Layer7 API Management

I am trying to change password of admin user used for login onto policy manager. I want to do this without login onto policy manager, say, via command line. Please suggest over this.

OPTION 1: ( SSGCONFIG )( Version 8.2+)

1. Log into the SSGCONFIG menu.

2. Select Option 2

3. Select Option 8

4. You will be asked which account you would like to reset, type in the forgotten or locked account.

5. You will be prompted for the new password

6. It has now been reset

OPTION 2: ( Any version that i'm aware of )

1. The above script needs the credentials for your privileged mysql DB, ( i.e. root/7layer )

2. Also, it will need to know the DB in which we are targeting, ( almost always SSG )

3. What is the new username that you would like to create ( notice my wording here, this script can create new ID's as well, sometimes resetting the old admin account won't work, you may have to create a new one all together )

This will create an Account with the ID you put in.

The password defaults to: password

Hi Doyle,

If the admin id (used for Policy Manager access) is locked after 5 incorrect passwords, both the mentioned options doesn't reset the admin id. I keep getting this error "admin execeeded max. failed logon attempts". Only way out for me was to create a new admin id using option 2. When a new admin id is created using option 2, it removes the old admin id altogether. Didn't realize that it would happen. Is there any other way to reset the admin id locked after failed attempts?

Thanks,
Atul

That is interesting,

I dont recall resetAdmin.sh removing the old admin account altogether, but was able to reproduce your issue.

If you set on using your original admin account, i've found a way to hack it to let you log in.

1. ( i locked my admin account, ( after making a backup, of course )

2. ( In the ssg DB, there is a table called 'logon_info' ), you see my accounts that are currently set up.

•      You have to do 2 things here, reset the 'fail_count' and reset the 'state'.
•      Once i did that, i was able to log in

The best practice in this scenario is to always have a backup admin account in case you lock it out.

let me know if this helps,

Doyle

Thanks Doyle. These steps did work for me as well. I will bookmark your post for admin user reset.

Hi Ankush,

I wanted to expand on Doyle's response above.  The steps that Doyle has provided will allow you to reset the password for the admin user to "password", it is meant for times that you have forgotten your password and need to reset it.  However, this method will always reset the admin password to "password", and it is expected that you will log in to the Policy Manager and change it to something else.

If you want to change the admin password to something other than what you created (and don't want to set it to "password" with the reset functionality), you can use the REST Management interface to do this, there is a call that specifically allows you to do this.  Please see the REST Management documentation (located on all Gateway's at https://gateway.company.com:8443/restman/1.0/doc, once the REST Management Service is published) for instructions on how to do this.

- Aaron

Thanks Doyle & Aaron,

This was really useful information. I will try both of them and keep you guys post if found any more useful stuff.

-Ankush