How to reset root administrator (nsroot) password 编辑

The Citrix ADC root administrator (nsroot) account provides complete access to all ADC features. So, to preserve security, the administrative account must be used only if necessary.

As an admin, the recommendation is to change your password. If you forget your password, you must first reset to the default one and then change it to a new password.

As a nsroot administrator, to reset your password, you must log on to your appliance and change the password. However, if you do not remember the password, you can reboot the appliance in single user mode. Mount the file system in read/write mode, and then remove the Citrix ADC entry from the ns.conf file. As a final step, reboot and log on to your appliance with the default one and then set a new password.

Complete the following steps to reset your root administrator password:

1. Connect a computer to the console port of the Citrix ADC and log on.

   Note

   You cannot log on by using SSH to do this procedure; you must connect directly to the appliance.

2. Reboot the Citrix ADC.

3. Press CTRL+C when the following message appears:

   Press [Ctrl-C] for command prompt, or any other key to boot immediately. Booting [kernel] in # seconds.

   Note

   In an Azure serial console, the Citrix ADC appliance does not support single boot until the ADC appliance is booted.

4. Run the following command to start the Citrix ADC in a single user mode: boot -s

   After the appliance boots, it displays the following message:

   Enter full path name of shell or RETURN for /bin/sh:

5. Press ENTER to display the # prompt, and type the following commands to mount the file systems:

   1. Run the following command to check the disk consistency:

      fsck_ufs /dev/ad0s1a

      Note

      Your flash drive has a specific device name depending on your Citrix ADC. Run the following command at the ADC CLI and copy the name ending with “1a.”

      gpart show -p

      For example,

      

   2. Access the dev directory and enter ‘ls’ to check the drive details.

   3. Run the following command to display the mounted partitions:

      df

      Note

      If the flash partition is not listed, you must mount it manually.

   4. Run the following command to mount the flash drive:

      mount /dev/ad0s1a /flash

6. Run the following command to change to the nsconfig directory:

   cd /flash/nsconfig

7. Run the following commands to rewrite the ns.conf file and remove the set of system commands defaulting to the admin:

   1. Run the following command to create a configuration file that does not have commands defaulting to the administrator:

      grep –v “set system user nsroot” ns.conf > new.conf

   2. Run the following command to make a backup of the existing configuration file:

      mv ns.conf old.ns.conf

   3. Run the following command to rename the new.conf file to ns.conf:

      mv new.conf ns.conf

8. Run the following command to reboot the Citrix ADC:

   reboot

9. Log on using the default administrator credentials.

10. Run the following command to reset the administrator password:

    set system user nsroot <New_Password>

    Note

    To use the “?” character in a password string, precede this character with the \ character.

    For example, yourexamplepasswd? is set for the administrator account after you perform the following operation:

    > set system user nsroot yourexamplepasswd\?

Note

For resetting a forgotten (nsroot) password in a high availability setup, Citrix recommends you to shut down the peer node. If the peer node is active, the password is overwritten, as the config sync is triggered when the node comes up after reboot.

Also, read Citrix article, CTX224027 to know how secure SSH access to Citrix ADC appliance works.