Difference between revisions of "Avoid password expiry on NSX managers and edges"
From Notes_Wiki
m |
m |
||
| Line 1: | Line 1: | ||
[[Main_Page|Home]] > [[VMWare platform]] > [[VMWare NSX]] > [[Avoid password expiry on NSX managers and edges]] | [[Main_Page|Home]] > [[VMWare platform]] > [[VMWare NSX]] > [[Avoid password expiry on NSX managers and edges]] | ||
=Increase no of days to password expiry= | |||
To avoid automatic password expiry for root, audit and admin users on both NSX manager and Edges use: | To avoid automatic password expiry for root, audit and admin users on both NSX manager and Edges use: | ||
# SSH to manager using individual IP (not cluster IP) using admin credentials | # SSH to manager using individual IP (not cluster IP) using admin credentials | ||
| Line 17: | Line 18: | ||
#:</pre> | #:</pre> | ||
# Do the same for the Edges | # Do the same for the Edges | ||
=Reset admin or audit passowrd= | |||
If root password is expired we can still login into console with old expired password. Immediately after login we would be forced to change the expired password. | |||
Root password can be reset, if forgotten, as explained at: | |||
* https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html | |||
If we have working root password and we want to reset audit/admin password then: | |||
# Login into NSX manager (Any one) | |||
# Run: | |||
#:<pre> | |||
#:: /etc/init.d/nsx-mp-api-server stop | |||
#:: passwd admin | |||
#:: passwd audit | |||
#:: touch /var/vmware/nsx/reset_cluster_credentials | |||
#:: /etc/init.d/nsx-mp-api-server start | |||
#:</pre> | |||
# Then also do | |||
#:<pre> | |||
#:: su - admin | |||
#:: set user admin password | |||
#:: <Enter old and new passwords. Here old password is the one set in above steps> | |||
#:</pre> | |||
# Reboot at least one of the three network managers | |||
#:<pre> | |||
#:: shutdown -r now | |||
#:</pre> | |||
# After network manager finishes rebooting, try the web login in a Incognito browser | |||
Latest revision as of 04:36, 19 October 2022
Home > VMWare platform > VMWare NSX > Avoid password expiry on NSX managers and edges
Increase no of days to password expiry
To avoid automatic password expiry for root, audit and admin users on both NSX manager and Edges use:
- SSH to manager using individual IP (not cluster IP) using admin credentials
- Run following commands to prevent password-expiration for the three accounts:
- set user admin password-expiration 9999
- set user audit password-expiration 9999
- set user root password-expiration 9999
- Setting value to 9999 might be better then disabling password expiry all together as some checks might require password expiry to be enabled.
- Validate settings have taken effect:
- get user admin password-expiration
- get user audit password-expiration
- get user root password-expiration
- Do the same for the Edges
Reset admin or audit passowrd
If root password is expired we can still login into console with old expired password. Immediately after login we would be forced to change the expired password.
Root password can be reset, if forgotten, as explained at:
If we have working root password and we want to reset audit/admin password then:
- Login into NSX manager (Any one)
- Run:
- /etc/init.d/nsx-mp-api-server stop
- passwd admin
- passwd audit
- touch /var/vmware/nsx/reset_cluster_credentials
- /etc/init.d/nsx-mp-api-server start
- Then also do
- su - admin
- set user admin password
- <Enter old and new passwords. Here old password is the one set in above steps>
- Reboot at least one of the three network managers
- shutdown -r now
- After network manager finishes rebooting, try the web login in a Incognito browser
Home > VMWare platform > VMWare NSX > Avoid password expiry on NSX managers and edges
