System information

ManualsBrandsDestination Audio ManualsComputer equipmentCS500C

461

462

463

464

465

466

467

468

469

470

Troubleshooting Security Implementations 24-479

Recovering a Lost Password

This section describes the procedures required to recover a lost login or enable password. The

procedures differs depending on the platform and the software used, but in all cases, password

recovery requires that the router be taken out of operation and powered down.

If you need to perform one of the following procedures, make certain that secondary systems can

temporarily serve the functions of the router undergoing the procedure. If this is not possible, advise

all potential users and, if possible, perform the procedure during low-use hours.

Note Make a note of your password and store it in a secure place.

All the procedures for recovering lost passwords depend on changing the conﬁguration register of

the router. Depending on the platform and software you are using, this will be done by reconﬁguring

the router software or by physically moving a jumper or DIP switch on the router.

Table 24-11 shows which platforms have conﬁguration registers in software and which require that

you change the jumper or DIP switch position to change the conﬁguration register.

CHAP is misconﬁgured Step 1 Use the show running-conﬁg privileged exec command to make sure the

router is conﬁgured for CHAP authentication. The router conﬁguration

should include the following interface conﬁguration commands for each

async interface that should use CHAP authentication:

encapsulation ppp

ppp authentication chap

ppp use-tacacs

Step 2

If the commands are not present, add them to the conﬁguration.

In the following example, asynchronous interface 1 is conﬁgured to use

TACACS for CHAP authentication:

interface async 1

encapsulation ppp

ppp authentication chap

ppp use-tacacs

No CHAP supplementary ﬁle

deﬁned on XTACACS server

Step 1 Check to see whether there is a CHAP supplementary ﬁle deﬁned on the

XTACACS server. This ﬁle should be located in the xtacacsd directory.

Step 2 If there is not a CHAP supplementary ﬁle, create one. The ﬁle should

contain a list of usernames and cleartext CHAP passwords in the following

format:

user:#:#:ARAP password:CHAP password

Note: You cannot use /etc/passwd with CHAP.

Step 3 After the supplementary ﬁle is created, restart the XTACACS daemon with

the following command:

xtacacsd -s -l -f

supplementary-filename

Username and password not in

/etc/passwd

Step 1 Make sure that the appropriate username and password pairs are contained

in the /etc/passwd ﬁle.

Step 2 If the appropriate users are not speciﬁed, generate a new user with the

correct username and password using the add user command.

IP connectivity problem For information on troubleshooting IP connectivity, see Chapter 24,

“Troubleshooting Security Implementations.”

Possible Problem Solution