Resetting the cadmin password

**Gingerwerewolf** · 2018-10-01

Hi all

I recently took over support of a firewall R77.20 Gaia that I was not given all the passwords for.

I have the admin and expert password, but sadly none of the passwords I have work for the cadmin user account.

I now need to make changes to the webgui and command line, specifically the routing table - and I cannot

Is there a way to reset the password on the cloning group?

failing that, Im considering breaking the cloning group, but Im worried that a whole load of settings will dissappear - routes, users, and anything else thats cloned. - Any advice in that way?

Any help that you could provide, would be great

**msjouw** · 2018-10-01

Anything that is cloned in the Cloning group is really copied to both members and stored locally in each members own config.

In the WebUI you should be able to overwrite the password.
Just for the very short term, the trick to get a route added without using the cadmin user is by adding the space character in front of the command while in clish, just make sure you execute the command on both members.

Last but not least, you can remove both members from the cloning group and recreate a new one and add the second member again, now you are back where you started and you have a new password.

**Gingerwerewolf** · 2018-10-02

Originally Posted by msjouw

Anything that is cloned in the Cloning group is really copied to both members and stored locally in each members own config.

In the WebUI you should be able to overwrite the password.
Just for the very short term, the trick to get a route added without using the cadmin user is by adding the space character in front of the command while in clish, just make sure you execute the command on both members.

Last but not least, you can remove both members from the cloning group and recreate a new one and add the second member again, now you are back where you started and you have a new password.

Thanks for the reply

Unless you log in as cadmin, you cannot change its password. Because the Cloning Group controls users, then you cannot change any users settings (other than your own), including passwords, unless you have access to the cadmin account.

Can you give me an example about that "adding the space character in front of the command while in clish"? Im not sure I understand what you mean

So, specifically, if we break the cloning group, neither Firewall will loose the usernames / routes and any other cloned info?

**msjouw** · 2018-10-02

Users are not "controlled by" cadmin but by a user with the RBA Admin role.
What I mean by adding a space, is you login with ssh to the FW and use the admin account, you should see a prompt showing the hostname ended by the > character:
FW1>
Now you can type clish commands see the command line reference guide.
But when you need to add a new static route, you type: " set static-route 10.10.10.0/24 nexthop gateway address 10.15.15.1 on"
This will create a route for net 10.10.10.0/24 to point to 10.15.15.1

Make sure to do this on both members.
That said I just tested it on another gateway cluster in clish you type the following:
"set cloning-group password" and hit the enter key, it will ask for the NEW password and for confirmation, make sure to do this on both members!! Now you have changed the password for both members and the cadmin user.