Security

Reply
Occasional Contributor I

ClearPass in FIPS moce password issue

This is a fresh build. Through the CLI wizard, I enabled ClearPass for FIPS mode. I logged in with admin and the default password. When I changed the password for "admin" unless I typed the passwrod wrong twice exaclty the same, I cannot login as admin. for staging I used the same password for appadmin and I am now unable to login as appadmin or admin. I dont know what I did wrong. the password I used is 12 chracaters long, with a symbol and some numbers.

If I really messed this up, easy to facotry reset without TAC?

New Contributor

Re: ClearPass in FIPS moce password issue

1. Enter the cpbootmode and change the default boot file: Hit any key to stop autoboot: 0 cpboot> cpboot> setenv cfgfile default1.cfg cpboot> saveenv cpboot> reset 2. This will cause the controller to present the initial config wizard on bootup. Configure the desire password: Reading configuration from factory-default.cfg .. .. Enter System name [Aruba650]: Testcontroller .. .. Enter Password for admin login (up to 32 chars): ********* Re-type Password for admin login: ********* Enter Password for enable mode (up to 15 chars): ****** Re-type Password for enable mode: ****** Do you wish to shutdown all the ports (yes|no)? [no]: 3. Save the config and restart the controller: System name: Testcontroller .. .. If you accept the changes the switch will restart! Type to go back and change answer for any question Do you wish to accept the changes (yes|no)yes Creating configuration... Done. System will now restart! 4. Enter the CP boot mode again and reset the config file: Hit any key to stop autoboot: 0 cpboot> cpboot> setenv cfgfile cpboot> saveenv Saving Environment to Flash... Erasing # Erased 1 sectors Writing ######## cpboot> boot 5. Boot into the controller with new password. Make sure we save the config for new password to be saved: <<<<< Welcome to Aruba Networks - Aruba A650-US >>>>> Starting watchdog processes .. .. Completed FIPS OpenSSL KAT test successfully. (Testcontroller) User: admin Password: ********* (Testcontroller) >en Password:****** Password:****** (Testcontroller) # (Testcontroller) #write memory Saving Configuration... Configuration Saved. (Testcontroller) # Answer : Sometimes, we cannot reset the password in FIPS code through the console using default method. In that case, we must use alternative method: 1. Get into cpboot mode. Change config file so controller boots in config wizard. Configure the new password. 2. Reboot, enter cpboot mode, reset the config file again. 3. Login to the controller using new configured password. 4. Save the config.

Occasional Contributor I

Re: ClearPass in FIPS moce password issue

Will this work for clearpass?
Frequent Contributor II

Re: ClearPass in FIPS moce password issue

If this is a ClearPass VM then I think rebuild it would be the fastest way. Also don't enable FIPS mode unless there's a very good reason to do so. TAC has advised me this mode is for high security environment (like the government) and should not be used, otherwise it may bring you some troubles in the future.

New Contributor

Re: ClearPass in FIPS moce password issue

Thanks @

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: