Changing the ESC Password
You will be forced to change the default password on the first time login. Portal will not let you bypass this step and will keep returning you to this page until you change the default password. After the first time password change, you can change your password using the procedures described in this section. Also, if the user has multiple browsers or tabs or the SAME user is logged on by 2 or more computers and one of the user changes the password then everyone will be logged off and asked to re-enter the new password. The user session has an expiry of 1 hour so if the user is inactive on the portal for an hour then portal will expire the session and the user will have to re-login. If you forgot your password, you can also update or randomly generate the password.
This section discusses how to change the passwords.
sudo escadm rest set --username {USERNAME} --password {PASSWORD}
sudo escadm etsi set --rest_user {USERNAME:PASSWORD}
Changing the ConfD Netconf/CLI Administrator Password Using the Command Line Interface
After you install ESC, to change the Confd admin password, do the following:
Procedure
Step 1 |
Log in to the ESC VM.
|
Step 2 |
Switch to the admin user.
|
Step 3 |
Load the ConfD CLI:
|
Step 4 |
Set the new admin password:
|
Step 5 |
Save the changes.
|
Creating Readonly User Group for ConfD in ESC
ConfD in ESC is enhanced with the introduction of a new group named readonly. If you are a member of readonly group, you can only retrieve the information and you cannot modify the permissions.
# bootvm.py name-500-105-100 --user_confd_pass admin:admin --user_confd_pass readonly:readonly::readonly --user_pass admin:admin --image ESC-5_0_0_105 --net esc-net
confd:
init_aaa_users:
- group: readonly
name: admin
passwd: $6$rounds=4096$Ps1JIjKihRTF$fo8XPBxwEHJWWfNiXDnO269rlhAxAhWBcPBfGnZxy1gM3QMxcN8jJ6guWt9Bu.ZkWdPt3hr0OghO73Wr3iDHb0
[root@name-500-155 admin]# /opt/cisco/esc/confd/bin/confd_cli --user admin
admin connected from 127.0.0.1 using console on name-500-155
admin@name-500-155> configure
Entering configuration mode private
[ok][2019-12-06 18:17:39]
[edit]
admin@name-500-155% set aaa authentication users user test uid 9000 gid 9000 password $0$test homedir /var/confd/homes/test ssh_keydir /var/confd/homes/test/.ssh
[ok][2019-12-06 18:19:15]
[edit]
admin@name-500-155% set nacm groups group readonly user-name test
[ok][2019-12-06 18:19:41]
[edit]
admin@name-500-155% commit
Commit complete.
[ok][2019-12-06 18:19:47]
[edit]
admin@name-500-155%
name@my-server-39:~$ ssh -p 2024 readonly@172.29.0.57
readonly@172.29.0.57's password:
readonly connected from 10.85.103.46 using ssh on name-500-156
readonly@name-500-156> configure
Entering configuration mode private
[ok][2019-12-13 16:15:33]
[edit]
readonly@name-500-156% show esc_datamodel
tenants {
tenant admin {
description "Built-in Admin Tenant";
managed_resource false;
vim_mapping true;
}
}
[ok][2019-12-13 16:15:38]
[edit]
$ esc_nc_cli --user readonly --password readonly edit-config dep.xml
Configure
/opt/cisco/esc/confd/bin/netconf-console --port=830 --host=127.0.0.1 --user=readonly --password=****** --edit-config=/tmp/d.xml
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-type>application</error-type>
<error-tag>access-denied</error-tag>
<error-severity>error</error-severity>
</rpc-error>
</rpc-reply>
If ESC is configured to use PAM/IDM. The groups in IDM servers are directly mapped to the groups in ConfD. Hence, the readonly user must be mapped in the IDM group 'readonly'.
$ ipa group-find --all readonly
---------------
1 group matched
---------------
dn: cn=readonly,cn=groups,cn=accounts,dc=linuxsysadmins,dc=local
Group name: readonly
GID: 5003
Member users: readonly
ipantsecurityidentifier: S-1-5-21-2222126199-2113948134-574478857-1003
ipauniqueid: 858b8cda-0d34-11ea-bca8-525400b29c19
objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup, ipantgroupattrs
----------------------------
Number of entries returned 1
----------------------------
Changing Linux Account Password
Procedure
Step 1 |
Log in to ESC VM.
|
Step 2 |
To update or generate a random password, use the following command:
|
Changing the ESC Portal Password
The user can update or reset the default admin password.
Procedure
Step 1 |
Log in to ESC VM. |
Step 2 |
Switch to the root user. |
Step 3 |
To update the default admin password or randomly generate a password, use one of the following method:
|