ZAIDE GABRIELA RUIZ LOAIZA
ANALISIS VERTICAL
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 11: Troubleshooting Security
Chapter 11 - Page 8
Practice 11-2: <OPTIONAL> Recovering the Lost Admin Password
Scenario
In your domain, which uses the embedded LDAP authentication provider, you only set up one administrative user (the one that is required to be configured when the domain is created). You forget that user’s password, so you can no longer start servers or change the domain
configuration.
Overview
In this practice, you recover from the loss of the main admin-level user’s password by running the AdminAccount utility.
Assumptions
You completed “Practice 2-1: Accessing and Setting Up the Practice Environment.” (This practice can be done at any time after the domain has been created.)
The admin server is running.
Tasks
1. Shut down the domain.
a. Access the admin console.
b. Use the admin console to force shut down any managed servers that are running. c. Now use the admin console to force shut down the admin server.
d. Close the web browser.
2. Back up the master (embedded) LDAP files.
a. Access host01. Use the File Browser. Navigate to the admin server’s LDAP directory.
Tip: /u01/domains/tshoot/wlsadmin/servers/AdminServer/data/
b. Right-click on the ldap directory and select Copy. c. Right-click in the data directory and select Paste. d. Rename the ldap(copy) directory to ldap-backup.
Tip: Right-click on the directory and select Rename.
e. Do not close the File Browser.
3. Run the AdminAccount utility to create a new, temporary admin username and password in the DefaultAuthenticatorInit.ldift file.
a. First, find the current DefaultAuthenticatorInit.ldift file. Use the File Browser to navigate to:
/u01/domains/tshoot/wlsadmin/security
Note: Make note of the timestamp of the DefaultAuthenticatorInit.ldift file. b. On host01, open a Terminal window.
c. Set the environment variables.
$> source /u01/app/fmw/wlserver/server/bin/setWLSEnv.sh
d. Run the AdminAccount utility.
$> java weblogic.security.utils.AdminAccount
tempadmin Password1
/u01/domains/tshoot/wlsadmin/security
Oracle University and In Motion Servicios S.A. use only
Note: The arguments passed to this Java class are the new username, the new
password, and the location of the DefaultAuthenticatorInit.ldift file. e. Go back to the File Browser and reload the current location (View > Reload). Look at
the timestamp of the DefaultAuthenticatorInit.ldift file, which should have just been updated.
f. Do not close the File Browser.
4. Remove the admin server’s DefaultAuthenticatormyrealmInit.initialized file. Remove the admin server’s boot identity file.
a. Use the File Browser to navigate to:
/u01/domains/tshoot/wlsadmin/servers/AdminServer/data/ldap
b. Right-click on DefaultAuthenticatormyrealmInit.initialized and select
Rename.
c. Rename the file to:
DefaultAuthenticatormyrealmInit.initialized.backup d. Use the File Browser to navigate to:
/u01/domains/tshoot/wlsadmin/servers/AdminServer/security
e. Right-click on boot.properties and select Rename. f. Rename the file to:
boot.properties.backup g. Do not close the File Browser.
5. Start the admin server by using a start script and the new username and password. a. On host01, open a new Terminal window.
b. Navigate to the bin directory of the domain and run the admin server start script.
$> cd /u01/domains/tshoot/wlsadmin/bin $> ./startWebLogic.sh
c. When prompted for the username to boot WebLogic Server, enter: tempadmin d. When prompted for the password to boot WebLogic Server, enter: Password1
Note: The password will not display.
e. Use the Terminal window menu to set the name of the window to AdminServer.
Tip: Terminal > Set Title
f. Minimize the AdminServer Terminal window.
6. Reset the password of the main admin user. Delete the temporary admin user.
a. Access the admin console. On the welcome page, enter the Username of tempadmin and the Password of Password1.
b. In the Domain Structure click Security Realms. In the table, click myrealm. c. Click the Users and Groups tab.
d. Ensure the Users subtab is selected.
e. Click the weblogic user (the main admin user that was configured when the domain
was created).
f. Click the Passwords tab.
g. Enter Welcome1 in both password fields and click Save. h. Return to the table of users.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 11: Troubleshooting Security
Chapter 11 - Page 10 j. Log out of the admin console.
k. Log back in with weblogic and Welcome1. l. The admin console opens.
m. Close the web browser. 7. Clean up.
a. Return to the File Browser on host01. Navigate to the security directory of
AdminServer and rename the file back to boot.properties. b. Right-click on the boot.properties file and select Open with gedit.
c. Type over the encrypted values for username and password with weblogic and Welcome1. The file should look like this:
password=Welcome1 username=weblogic
Note: The order of these attributes does not matter. The timestamp can be deleted, if
you want. When the values are encrypted a new timestamp is written. d. Save the file and close the editor.
e. In the File Browser, navigate to the data/ldap directory of AdminServer and delete the file DefaultAuthenticatormyrealmInit.initialized.backup.
Tip: Right-click on it a select Move to Trash.
f. Navigate to the data directory of AdminServer and delete the directory ldap- backup.
g. Close the File Browser.
h. Find the Terminal window in which the admin server is running. Press Ctrl + C to force shut down the server.
i. In that same Terminal window, navigate to the utilities directory and start the admin server with the script.
$> cd /practices/tshoot/utilities $> ./startadmin.sh
Note: Wait for the admin server to start. If it starts successfully, the
boot.properties file (with the “updated” username and password) is working. j. Close the Terminal window.
k. Exit the VNC Viewer.
l. If you are continuing to work in the domain, use the admin console to start the
managed servers.