Revisit to lost admin password



  • We lost our admin under unfriendly circumstances and I'm now tasked with trying to reset our system passwords.  I've read all of the other "lost my password" posts and the primary solution of "/etc/rc.initial.password" does not work for me since that's a php script on my pfSense system.

    Since the base system paths are not complete after a single user login, where should I look to find the php engine to run the password reset?



  • You can't go to the console and hit option 3 to reset the WebConfigurator password?



  • why doesn't the php script work ? (granted, its been a while since i've tried this)

    https://doc.pfsense.org/index.php/Locked_out_of_the_WebGUI



  • I can't get into the normal console from single user mode that I'm aware of.

    It doesn't work because the php interpreter isn't found.


  • Banned

    What single user mode? Have you password-protected the console menu, or… ?



  • The original admin has the console and the webgui locked down.  The only "IN" that I can find is through option 5 on the pfSense boot menu for single user mode.

    Once booted and sitting at the sh prompt, I remount "/" as rw and try to exec "/etc/rc.initial/password" which results in a "command not found" message.  Starting it with "/bin/sh /etc/rc.initial/password" results in the php interpreter not found.



  • you can try this:

    
    /usr/local/bin/php /etc/rc.initial.password
    
    


  • That was the missing piece, but I got to the result via a more "unexpected" route.

    I discovered that the old admin had created our custom admin account for the system, but had never disabled the default admin / pfsense account.  On a whim, I just tried logging in with those credentials and et voila!

    It never ceases to amaze me how some people can even get out of bed without killing themselves…


  • Banned

    @tolistim:

    I discovered that the old admin had created our custom admin account for the system, but had never disabled the default admin / pfsense account.

    I would think that it was not really such a loss, regarding the former admin…  :o ::)



  • Yes - uncovering lots of little things that are wrong with our internal systems.  I now know why he had the firewall at his desk instead of in the server room.

    A friend once told me "that old adage of 'you get what you expect' is wrong.  It should be 'you get what you INSPECT'."

    I'm starting to realize the wisdom in that.



  • "Oh, for God's sake!"




  • Definitely!


Log in to reply