- Configuring Users, User Groups, and Command Policies
- Resetting the Default Administrator (nsroot) Password
- Example of a User Scenario
- Configuring External User Authentication
Resetting the Default Administrator (nsroot) Password
Nov 24, 2014
The nsroot account provides complete access to all features of the appliance. Therefore, to preserve security, the nsroot account should be used only when necessary, and only individuals whose duties require full access should know the password for the nsroot account. Frequently changing the nsroot password is advisable. If you lose the password, you can reset it to the default and then change it.
To reset the nsroot password, you must boot the appliance into single user mode, mount the file systems in read/write mode, and remove the set NetScaler user nsroot entry from the ns.conf file. You can then reboot, log on with the default password, and choose a new password.
To reset the nsroot password
- Connect a computer to the console port of the NetScaler ADC and log on.Note: You cannot log on by using SSH to perform this procedure; you must connect directly to the appliance.
- Reboot the NetScaler ADC.
- Press CTRL+C when the following message appears:
Press [Ctrl-C] for command prompt, or any other key to boot immediately.
Booting [kernel] in # seconds.
- Run the following command to start the NetScaler in a single user mode:
boot -s
Note: If boot -s does not work, then try reboot -- -s and appliance will reboot in single user mode.After the appliance boots, it displays the following message:
Enter full path name of shell or RETURN for /bin/sh:
- Press ENTER key to display the # prompt, and type the following commands to mount the file systems:
- Run the following command to check the disk consistency:
fsck /dev/ad0s1a
Note: Your flash drive will have a specific device name depending on your NetScaler; hence, you have to replace ad0s1a in the preceding command with the appropriate device name. - Run the following command to display the mounted partitions:
df
If the flash partition is not listed, you need to mount it manually.
- Run the following command to mount the flash drive:
mount /dev/ad0s1a /flash
- Run the following command to check the disk consistency:
- Run the following command to change to the nsconfig directory:
cd /flash/nsconfig
- Run the following commands to rewrite the ns.conf file and remove the set of system commands defaulting to the nsroot user:
- Run the following command to create a new configuration file that does not have commands defaulting to the nsroot user:
grep –v “set system user nsroot” ns.conf > new.conf
- Run the following command to make a backup of the existing configuration file:
mv ns.conf old.ns.conf
- Run the following command to rename the new.conf file to ns.conf:
mv new.conf ns.conf
- Run the following command to create a new configuration file that does not have commands defaulting to the nsroot user:
- Run the following command to reboot the NetScaler:
reboot
- Log on using the default nsroot user credentials.
- Run the following command to reset the nsroot user password:
set system user nsroot <New_Password>
Note: To use the "?” character in a password string, precede this character with the “\” character.
For example, yourexamplepasswd\? is set for the nsroot account after you perform the following operation:
> set system user nsroot yourexamplepasswd\?
Support:
https://www.citrix.com/support
Feedback and forums:
https://discussions.citrix.com