Troubleshooting
Problem
The sections below contain steps to carry out if you need a password to be reset or are locked out of certain accounts in Infosphere Guardium.
Symptom
You are unable to log in to certain accounts on either the CLI or GUI of the Guardium appliance.
Cause
This may be due to
- passwords being forgotten
- the wrong passwords being entered too many times
- the password disable setting.
Resolving The Problem
Locked out of CLI
- output from the following cli command
- Serial number
- Service tag
- MAC address
If you are locked out of cli try following the Guardium CLI Password Reset steps requesting the relevant patch
If you are unable to gain access to cli using this method a webex with IBM Guardium Technical Support will be required in order to gain root access to reset the password. When opening a PMR for this please include the following information about your appliance so that your root password can be found in the repository:
- support show passkey root
Locked out of Acessmgr
- If you are locked out of both the cli and accessmgr accounts, the steps above in Locked out of CLI will take place and then IBM Guardium Technical Support will continue with the following:
- You will be asked to log in to cli (now that you have a new password).
- IBM Guardium Technical Support will unlock accessmgr
- accessmgr password will be reset with the following cli command - the output will be used by IBM Guardium Technical Support to obtain the corresponding password
- IBM Guardium Technical Support will give you this password, you can then log in as accessmgr to the Central Manager GUI to reset the password.
- support reset-password accessmgr random
- If you are locked out of your admin account, follow the steps below:
- Log in to cli and run
- unlock admin
restart gui
- Reset the admin password
Reset password but accessmgr account is still locked?
- If you have reset accessmgr account's password but it is still locked/disabled, complete the following steps:
- Note the number of days given in the output
- Run the following command
- Log in to the GUI as accessmgr
- In cli you can set the disable value back to its original value if required.
- Log in as cli and run
- show password disable
If the output is not 0, then this is the number of days that have been set so that if the user does not log in within this number of days the account is disabled. Continue with the following steps:
- store password disable 0
'Access Denied' for guardcli accounts (1-5)
- Contact IBM Guardium Technical Support, they will carry out the following steps:
- IBM Guardium Technical Support will log into your appliance as root user.
- The following root command will be run by IBM Guardium Technical Support
- IBM Guardium Technical Support will ask you to enter a new password
- passwd guardcli<n>
NOTE
If you do not allow webexs/root access IBM Guardium Technical Support can send you a RAS command to run in CLI in order to reset your passwords. You would need to supply the MAC ADDRESS from the following cli command
- show network macs
No passwords are known
- If you do not know any passwords or are unable to access any accounts you can send the root access key to IBM Guardium Technical Support to try to unlock the other passwords. As user cli run the following command and provide the output to IBM Guardium Technical Support
- support show passkey root
If you do not have the access key you should contact IBM Guardium Technical Support
Related Information
[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0;8.2;8.1;8.0.1;8.0;7.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21655213