Lost admin/root password

PaoloA · May 5, 2009, 2:48 PM

Situation: PFSense installation, but installator vanished.
No one have the admin/root password.
Reinstalliing isn't so simple … (many undocumented configurations ...)
We can't reset from console menu because is enabled password protection for the console on the Advanced page.
Any other recovery console, single user mode (as in Linux), ...?
Can I boot from some CD/distro, mount the disk and manually replace the password editing some passwd/shadow file?
Or mount the disk to another pfsense box and edit from it?

Regards, P.

AhnHEL · May 5, 2009, 4:04 PM

You can reset the password through the console, option 3.

To get to the console depends on whether you have an embedded installation, serial port can be used. Or if you have a full install then you can access console locally (vga+keyboard)

dotdash · May 5, 2009, 4:22 PM

@onhel:

You can reset the password through the console, option 3.

@PaoloA:

We can't reset from console menu because is enabled password protection for the console on the Advanced page.

Sometimes it helps to slow down and read the whole thing.

jimp · May 5, 2009, 4:55 PM

If you boot to single user mode, you should be able to change the admin/root password from there.

Reboot the system, and you should see a menu for a very short time (~3sec) and one of the choices is for Single User Mode.

If you need more detailed instructions, I'll see if I can work some out and put them in the FAQ.

jimp · May 5, 2009, 4:57 PM

It may be as simple as this:

#1: Boot to Single User Mode
#2: When prompted, press enter to start /bin/sh
#3: mount -a -t ufs
#4: /etc/rc.initial.password

jimp · May 6, 2009, 3:06 PM

I confirmed that the procedure from my last message does work, and added that to the WebGUI lockout FAQ:

http://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI%2C_help!#Forgotten_Password_with_Locked_Console

PaoloA · May 6, 2009, 4:23 PM

Simple, but … ;-)
How can I boot in Single User Mode?

The installation is a 1.2.1-RC1
At boot I have only a fake menu "F1 FreeBSD " but really I can only confirm the F1
During the boot process I have a "press other key to ... ", but in 10 reboot I have no result in my attempts :-(

Where is the tricks? ;-)))

Regards, P.

jimp · May 6, 2009, 4:29 PM

After you press F1, you should (very briefly) see the loader menu. Press space to pause at the menu if you need more time to look at it, or press 4. You may just need to press 4 a bunch of times after hitting f1 to be sure you get it.

There isn't any real "trick" to it, other than catching the menu before it flies by.

dotdash · May 6, 2009, 4:43 PM

Sometimes it's really hard to get the menu. Especially when it's on a serial console. You can try CTRL-C to break when it's running a script. I did this once when fsck was running after I unceremoniously dumped the box after failing to catch the one second menu on a serial terminal for the tenth time.

JamesCarter · May 9, 2009, 3:24 PM

I can confirm that the procedure outlined by jimp worked well.

I am running 1.2.2… lost the admin password due to a twitchy finger... damn fingers...

Step 3: /sbin/mount -a -t ufs