APC UPS Data Center & Enterprise Solutions Forum
Schneider, APC support forum to share knowledge about installation and configuration for Data Center and Business Power UPSs, Accessories, Software, Services.
Posted: 2021-06-30 12:43 AM . Last Modified: 2024-03-11 03:41 AM
Link copied. Please paste this link to share this article on your social media post.
Posted: 2021-06-30 12:43 AM . Last Modified: 2024-03-11 03:41 AM
Hello,
Regarding the syntax for local admin password resets, and the commands, how can I test and configure the local admin password? we have a RADIUS configured APC that is set to RADIUS then local. I tried to switch to local only after rotating the password using the user -ap
Thanks for any and all help.
-Chris
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2021-06-30 12:43 AM . Last Modified: 2024-03-11 03:40 AM
Hi Chris,
For checking in CLI for the admin name, you'll need some sort of administrator access and do user -an
command (with no value to change) on AOS 5.1.3 and it will show you the current admin name. If you have no admin access, then you'd have to do the password reset procedure and/or gain access via console connection to get in.
I don't have RADIUS going to check this right this second but I believe when you're logged in via RADIUS, you should still be able to see the local accounts too via what I mentioned above. You could try that same command to see the local account name to check before you "hide" or disable the RADIUS servers to make them appear inaccessible or also look under Administration->Network->Local Users in web UI, and look at Administrator in the menu and that should show the local admin username.
Hope that makes sense and helps clarify.
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2021-06-30 12:43 AM . Last Modified: 2024-03-11 03:41 AM
Hi Chris,
Unfortunately, I think you already sort of figured out the answer.
"RADIUS, then local" authentication mode will only fall back to local if RADIUS is unreachable over the network, NOT in the case of a RADIUS auth failure or anything like that. So your options to bypass this would be to remove the RADIUS server from the network temporarily (so NMC can't reach it) or as you already did, move back to local authentication only to test the local credentials you have configured.
In 5.X.X firmware specifically, using a console cable connection via serial will bypass the RADIUS server I believe. This is is off by default in 6.X.X firmwares but can be disable to allow serial override, like 5.X.X allows.
Since SSH is a remote/network log in, it operates the same way as mentioned above. You can only test a local login with it if you hide the RADIUS server from the NMC over the network or switch to local only authentication.
P.S. AOS (APC OS) 5.1.3 is around 7 or 8 years old now and is a really old version. I just wanted to mention it because we are at version 6.X.X these days and is the firmware revs we actively fix any bugs on, add new features, etc. So if AOS 5.1.3 is what you're standardized on, I understand, but it is really old and effectively unsupported by us at this time. I am not sure if modern SSH clients work with the older SSH server on this rev to be honest.
But, just a note 6.X.X is radically different from v5. There are some similarities but a lot of differences, especially on CLI, web, and under the hood.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2021-06-30 12:43 AM . Last Modified: 2024-03-11 03:41 AM
Link copied. Please paste this link to share this article on your social media post.
Posted: 2021-06-30 12:43 AM . Last Modified: 2024-03-11 03:41 AM
Hi Angela,
Most of our stuff is 6.x, just a few stragglers with the 5.1.3. So essentially the best way to test is via local only and hide the RADIUS servers? How can I tell what the name of the local admin is? I believe I changed it to "admin" but even with local only enabled it says access denied. So I assume it's console only at that point. Just want to be sure I understand that portion. Is there a way via CLI to list local users in the local database?
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2021-06-30 12:43 AM . Last Modified: 2024-03-11 03:40 AM
Hi Chris,
For checking in CLI for the admin name, you'll need some sort of administrator access and do user -an
command (with no value to change) on AOS 5.1.3 and it will show you the current admin name. If you have no admin access, then you'd have to do the password reset procedure and/or gain access via console connection to get in.
I don't have RADIUS going to check this right this second but I believe when you're logged in via RADIUS, you should still be able to see the local accounts too via what I mentioned above. You could try that same command to see the local account name to check before you "hide" or disable the RADIUS servers to make them appear inaccessible or also look under Administration->Network->Local Users in web UI, and look at Administrator in the menu and that should show the local admin username.
Hope that makes sense and helps clarify.
Link copied. Please paste this link to share this article on your social media post.
Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.