FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 194287
Description
How to reset the root password for the CLI when it has been lost or forgotten on a CentOS 5 system.  This procedure can be done on hardware and VM.

Note:  This procedure requires a reboot of the appliance.

Solution


Access local console (on hardware or VM) and execute the following procedure:


1. Boot appliance to its bootup sequence. 
2. Wait for the "GRUB" menu.
3. Interrupt the boot process at this point by pressing the space bar.

4. You will be presented with a menu that looks something like this:

(this menu is specific to openSuSE 10.1 systems)

NACServer
NACServer(SCSIRAID)
MemoryTest
NACServerkernel‐2.6.22.5‐31
NACServerkernel‐2.6.22‐bsc3(SMP‐capablekernel) 


(this menu is specific to CentOS systems)

Memtest86+ (1.65)
CentOS (2.6.18­164.el5)
CentOS (2.6.18­164.el5) w/Serial Console

One of the above lines will be highlighted

This means is "if you hadn't interrupted the boot process, 

This is the operating system and kernel that would have used.

You want to use the highlighted default operating system / kernel.

NOTE: in the case of CentOS, the option “CentOS (2.6.18­164.el5)” seems to work

Press the "e" key to edit 
At this point you will see a couple of lines that will look something like this:

root(hd0,1)
kernel/boot/vmlinuz‐2.6.22‐bsc3root=/dev/sda2console=tty0
console=ttyS0,9600n8
initrd/boot/initrd‐2.6.22‐bsc3

Using the cursor key, move down to line that starts with the word "kernel".


5. Press the "e" key to edit this line.

6. Move to the end of the line, and append " single" to the end of this line.

It is important to make sure that there is a space between the "single" and the line your editing


Example
kernel/boot/vmlinuz‐2.6.22‐bsc3root=/dev/sda2console=tty0console=ttyS0,9600n8 single

7. Hit return to finish editing the line. 
Note: You are specifying a command­ line parameter to boot the kernel in single user mode.


8. Press "b" to boot the kernel.

At this point you will boot into single ­user mode.

At the end of the boot sequence you will be presented with a # prompt.


Note* 

The # prompt in single user mode should be returned within 1 minute after reaching the SElinux line

If the boot sequence stops and stays on the SELinux for more than 1 minute.

SELinux: disabled at runtime type=1404 audit(1461810656.761:2): selinux=0 auid=4294967295 ses=4294967295

Reboot and repeat steps 1 through 8 but select another OS in step 4

 

9.  Type passwd root

10. Type in the new root password.

11. Type reboot to boot into the regular mode.

12. Log in with the new root password to confirm it works.

13. Once a known password has been created, reset the CLI password via the Configuration Wizard.  For instructions, refer to the related KB article below.  Use the newly created password as the existing password.



Related Articles

Technical Tip: FortiNAC CLI password recovery

Technical Note: Change root CLI password

Contributors