FreeBSD

How To: Budget Network Attached Raid 5 Fileserver, Part 3

Posted by Rick on in Hardware, Open Source, Technology How To's 0 Comment

The server is up and running, the drives are formatted and now serving just under 750gb of Raid5 goodness. Since I have a mixed network of machines, Windows and Mac I need to make it will work with each of those. So we’re going to setup SMB. I could also setup NFS as it’s slightly faster and would add compatibility to Linux machines but it’s not needed in this case. And SMB is actually a more common need since most people run Windows.

Again, counter intuitively I found it was best to setup users first before trying to setup the actual shares. There are two ways to do this. The easy way, or the secure way. If the NAS server is on a local home network, guest access may be the way to go. But I always suggest even in such cases to at least have basic security.Go to Access then Users and Groups. Type in the name of the first user and a password. Leave the User ID to default, it will increment automatically for every new user created. The next option, Primary Group has a drop down list of the standard Unix groups.      

Users and Groups   

The first user should be added to the admin group. Other groups can be staff and wheel. This will give the user maximum permissions to read and write files. Again for home use this is sufficient. Of course FreeNAS also has access to add LDAP and Active Directory authentication. Both of these are simple setups for any System Administrator.Since it’s first on the list, and there are more Windows users around, we’ll explore setting up SMB before NFS. Under Services go to CIFS/SMB. Click on the Shares Tab, then the Plus to add a new share. I simply called the name raid and put in a comment to note which raid it was. (In this case, raid because it’s the only one.) On the path option click on button with three dots. This brings up a filebrowser window, chose the raid directory that we’ve already setup and hit ok.  

File Browser  

 As can be seen below the it automatically puts in /mnt/raid which is what we setup back in Part 2.  

shares   

Before clicking the OK button notice two options for increased security. Host Deny and Host Allow. Adding in specific IP addresses to the allow box and ALL for deny will greatly increase security for connections. Keep in mind if the IP address of the computer changes, for instance DHCP on the DSL/Cable router is reset this could cause connection problems later on. At this point, the server is ready to test. Mac OS X 10.5(Leopard) actually sees these connections automatically, even if sharing across SMB (under file sharing) is turned off. Mac OS X 10.4 (Tiger) will need to connect to the drive via the Connect to Server option. Windows can now be connected just like any other server. Vista Directions are here, and Windows XP is here

FreeNAS is an incredibly powerful program. Even though it’s still only in Beta it seems like a very solid product and does RAID NAS very well. I’ve really enjoyed playing with it and want to give a big congratulations to the development team for a job well done.

How To: Reset Admin/Root Password

Posted by Rick on in Hacking, Microsoft, Technology How To's 25 Comments

How To: Reset Admin/Root Password

Anyone who has been in the IT business for any length of time knows literally hundreds of passwords. As we get older though it becomes harder and harder to remember each password and continue with safe security practices. Many companies have gone to centralized password systems. But such software is not always compatible with every OS there is. In such cases as the four year old FreeBSD server sitting in the corner that serves one application. So, here is a large list on ways to reset the root password or administrative user on many operating systems. Keep in mind that these instructions all assume you have physical access to the server in question.

FreeBSD (all versions)

  1. Turn Server off. Hitting the Power Button should start a shutdown cycle.
  2. Hit ESC when the OS starts booting
  3. Choose option 4 to boot into Single User Mode
  4. When asked for a shell, hit enter to default to /bin/sh
  5. Once the machine is booted and you see the hash, type
    1. mount -u /
    2. mount -a
  6. Type passwd to reset the password
  7. Enter new password and confirm it. “pam_chauthok(): error in service module” means that the filesystem is not mounted. Follow step 5 again.
  8. Type reboot or hit the power button again to reboot the machine normally.

Linux (Lilo Loader)

  1. Reboot machine
  2. Hit Esc to get to boot prompt if it doesn’t to it automatically
  3. type: linux single
  4. type: passwd
  5. Enter in and confirm new password
  6. type: sync
  7. type: reboot

Linux (GRUB loader)

  1. Reboot machine
  2. Hit Esc to get to boot prompt if it doesn’t to it automatically
  3. Select the Kernal. Hopefully there is only one or two and the names are descriptive. But any one SHOULD work.
  4. type: e
  5. Select the line that starts with “Kernal”
  6. type: e (again)
  7. Add the letter s (in lower case) to the very end of the line
  8. Hit Enter
  9. type the letter b to start booting
  10. Mount the drives type:
    1. mount -t proc proc /proc
    2. mount -o remount,rw /
  11. type: passwd
  12. Enter in new password and confirm it
  13. type: sync
  14. type: reboot

OS X (All Versions) OS X has two ways to reset the Administrator Password.

