2 Replies Latest reply on Apr 22, 2013 11:54 AM by Rick Sanders

    BBNA 8.1.01 - Admin locked out

      We have an unusual situation where we have BBNA installed in a dev environment that is not often used. Both admin accounts have been locked out due to inactivity and we currently can't log into the system.  We use TACACS as an authentication source.

       

      What options do we have. I had a thought that I could re-run the install simply changing the authentication source to local, Log in, unlock the accounts, and then run the install again setting the Authentication Source back to TACACS.  Am I over thinking this?

        • 1. Re: BBNA 8.1.01 - Admin locked out
          Chris Koebel

          Nope, you aren’t – that is what you need to do. There is a script in the BNA Tools directory you can run to reset the password as well.

           

          Cheers,

          Chris

           

          Chris Koebel | Sr. Network Analyst | Adobe Systems Canada Incorporated | 613.940.3700

          1 of 1 people found this helpful
          • 2. Re: BBNA 8.1.01 - Admin locked out

            You can update the BNA database directly to regain / gain access.

             

            The table you are looking for is called 'usr'.  In this table you will find all the IDs that are defined in the BBNA system - even if you are leveraging TACACS BNA still needs a local account defined.  In addition, you will find one field (or table property) called 'root_account'.  If this field is set to "1" the user will have BNA root / admin access.

             

            So, given you are using TACACS for authentication there should be no passwords in the 'usr.encrypted_password' field and, in turn, you should be able to just copy or update any user record in that table whereby given the account ROOT access by setting the 'usr.root_account' field to a value equal to 1.   =)   (Note: This will probably make you think about your audit of the system as well... ? ).  Anyway, as always, you this approach at your own risk!  But, it will work - I've used it several times in the LAB where the same situation occurs.

             

            After making the change above you will likely need to restart the BNA services.  But, this approach will definitely allow you back into the system without having to reinstall anything.

             

            So, in short, .. 1) create an account in TACACS that you know the password, and 2) update or create an account in the BNA database table usr.root_account to grant that user root access (i.e., set the value to 1).  Then, restart the BNA services and try to login again!  PRESTO!! You are back in the game.

             

            Enjoy!