Security Software

There is no such root password for Solaris as far as I can remember. While installing Solaris you must define the root password, even with a pre installed version of Solaris the initial user must define a new password. If you can boot the system into single user mode from the installation media you will be able to mount the root filesysten and edit /etc/passwd

Thank you very much. Because the machine firmware password protected, I can't boot to single user mode.

Any other way I can boot to a install disk to wipe out everything and reinstall solaris?

Thanks in advance.

Yes there is, but I cannot post information about the proceedure as it is Sun internal only ( meaning that the information is only available to Sun microsystems service partners and internal engineers ). To reset the LOM password this was you must be able to login to Solaris anyway, if you don't have the root password for the operating systems you will not be able to reset the system password. Catch 22 I know, probably your best bet would be contact Sun hardware support.

If you have root access in the Solaris, this may work for you:

Use the scadm command to reset the LOM admin password, as root run the following commands:

a) cd /usr/platform/`uname -i`/sbin
b) ./scadm userpassword admin

Next time when you go to LOM you should be able to login as admin with the password from step b)

Dnd

Thanks dnd,

Now I solved the root passwd for solais issue, the question now is how to boot to a single user mode to do a clean installation on the box. Nobody remember the firmware passwd anymore, help !!!

Thanks in advance

That's the point I was trying to make originally was - to perform the procedure to reset the firmware password you will need access to root account on Solaris. I also mentioned that with access to the firmware you can halt the system during boot and then boot to single user mode from an installation media. Here the installation program loads a mini kernel and some utilities into memory eg. bourne shell, from this shell you can mount the root slice of the boot disk and reset the root password. The method to reset the firmware password outlined in the Sun System Handbook is marked internal, so I can't provide more information about it.

I think what will happen in this case is what already has happened in tens of thousands of cases: "Frustrated user will give up on his Sun server and just get a Linux server to do what he originally planned to do with this Sun server"
I have 2 Solaris certifications and when I tell this to prospective employers during the job interview they tell me that they used to use Solaris but now they use Linux. Why?
Becuase people don't want to be locked into proprietary technologies and internal documents, and similar things when they can get it for free elsewhere. I would understand if this would be $50,000 or $100,000 server and that Sun wants to keep some technology a secret or whatever, but given that this is $1000 server and that Solaris is open source and Sparc has been open sourced, the question is: "What is the point of all this?"

I don't know what is the point, but I know that the end result and that is one more Sun hardware and Solaris user will turn into Linux user. I don't think that anyone at Sun cares about one frustraed Sun hardware user. But guess what, this person may be playing major role in deciding what hardware to get for the next data center upgrade at the company where he works. So Sun has saved little bit of time by not helping one user to reset firmware password and at the same time Sun has potentially lost million dollar contract becuase one user had bad experience in dealing with Sun and he got no help from Sun whatsoever. So why would he deal with Sun anymore? That's called being "penny wise and pound foolish". Good job Sun.

My initial reaction to this post is " what are you talking about? ". Your post makes little or no sense to me, after all this is not official Sun hardware support. Most customers that I deal with, that are using or have used Solaris, have also implement various applications on Linux/x86 systems as well. Take a tour around any data center / UNIX shop using Solaris and you'll also find racks loaded up with PC servers running FreeBSD or some flavour of Linux as well. Only in " fantasy magazine article land " do you read of these companies abandoning Solaris for Linux. Many of the articles I have read on this topic were published around 2001 and are in no way applicable to todays market.

Sun have many options available for customers interested in implementing Solaris on SPARC platform, one example is outlined in the link below:

http://www.sun.com/tryandbuy/rules.jsp

WRT the information about resetting the firmware password on the V120 server, this information is available only to Sun Hardware support engineers, this is mainly for warranty purposes, if this information was made available to a customer, who subsiquently made a mistake and caused interuption to service, the warranty may be void, for this reason Sun keeps this information Internal.

Do you honestly think that BMW, for an analogy example, are keeping secrets from BMW car owners because only BMW service technicians have access to information about programming the car's fuel injection ECU or resetting an electronic safety feature such as traction control? This type of information would remain internal to BMW even if it were a 1991 E36 325 probably worth 2500Euro years out of warranty.

It's not that Sun doesn't want people using SPARC technology, but Sun has to keep certain types of information internal. This is exactly the same with other hardware manufacturers Cisco, EMC, HP, Intel, IBM and SGI to name but a few, all these manufacturers limit support information that is available to the end user. Take Cisco for example, Cisco offers quite a large amount of information about configuration of it's hardware products free of charge, but certain IOS features are just not available outside Cisco service deaprtment. Furthermore many of the afore mentioned manufacturers protect intellectual property regarding system support even more than Sun Microsystems do.

If a customer buys a $1000 V120 from Sun they will have the option of calling Sun tech support and having the firmware reset by a service engineer. I will make this suggestion, any person who has purchased a second hand Sun computer from a used dealer that has it's firmware password " unkown ", should return it to the source and ask for a refund or a replacement. Alternitively you could stop by a Sun Microsystem service partner and ask them to reset the password for you. I provide such a service to any of my customers here in Sweden as a professional service, which would involve a fee ( only in the case of a computer science / engineering student or SUG would I perform a password recovery free of charge ). Sun offers the same service through any service partner worldwide, also for a fee.

I would also like to make a comment about the job you mentioned, I once applied for a contract role that was advertised as a Solaris Systems Administrator, having SCSA I thought I'd apply, it turned out that the agency were actually looking for telephone PC support technicians for Dell and HP home PC customers, what use would a Linux+/RHCE/SCSA be there? Employers sometimes like the idea of employing someone who is an expert Linux Administrator who'll allow them to support applications " in house " or without a support contact. I like the idea of this too, anyone in IT business that can save money by using Open Source technology will take advantage, just look at successful companies that do just that, eg. Google and Yahoo, but finding people with the type of experience needed to support such companies is very difficult and this is why even in the Linux world of free software you have commercial support being offered ( eg Red Hat, SuSE, Umbutu ).

Sun Microsystems are producing hardware and solutions to meet the Linux market, just look at the x64 PC systems and grid solutions currently available.

http://www.sun.com/x64/index.jsp

http://www.sun.com/service/grid/

All these confusing answers just make it obvious what a disaster LOM development is in general. As if in the real world, LOM development is contracted out to the lamest, stupidest, and cheapest developers. Unfortunately these people are probably the fastest, and who can do QA when you're in a hurry?

Guess what - for me at this point in time - the LOM is the single most important feature of the server!! Anybody can build a fast box, with redundant everything, but most LOMs suck.

For example, we ordered a bunch of X4100s a while back, and returned them all, because the LOM sucked (it kept crashing on us, requiring a power cycle of THE ENTIRE BOX.)

Dells? It is to laugh.

HPs? The DL series is teh server of the Gods, but pricey.

We have kind of standardized on V210s and V440s. At least the current version of LOM firmware (1.5.5 on the V210) is reliable. Previous versions crashed all the time. We don't really care diddly about SPARC vs X86, but we are willing to pay extra for openboot.

As for the V120, IIRC it uses a LOM (LOMlite) that is different from the V210/440 that is too dumb to work with the scadm command. Don't forget the magic rule - NEVER SHIP THE SAME LOM on two different models! Keep 'em guessing about what works and doesn't! So if you forget the password, you're screwed. Only on the 210/440 can you reset via the scadm command.

As for having to factory reset the LOM password, it's good for no other reason than to punish people who lose passwords. Make 'em cough up $300 to open a time and materials support case. To quote Nelson Muntz - "ha ha!"

I don't see what LOM performance or design has to do with the steps used to recover lost password on the V120. The last post makes about as much sense as the previous one. ANY issues you have with Sun products please call Sun customer service. This forum is a user to user forum, aimed at discussing technical issues with Sun hardware from an end user perspective.

The initial post started with a question about resetting a lost system password, the factory recommended recovery InfoDoc is not available publicly.

This message is for the original poster: send your V120 server to me and I will reset the password for you free of charge. Keep in mind that I am not prepared to pay any shipping charges associated with transporting the server from your location to Sweden and return. You can get my contact details from the following link:

http://se.sun.com/partner/var.html

Or you can post here and I will contact you.

Message was edited by:
m-lennon

We encountered the same issue a few months ago. We thought all hope for the LOM was lost, but it turned out that the previous owner had configured the serial console to run through port B, bypassing the LOM, so we installed the system through port B and it ran fine. About a month later as I was reading the publicly available Sun Fire V100 (V100/120 uses essentially the same hardware) Users Manual and found a way around LOM security; but again you do need root access to the machine. Install the LOM tools (they are somewhere freely available on Sun's website, or on older versions of Solaris it's on the Supplement CD). In the LOM driver configuration file, disable serial_security or something like that. I think after that, reboot the machine and when the OS loads the LOM driver, LOM will not prompt for a password anymore, you can fix the users and passwords, then reenable security.

I'm fairly certain Sun doesn't want people to have instructions on how to reset LOM in part because it would be a breach of security. If someone were to steal a V100/120 it would be hard to use if they didn't have LOM/serial access.

ywlke287,

Thanks. I will try and same time we are going to get new x2100 machines. Those v120s are really old.

Thanks again.

ray2006 did you purchase the V120 direct from Sun or a partner?

I think that you used wrong analogy here, reseting traction control and setting it in a wrong way could cost someone's life. I don't think that giving away info how to reset LOM password on a Sun server that has reached end of life would cost anyone's life.
You are right here, it's all about money, so calling Sun support for reseting LOM password on a server that is not covered by warranty or support means that you have to pay Sun for the support. While this may be short term gain for Sun it is also long a term loss because it becomes very frustrating having to pay more for support that for what the server is worth.
I am also Sun's shareholder and I would really like that Sun business grows, but frustrating people is not benefitial to anyone.
I think on the long run it would be more benefitial for Sun to release all "internal" support information for EOL servers, so those who want to use Sun's EOL hardware can still use it without having to fork out more for support than what the server is worth and those who still want to pay for the support will continue to do so. Then it becomes win-win situation for all.