Option 1:

  1. Find the computer’s original boot disc. These are system specific. If it’s not available, any OS X retail boot disk will work. The wrong disc will give an error message.
  2. Boot off the disc. Accomplish by holding down the c key during power up.
  3. At the Menu go to: Utilities
  4. Choose “Reset Password”
  5. Enter in new password and confirm
  6. Click on Installer
  7. Choose Quit

Option 2:

  1. Hold Down Apple+S while booting computer
  2. Type: sh /etc/rc
  3. Type: passwd root (if that doesn’t work try admin or administrator instead of root)
  4. Enter in new password and confirm
  5. Type: reboot

Solaris (On Sun Hardware)

You must have the Solaris CDRom to do this. If you do not have physical media, get it here. Note that this download is for Ver10, so may not work on older versions.

  1. Reboot Machine
  2. Hit Stop +A to get to the OK prompt
  3. Type: boot cdrom -s
  4. Once booted off the CDRom, type: mount /dev/disk/c0t0d0s0 /a (those are Zeros)
  5. Type: vi /a/etc/shadow
  6. Use the h,j,k,l keys to move around in vi (or go here for more commands)
  7. On the second line, which says root:<bunch of random letters/numbers> type: dd
  8. Type: :wq! to save and quit out of vi
  9. Type: umount /a
  10. Type: boot ok -s (to boot into single user mode)
  11. Type: passwd
  12. Enter in new password and confirm it
  13. Type: reboot

Note that many Solaris systems may have mirrored volumes, a volume manager or other method of copying the full filesystem. If this is the case these instructions will need to be followed for both volumes, otherwise corruption can easily occur.

Solaris (i386/Intel Hardware)

Again you should have the CDRomto boot off of.

  1. Reboot Computer
  2. Enter Bios and Change Boot Order to CDRom first if needed
  3. Boot Computer
  4. On Boot Menu choose Single User mode, which is Option 6 on Solaris 10
  5. Choose Yes when asked to mount the root filesystem
    1. If you choose “No” it can still be mounted with the same command, /dev/disk/c0t0d0s0 /a (those are Zeros)
  6. Type: vi /a/etc/shadow
  7. Use the h,j,k,l keys to move around in vi (or go here for more commands)
  8. On the second line, which says root:<bunch of random letters/numbers> type: dd (to delete whole line)
  9. Type: :wq! to save and quit out of vi
  10. Typ: cd /
  11. Type: umount /a
  12. Type: init s
  13. At password prompt hit enter key
  14. Type: passwd root
  15. Enter in new password and confirm it
  16. Type: reboot

General Windows

Amazingly Windows Server does not have an easy way to recover the password. Microsoft would call this security, but do provide a package of recovery software that does the job. But it costs $199. Tech Trax has an article on reseting the password on XP system via the XP install disc. Or you can download an emergency boot cd from here, here, or buy a password cracker from here. Be extremely careful with downloading Windows password crackers from the Internet. Yes they may work, but it’s more likely they are actually a Virus or a Trojan and could cause more problems then you have already.

*edit* Hiren’s BootCD has several utilities that will allow the reseting of Windows passwords.

Windows 7
This does not reset the password, but allows you to make a new Administrative user who can then change the password in the control panel for the other user.

  1. Boot off your Windows 7 DVD
  2. Choose “Repair your computer”
  3. Go to the recovery environment
  4. Open command prompt
  5. Type “cd windowssystem32”
  6. Type “Rename Utilman.exe Utilman.exe.bak”
  7. Type Copy cmd.exe Utilman.exe
  8. Reboot Computer
  9. At Login Screen, hold down the Windows and “U” keys
  10. Type net user /add NewAccount mypassword (use your own name for NewAccount)
  11. Type net localgroup administrators NewAccount /add (replace NewAccount with the name used above
  12. Login with new user
  13. Go to Start -> Control Panel -> User Accounts and Family Safety
  14. Click on User Accounts
  15. At the bottom of “Make changes to your user account area” click “Manage another account”
  16. Choose old user
  17. Click “Change Password”
  18. Enter the new password
  19. Logout of the current account
  20. Login to the old account with the new password

Windows 8
User the Microsoft Diagnostic and Recovery Tools (download here) to reset the password.