11-09-2017 11:32 AM
I made a super newbie mistake and managed to lock myself out of a switch. I normally use the local admin/root accounts, but I made a change and decided to enable AAA authentication to LDAP/Active Directory for both primary and secondary authentication methods of the switch, from the switch Java Management app.
Here are the switch specs:
Model: Brocade M6505 blade switch (installed in a Dell PowerEdge M1000e chassis)
FOS version: v8.0.1b
I have tried the password recovery procedure as a 'test' to see if it would reset the authentication methods, in addition to the local account passwords. The password reset process appeared to be successful but, I am still unable to log in with local accounts.
My second thought was to mount the root filesystem (as outlined in the password recovery process) and view the configuration files in /etc/fabos to see if there is a numeric value or something that can be adjusted, which I know is dangerous, but I did stumble across a file called fabos.chassis.conf which contains the following values:
I happened to have another M6505 blade installed in the same Dell M1000e chassis which I DO have local root access to, and I was able to compare the same file, fabos.chassis.conf which has following default values:
Would setting this file on the switch-in-question to 'authspec.mode:0' set the authentication method to its default values? Is there an easy(er) way to remove all remote authentication methods and restore local accounts to the default authentication method?
Solved! Go to Solution.
11-09-2017 12:55 PM
try follow, should work.....:
from the Chassis Management Module, set the Internal ETH Interface/Port to disable
wait a couple of minutes +/- 10-15 minutes, and then connect to IOIOI external Port on the Blade Switch.
now you should be able to connect as admin and reset / delete the AAA Radius mode.
11-09-2017 02:17 PM
You just made my week sir... I followed your instructions with a little twist, but nevertheless, it worked like a charm:
1) unplugged from both NICs of the CMC modules of the m1000e chassis (to prevent failover to the secondary CMC)
2) waited 10+ minutes
3) connected to the IOIOI serial port on the M6505
4) entered admin default credentials and changed the default passwords.