentication method on a M6505?

Hello,

 

I made a super newbie mistake and managed to lock myself out of a switch. I normally use the local admin/root accounts, but I made a change and decided to enable AAA authentication to LDAP/Active Directory for both primary and secondary authentication methods of the switch, from the switch Java Management app.

 

Here are the switch specs:
Model: Brocade M6505 blade switch (installed in a Dell PowerEdge M1000e chassis)
FOS version: v8.0.1b

 

I have tried the password recovery procedure as a 'test' to see if it would reset the authentication methods, in addition to the local account passwords.  The password reset process appeared to be successful but, I am still unable to log in with local accounts. 

 

My second thought was to mount the root filesystem (as outlined in the password recovery process) and view the configuration files in /etc/fabos to see if there is a numeric value or something that can be adjusted, which I know is dangerous, but I did stumble across a file called fabos.chassis.conf which contains the following values:

 

sh-2.04#

authspec.mode:6
bottleneck.BECreditLossFaultingBlade:1
ldap.server.0.domain:mydomain.com
ldap.server.0.hostname:192.168.1.4
ldap.server.0.port:389
ldap.server.0.timeout:3
system.intPortCrdRecov:41
sh-2.04#


I happened to have another M6505 blade installed in the same Dell M1000e chassis which I DO have local root access to, and I was able to compare the same file, fabos.chassis.conf which has following default values:

 

sh-2.04#
authspec.mode:0
bottleneck.BECreditLossFaultingBlade:1
system.intPortCrdRecov:41

sh-2.04#


Would setting this file on the switch-in-question to 'authspec.mode:0' set the authentication method to its default values?  Is there an easy(er) way to remove all remote authentication methods and restore local accounts to the default authentication method?

Thanks!

 

-Jesse

 

 

Highlighted
External Moderator
Posts: 5,033
Registered: ‎02-23-2004

Re: How to reset primary authentication method on a M6505?

@vspeed740

 

try follow, should work.....:

 

from the Chassis Management Module, set the Internal ETH Interface/Port to disable

 

wait a couple of minutes +/- 10-15 minutes, and then connect to IOIOI external Port on the Blade Switch.

 

now you should be able to connect as admin and reset / delete the AAA Radius mode.

TechHelp24
New Contributor
Posts: 2
Registered: ‎11-09-2017

Re: How to reset primary authentication method on a M6505?

Antonio, 

 

You just made my week sir... I followed your instructions with a little twist, but nevertheless, it worked like a charm:

 

1) unplugged from both NICs of the CMC modules of the m1000e chassis (to prevent failover to the secondary CMC)
2) waited 10+ minutes

3) connected to the IOIOI serial port on the M6505

4) entered admin default credentials and changed the default passwords.

 

Thank You!!

-Jesse

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook