Welcome to the MacNN Forums.

johnMG · Aug 30, 2004, 05:43 PM

Ok, I'm trying to help a customer who's got blade G5 server running either 10.2 or 10.3, but who's forgotton (or just never knew) an admin username and password.

Evidently, their previous IT guy had to leave on short notice, and they never got any docs from him when he left.

So, the first thing I tried (from this nice noisy air-conditioned server room) was to boot from my Panther CD (it's not an OS X Server CD, just a regular Panther 10.3 CD) to reset the password the easy way. I had to hold down the power button to shut the thing off, and then rebooted holding down the C key. Unfortunately, this failed, and I just got back to the OS X Server login screen.

I went home to think about it and search the archives here (and maybe try out some new techniques on my Powerbook G3). Booting the powerbook into single-user mode (which I'm guessing I can do on the blade server as well), I tried:

mount -uw /
nicl -raw /var/db/netinfo/local.nidb -append /groups/admin users userfoo
reboot

After it rebooted, I wasn't able to log in as userfoo at all. (?) Did I make a mistake in that nicl command?

I also tried it with the -P option, but still it was a no-go.

Any help would be greatly appreciated. Thanks.

ManOfSteal · Aug 30, 2004, 06:05 PM

Can you use the Panther CD that came with the G5? I believe you need a 10.3.2 or higher CD in order to boot a G5 Xserve from the CD...

Brass · Aug 30, 2004, 06:46 PM

Rather than holding down the "C" key, hold down the OPTION key. This will give you a list of bootable volumes. If it can boot from your CD, it will show up in the list, and you just need to click on it's icon and click the continue button. If not, you need to find a more recent boot CD.

(there is also a button to refresh the list... rescan for other volumes)

johnMG · Aug 30, 2004, 07:32 PM

manofsteel -- thanks. I don't know what they have at this point. The entire rest of the server room is all x86 stuff (Dell servers I believe). There's only two G5 blades, along with a KVM, some older unused beige PowerPC's. I'm hoping when I go back tomorrow, the PC IT guy has some disks for me. Maybe the blades (am I using that word correctly?) maybe they will only boot from "OS X Server" boot/install disks?

Brass -- I didn't know about the Option trick. Thanks.

I bought my panther disks when it first came out, so they only say "10.3" on them, rather than something like "10.3.2". Hmm... I could be in trouble there. I'll give the Option key boot trick a try, but if I can't boot from my Panther CD, can anyone offer any tips on getting the nicl (in single-user mode) to work for me? I'll go read the man page again, as well as the relevant parts of Mac OS X in a Nutshell... any tips are welcome.

Oneota · Aug 30, 2004, 09:34 PM

Originally posted by johnMG:

I bought my panther disks when it first came out, so they only say "10.3" on them, rather than something like "10.3.2". Hmm... I could be in trouble there. I'll give the Option key boot trick a try, but if I can't boot from my Panther CD, can anyone offer any tips on getting the nicl (in single-user mode) to work for me? I'll go read the man page again, as well as the relevant parts of Mac OS X in a Nutshell... any tips are welcome.

I think that when you boot into Single-User mode, the NetInfo/Open Directory daemon(s) aren't running, which could explain why you can't play around with NetInfo. I seem to remember reading somewhere (maybe macosxhints.com?) about the commands you needed to run to start up NetInfo while in Single-User mode. I'd hunt around a bit for some info on that, and try re-running the command.

Did the nicl command give you an error message, or did it just not work?

Oneota · Aug 30, 2004, 09:38 PM

Also, depending on how the server is set up, it might be using Password Server, in which case the password wouldn't be saved in NetInfo/Open Directory (LDAP), but would instead be saved in the encrypted Password Server database. Not sure if it's relevant to your situation, but it's something to bear in mind when you're mucking about with single-user mode.

johnMG · Aug 30, 2004, 10:23 PM

Oneota, thanks for the reply.

About the NetInfo daemons running in single-user mode, I think the command you're talking about is SystemStarter. The nicl command is a lower-level command that operates on the netinfo db without needing any netinfo services running (well, at least when you're using the -raw option like I currently am).

Recall now, I've only tried using nicl on my Powerbook so far -- as a test run before trying it out on a customer's server. On my system, it seemed to work just fine. No error codes or anything -- no output at all, even with the -v option.

Also, depending on how the server is set up, it might be using Password Server, in which case the password wouldn't be saved in NetInfo/Open Directory (LDAP), but would instead be saved in the encrypted Password Server database. Not sure if it's relevant to your situation, but it's something to bear in mind when you're mucking about with single-user mode.

Yikes. I've never heard of the term "Password Server" used in that context (I've only heard of used like that referring to CVS server authentication).

Though, this setup doesn't seem all that fancy. I'm betting it just uses the plain vanilla NetInfo database.

johnMG · Aug 30, 2004, 10:34 PM

Ah ha. Here's something interesting:

Code:
Johns-Computer:~ root# nicl -raw /var/db/netinfo/local.nidb -read /groups/admin
name: admin
gid: 80
passwd: *
users: root john kaflooie moe moe poe

Those goofball names (kaflooie, moe, moe, and poe) were names I added in using the nicl command as described in my first post! They show up here, and in the GUI NetInfo Manager program when looking at "/groups/admin", but they are *not* listed in "/uses"!

That seems to be key here. I'm guessing that I'd need them to show up in "/users" for me to be able to log into them after booting up.

Maybe I *do* have to run SystemStarter before the nicl command ... [attempting now]

Oneota · Aug 30, 2004, 10:34 PM

Originally posted by johnMG:

Yikes. I've never heard of the term "Password Server" used in that context (I've only heard of used like that referring to CVS server authentication).

Though, this setup doesn't seem all that fancy. I'm betting it just uses the plain vanilla NetInfo database.

Hmm...well, for a real general overview, see:
http://www.apple.com/server/macosx/open_directory.html

Also be aware that if the server is running 10.3 (which it almost certainly is if it's a G5 XServe), NetInfo use is pretty heavily deprecated. It's only really used for local users - if you're doing any kind of network users, they're almost certainly OpenLDAP/Password Server users.

(But, from what I'm gathering, you're just trying to log into the darn thing, so that's most likely a vanilla NetInfo admin user, like you suggested).

johnMG · Aug 30, 2004, 10:55 PM

I wrote:
Maybe I *do* have to run SystemStarter before the nicl command ... [attempting now]

Doh. Dunno what I was thinking there. SystemStarter isn't necessary (since I'm using -raw with nicl).

I also tried

Code:
nicl -raw /var/db/netinfo/local.nidb -create /users foobar

but that didn't give me a login for user foobar either.

Maybe if I read up some more on how NetInfo works...

Oneota, thanks for the heads-up on the crustiness of NetInfo. There's actually 2 XServes. One is supposed to be serving up an AFP folder, and the other is supposed to be running some server program that deals with the files on the other XServe (the users each have a client program that connects to this server program). Each of the users has their own G4, and there's maybe a dozen users tops.