Change oneadmin and serveradmin password

Hi I am completely new to opennebula and IaaS
Tried to change the serveradmin password through the sunstone dashboard and after that I’m not able to login to the dashboard at all both with oneadmin as well as serveradmin users.

Could someone guide me on how to reset the default passwords for both oneadmin and serveradmin?

I tried to run the following commands but it does not work
[oneadmin@localhost]$ oneuser passwd 0 ‘newpassword’
[oneadmin@localhost]$ oneuser passwd 1 ‘newpassword’
[oneadmin@localhost]$ one restart
[UserChangePassword] User couldn’t be authenticated, aborting call.

How can this be solved and how can I regain the oneadmin password?

Hi,

I think you should put new password into /var/lib/one/.one/one_auth.

Hi thanks for the reply. Actually I changed the ‘serveradmin’ password in sunstone and then I was not able to login at all on the dashboard. Then I went to /var/lib/one/.one/sunstone_auth and changed it in that file as well but it still did not work. Reason : A hashed form of password is saved in I believe /var/lib/one/one.db which was not updated.

How do I update the hashed form if I want to change the oneadmin password?

For now this is what I’m doing
Let’s say I want a new password for oneadmin, I go to /var/lib/one/.one/one_auth and change the oneadmin:‘newpassword’. Now I go online and do convert text to sha1 -> Convert ‘newpassword’. Output is a hashed form. Then as oneadmin I run the command
$ oneuser passwd 0 ‘hashedform’

This is how it starts working. Am I doing it correct?

Hi,

Did you restart opennebula and opennebula-sunstone ? Lets try it.

Hey yes I did that.

su oneadmin

$ one restart
oned and scheduler restarted
$ su root

sunstone-server restart

sunstone-server stopped
VNC proxy started
sunstone-server restarted

I created a group and added a user in the sunstone dashboard and gave password ‘nebula123456’ to that new user. But I am not able to login to that new user as well. I have restarted everything as mentioned above.

I must be doing something wrong, could you provide me with steps to change password for oneadmin?

Hi,

For change oneadmin password:

oneuser passwd 0 pgooglecom1231

echo ‘oneadmin:pgooglecom1231’ > /var/lib/one/.one/one_auth

oneuser show <- test for new password.

For change serveradmin password (password must enough lengh)

oneuser passwd 1 --sha1 7d7bfcbaae7a39c8275c2f982b901a31103b28cb

echo ‘serveradmin:7d7bfcbaae7a39c8275c2f982b901a31103b28cb’ > /var/lib/one/.one/oneflow_auth

echo ‘serveradmin:7d7bfcbaae7a39c8275c2f982b901a31103b28cb’ > /var/lib/one/.one/ec2_auth

echo ‘serveradmin:7d7bfcbaae7a39c8275c2f982b901a31103b28cb’ > /var/lib/one/.one/onegate_auth

echo ‘serveradmin:7d7bfcbaae7a39c8275c2f982b901a31103b28cb’ > /var/lib/one/.one/occi_auth

echo ‘serveradmin:7d7bfcbaae7a39c8275c2f982b901a31103b28cb’ > /var/lib/one/.one/sunstone_auth

chown oneadmin:oneadmin /var/lib/one/.one/*

I tested it on my demo system and it works!

  • OpenNebula 5.2
  • KVM
2 Likes

it’s 2020 and i just hit the same issue.
i wonder…:
why don’t we even bother thinking about why it doesnt even reliably work to change a password through the change password dialogue. this is so discouraging and annoying.

Please take into account that oneadmin and serveradmin credentials are used by other components, so the changing the password is a straightforward process but then you have to let the other components know about this change.

This is documented:

@tinova a graphical UI makes certain promises to the person using it. if it offers i.e. a “password change” it should keep limitations in mind - not the user. in practice that means we should better not see the option to change the password if the user is *admin :slight_smile:

@darkfader you are absolutely right. Sunstone should detect these two special users and redirect to the documentation to perform a successful change. We’ll take care of it in future releases:

https://github.com/OpenNebula/one/issues/4327
1 Like