CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Resetting the cadmin password

  1. #1
    Join Date
    2007-11-05
    Posts
    31
    Rep Power
    0

    Default Resetting the cadmin password

    Hi all

    I recently took over support of a firewall R77.20 Gaia that I was not given all the passwords for.

    I have the admin and expert password, but sadly none of the passwords I have work for the cadmin user account.

    I now need to make changes to the webgui and command line, specifically the routing table - and I cannot

    Is there a way to reset the password on the cloning group?

    failing that, Im considering breaking the cloning group, but Im worried that a whole load of settings will dissappear - routes, users, and anything else thats cloned. - Any advice in that way?

    Any help that you could provide, would be great

  2. #2
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,147
    Rep Power
    16

    Default Re: Resetting the cadmin password

    Anything that is cloned in the Cloning group is really copied to both members and stored locally in each members own config.

    In the WebUI you should be able to overwrite the password.
    Just for the very short term, the trick to get a route added without using the cadmin user is by adding the space character in front of the command while in clish, just make sure you execute the command on both members.

    Last but not least, you can remove both members from the cloning group and recreate a new one and add the second member again, now you are back where you started and you have a new password.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  3. #3
    Join Date
    2007-11-05
    Posts
    31
    Rep Power
    0

    Default Re: Resetting the cadmin password

    Quote Originally Posted by msjouw View Post
    Anything that is cloned in the Cloning group is really copied to both members and stored locally in each members own config.

    In the WebUI you should be able to overwrite the password.
    Just for the very short term, the trick to get a route added without using the cadmin user is by adding the space character in front of the command while in clish, just make sure you execute the command on both members.

    Last but not least, you can remove both members from the cloning group and recreate a new one and add the second member again, now you are back where you started and you have a new password.
    Thanks for the reply

    Unless you log in as cadmin, you cannot change its password. Because the Cloning Group controls users, then you cannot change any users settings (other than your own), including passwords, unless you have access to the cadmin account.

    Can you give me an example about that "adding the space character in front of the command while in clish"? Im not sure I understand what you mean

    So, specifically, if we break the cloning group, neither Firewall will loose the usernames / routes and any other cloned info?

  4. #4
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,147
    Rep Power
    16

    Default Re: Resetting the cadmin password

    Users are not "controlled by" cadmin but by a user with the RBA Admin role.
    What I mean by adding a space, is you login with ssh to the FW and use the admin account, you should see a prompt showing the hostname ended by the > character:
    FW1>
    Now you can type clish commands see the command line reference guide.
    But when you need to add a new static route, you type: " set static-route 10.10.10.0/24 nexthop gateway address 10.15.15.1 on"
    This will create a route for net 10.10.10.0/24 to point to 10.15.15.1

    Make sure to do this on both members.
    That said I just tested it on another gateway cluster in clish you type the following:
    "set cloning-group password" and hit the enter key, it will ask for the NEW password and for confirmation, make sure to do this on both members!! Now you have changed the password for both members and the cadmin user.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

Similar Threads

  1. Replies: 1
    Last Post: 2016-02-12, 12:35
  2. CP resetting connections
    By *tomo* in forum Firewall Blade
    Replies: 11
    Last Post: 2015-12-23, 11:20
  3. Resetting admin password on Nokia Mgmnt Server
    By gladiatorkev in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 1
    Last Post: 2008-09-01, 16:56
  4. Resetting admin password on Nokia Module
    By gladiatorkev in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 2
    Last Post: 2008-08-20, 05:56
  5. Lost cadmin Nokia IP390 cluster
    By seanw in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 4
    Last Post: 2007-08-13, 12:18

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •