Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

DL145G3, lost admin priv on LO-100

SOLVED
Go to solution
Highlighted
Steve R Martin
Occasional Advisor

DL145G3, lost admin priv on LO-100

Hi All,

Due to my own stupidity, I have lost the administrator privilege to the admin account for the Lights-out 100. I have tried the trick of re-loading the FW, but it doesn't reset the privilege for the admin account, only the password. Without the administrator privilege, I can't get to the user administration web page or make a change through the CPL. There is a way to reset the CMOS settings, but I wonder if that will really work? I have to schedule the downtime to try it. Short of replacing the mother-board, is there a work-around?

TIA
7 REPLIES
KarloChacon
Frequent Visitor
Solution

Re: DL145G3, lost admin priv on LO-100

hi steve

check if this can help you

http://forums12.itrc.hp.com/service/forums/questionanswer.do?threadId=1227083

regards
Didn't your momma teach you to say thanks!
Steve R Martin
Occasional Advisor

Re: DL145G3, lost admin priv on LO-100

Thanks Karlo, that gave me the clues I needed. The steps I took basically involved enabling one of the other "admin" accounts that hadn't had it's privilege changed (user 6 in my case.) Then I changed the password to that account and enabled it. (It's a good thing I wasn't too anal in the beginning to clear all the unused accounts!) At that point I could log in as "admin" and fix my botched user accounts through the web interface. Since the OS is Linux, I could use the "ipmitool" command to make it all happen. If someone needs the exact steps, just drop me an email or reply to this thread.
KarloChacon
Frequent Visitor

Re: DL145G3, lost admin priv on LO-100

hi

glad that the link provided you some help

I think would be great if you post the steps here it would be useful for more people

thanks

Didn't your momma teach you to say thanks!
Gary Antonio Be
Acclaimed Contributor

Re: DL145G3, lost admin priv on LO-100

How to Reset a Forgotten Lights-Out 100 Password?

Upgrade the firmware for the BMC (Lights-Out 100) and it will automatically reset the admin password to the default (i.e., username:admin , password:admin).

or

How To Reset the LO 100 Administrator Password on the DL 145 G3?

Resolution/Workaround

1. Download the ipmitool for DOS.

2. Boot the system to a DOS-based OS. One way to accomplish this is to use a USB key with DOS installed and with the ipmitool.exe file.

3. Type the following command line sequence:

ipmitool 20 18 47 03 02 61 64 6d 69 6e 00 00 00 00 00 00 00 00 00 00 00

This will cause the system to reset the administrator's password to the default value of admin.

The ipmitool for DOS can be found on the web. This URL

http://www.intel.com/design/servers/ipmi/ipmi_tool.htm

If it's not fun, you're not doing it right
Steve R Martin
Occasional Advisor

Re: DL145G3, lost admin priv on LO-100

If you look carefully, it wasn't just the password that was lost. I had set all the enabled accounts to operator privilege. Not good if you need to create more users or change passwords.

Here is what I did to fix it. This seems like a security hole, but maybe someone has a way to block it. Fortunately, I wasn't so anal that I deleted all the other accounts. Maybe that is the fix to the security issue.

Using ipmitool from the host OS (SLED 10 SP2 here):
- Make sure the ipmi service is running. This will create the kernel interface /dev/ipmi0. (BTW, If you come across ipmitool asking for the , mine turned out to be 2. I only found it by starting with 0 until one worked.)

- This shows a list of all the users and their ID. (Tabs won't line up here.)
$ ipmitool -v user list
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
2 Administrator true false false Unknown (0x0)
3 root true false false Unknown (0x0)
4 OEM true false false Unknown (0x0)
5 Administrator true false false Unknown (0x0)
6 admin true false false Unknown (0x0)
7 OEM true false false Unknown (0x0)
8 Operator true false false Unknown (0x0)
9 admin true false false Unknown (0x0)
10 OEM true false false Unknown (0x0)
11 Operator true false false Unknown (0x0)
12 admin true false false Unknown (0x0)
13 OEM true false false Unknown (0x0)
14 Operator true false false Unknown (0x0)
15 admin true false false Unknown (0x0)
16 OEM true false false Unknown (0x0)

- I needed to enable another "admin" account because it was set to
administrator privilege.
$ ipmitool -v user enable 6

- I then set the password to admin. (Maybe I didn't need this step.)
$ ipmitool -v user set password 6 admin

- At this point I could log into the web interface and fix the other accounts I was having trouble with and disable the new admin account.

HTH
KarloChacon
Frequent Visitor

Re: DL145G3, lost admin priv on LO-100

great Steve thanks a lot.

the knowledge base is growing :-)
Didn't your momma teach you to say thanks!
Gary Antonio Be
Acclaimed Contributor

Re: DL145G3, lost admin priv on LO-100

I see! I though it was a forgotten password, but this is good to know. Thanks for the information, this is great. :-)
If it's not fun, you're not doing it right
//Add this to "OnDomLoad" event