ASTi Logo

Security FAQ

I can’t log into my Telestra Target, ACE Studio, or Voisus server platform. How can I reset my account?

Problem

When you try to log into your account via the system terminal, you receive an error message stating, “Login incorrect” or “Your account is locked. Maximum amount of failed attempts was reached.” You cannot access your Telestra Target, ACE Studio, or Voisus server platform using that account.

Two events can cause these error messages:

  • Multiple failed login attempts: the system locks the account after three failed attempts.
  • Account inactivity: the system locks the account after 35 days of inactivity.

Your account will remain locked until you implement one of the three solutions described below.


Default Login Credentials

The Telestra and Voisus servers are set with the following default login credentials:

Account Username Password
Telestra Studio
Account 1 aceuser aceuser
Root root abcd1234
Telestra Target
Account 1 admin admin
Account 2 hlauser HLA!now!
Root root abcd1234
Voisus Server
Account 1 astiadmin admin
Root root abcd1234

Solutions

To reset a locked account, use one of the following three solutions:


Solution 1: Log into the system with a different account

Important: Once you have installed ASTi Information Assurance (IA) scripts and tailored your security settings to DISA STIG standards, the system no longer allows you to log in directly as root. Instead, you must log in using a regular account and then elevate to root, as described below.

Before exploring other solutions, first try logging into the system using another local account’s login credentials. From there, you can access the system as a superuser and reset the locked account’s password. If only one account exists, go to Solution 2 or 3 below.

To change the password using this method, follow these steps:

  1. Reboot the server by pressing the Reset button on the front of the chassis. Wait for the server to reboot.
  2. Log into the system using the alternate account’s login credentials.
  3. At the terminal prompt, run su, and enter the current root password. The default password is abcd1234.
  4. To reset the account for multiple failed login attempts, run one of the following:
    1. For RHEL 5, run pam_tally2 --user=username --reset, where username is the current account username.
    2. For RHEL 6, run faillock --user username --reset.
  5. To reset the account for account inactivity, run cat /dev/null > /var/log/lastlog.
  6. To reset the account activity/password lock status, run passwd -u username.
  7. (Optional) To change your password, run passwd username. Enter a new password.
  8. To activate your changes, run exit. The system logs out of root.
  9. At the terminal prompt, log into the system using your new credentials.


Solution 2: Boot into single user mode via the GRUB menu

Red Hat 5 and 6

To boot into single-user mode via the GRUB menu, follow these steps:

  1. To reboot the server, press the Reset button on the front of the chassis. Wait for the server to reboot.
  2. When the GRUB menu (i.e., the Red Hat splash screen) appears, press Enter to stop the automatic boot process.
  3. At the terminal prompt, press P, and enter the system’s current password. The default password is abcd1234.
  4. To edit the account credentials, press E.
  5. When three lines of text appear, do the following:
    1. To go to the second line, press the Down Arrow.
    2. To enter edit mode, press E.
    3. Go to the end of the line, press the Spacebar, and enter 1. Verify a space appears before the 1, and press Enter.
  6. To boot the system, press B. The server boots into single-user mode.
  7. To log into the system as root, enter the root password. The default password is abcd1234.
  8. To reset an account for failed login attempts, run one of the following:
    1. For RHEL 5, run pam_tally2 -u username -r, where username is the current account’s username.
    2. For RHEL 6, run faillock --user username --reset.
  9. To reset the account for account inactivity, run cat /dev/null > /var/log/lastlog.
  10. To reset the account activity/password lock status, run passwd -u username at the prompt.
  11. (Optional) To change your password, run passwd username. Enter a new password value.
  12. To activate your changes, run reboot. Wait for the server to reboot.
  13. When prompted, log into the system using your new credentials.

Note: Upon reboot, the GRUB menu returns to its normal operation.



Red Hat 7

To boot into single-user mode via the GRUB menu, follow these steps:

  1. To reboot the server, press the Reset button on the front of the chassis. Wait for the server to reboot.
  2. When the GRUB menu (i.e., the Red Hat splash screen) appears, press the Spacebar to stop the automatic boot process.
  3. Press E to edit.
  4. Press the Down Arrow several times to view the following lines:
  5. load_video

    set gfxpayload=keep

    insmod gzio

    insmod part_msdos

    insmod xfs

    set root='hd0,msdos1'

    linux16 /vmlinuz-3.10.0-1160.el7.x86_64 root=/dev/mapper/asti-root ro

    crashkernel=auto rd.lvm.lv=asti/root biosdevname=0 net.ifnames=0 rhgb

    quiet LANG=en_US.UTF-8 rd.driver.pre=e1000,e1000e,igb,ixgb,ixgbe

    spectre_v2=off nopti

    initrd16 /initramfs-3.10.0-1160.el7.x86_64.img

  6. Go to the linux16 line, and change ro to rw system.unit=emergency.target.
  7. Press Ctrl+X.
  8. When prompted, enter the current root username and password. The default password is abcd1234.
  9. To reset an account for failed login attempts, run faillock --user username --reset, where username is the current account’s username.
  10. (Optional) To change your password, run passwd username. Enter a new password value.
  11. To activate your changes, run reboot. Wait for the server to reboot.
  12. After the system reboots, log into the system using your new credentials.

Note: Upon reboot, the GRUB menu returns to its normal operation.



Solution 3: Cold-start and restore the system

If you are unfamiliar with Linux command lines or do not have root password information, you may be forced to reinstall the Red Hat software with a backup, if available. Cold-starting your system requires you to reconfigure all of your network settings, so use this solution as a last resort. If you experience problems during the cold start, contact your system administrator or ASTi support.

To cold-start and restore your Telestra or Voisus server, go to the ACE Target and Studio Cold Start Guide or the Voisus Cold Start Guide.