Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  EX-4550 no login password prompt

    Posted 11-18-2020 14:33
    I have booted to recovery console and set root password with

    root# set system root-authentication plain-text-password
    New password:
    Retype new password:​

    then committed and rebooted, but I still don't get a password prompt. So I attempted a factory default reset both via console and front panel button press sequence and each time get something like:
    ...
    Loading /boot/defaults/loader.conf
    /kernel data=0xa93914+0xb05d4 syms=[0x4+0x8fe00+0x4+0xd2f7e]
    
    
    Hit [Enter] to boot immediately, or space bar for command prompt.
    Booting [/kernel] in 1 second...
    
    Type '?' for a list of commands, 'help' for more detailed help.
    loader> boot -s
    
    ...
    
    Mounted jbase package on /dev/md0...
    System watchdog timer disabled
    Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:
    NOTE: to go to multi-user operation, exit the single-user shell (with ^D)
    # mount -a
    WARNING: /config was not properly dismounted
    /config: mount pending error: blocks 4 files 1
    WARNING: /var was not properly dismounted
    /var: mount pending error: blocks 428 files 37
    # ls /config
    .snap                           ssh_host_ed25519_key
    db                              ssh_host_ed25519_key.pub
    juniper.conf.1.gz               ssh_host_key
    juniper.conf.2.gz               ssh_host_key.pub
    juniper.conf.gz                 ssh_host_rsa_key
    juniper.conf.md5                ssh_host_rsa_key.pub
    ssh_host_dsa_key                temp
    ssh_host_dsa_key.pub            usage.db
    ssh_host_ecdsa_key              usage.db.1536939758
    ssh_host_ecdsa_key.pub          vchassis
    # mv /config/*.gz /config/temp
    # ls /config/temp
    juniper.conf.1.gz       juniper.conf.3.gz
    juniper.conf.2.gz       juniper.conf.gz
    # shutdown -r now
    Shutdown NOW!
    shutdown: [pid 78]
    # Sep 14 15:56:49 shutdown: reboot by root:
    Waiting (max 60 seconds) for system process `vnlru' to stop...done
    
    boots normally
    
    says FILE SYSTEM CLEAN
    
    ** Phase 5 - Check Cyl groups
    FREE BLK COUNT(S) WRONG IN SUPERBLK
    SALVAGE? yes
    
    SUMMARY INFORMATION BAD
    SALVAGE? yes
    
    52 files, 61 used, 59133 free (29 frags, 7388 blocks, 0.0% fragmentation)
    
    ***** FILE SYSTEM MARKED CLEAN *****
    
    ***** FILE SYSTEM WAS MODIFIED *****
    rm: /var/etc/pam.conf: Operation not permitted
    Creating initial configuration...mgd: error: Cannot open configuration file: /config/juniper.conf
    mgd: warning: activating factory configuration
    mgd: Running FIPS Self-tests
    veriexec: no fingerprint for file='/sbin/kats/cannot-exec' fsid=74 fileid=51404 uid=0 pid=495
    mgd: FIPS Self-tests Passed
    mgd: error: rename failed for /var/etc/pam.conf
    mgd: commit complete
    mgd: ----------------------------------------------------------
    mgd: Please login as 'root'. No password is required.
    mgd: To start Initial Setup, type 'ezsetup' at the JUNOS prompt.
    mgd: To start JUNOS CLI, type 'cli' at the JUNOS prompt.
    mgd: ----------------------------------------------------------
    Setting initial options:  debugger_on_panic=NO debugger_on_break=NO.
    Starting optional daemons: .
    Doing initial network setup:
    .
    Initial interface configuration:
    additional daemons:.
    Additional routing op.
    Initial interface configuration:
    additional daemons:.
    Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /booLoading the EX-series platform NETPFE module
    t/modules;/modules/peertype;/modules/ifpfe_drv;/modules/platform;/modules;
    kld netpfe drv: ifpfed_eth ifpfed_ml_cmnkld platform: ex_ifpfe if_vcpkld peertype: peertype_hcm peertype_pfem peertype_sfi peertype_slavere grat_arp_on_ifup=YES: net.link.ether.inet.grat_arp_on_ifup: 1 -> 1
     ipsec kld.
    Doing additional network setup:.
    Starting final network daemons:.
    setting ldconfig path: /usr/lib /opt/lib
    starting standard daemons: cron.
    Local package initialization:.
    kern.securelevel: -1 -> 1
    starting local daemons:set cores for group access
    .
    Fri Sep 14 15:58:05 UTC 2018
    Boot media /dev/da0 has dual root support
    ** /dev/da0s2a
    FILE SYSTEM CLEAN; SKIPPING CHECKS
    clean, 144919 free (15 frags, 18113 blocks, 0.0% fragmentation)
    
    Amnesiac (ttyu0)
    
    login:
    
    Amnesiac (ttyu0)
    
    login: root
    
    Amnesiac (ttyu0)
    
    login:​
    It seems like after it boots and tries to give me a console, some script kicks it over to NETPFE and then it gets hung up somehow? I couldn't locate where the script is called, since it appears to be in one of the binaries on the filesystem that gets called in /boot/modules or some such, which actually calls something in /var or someplace, but that just points to another binary. Anyway, I couldn't figure out how to disable it and just do a normal boot with local login. If that's even the problem.

    I also attempted the EZsetup web config, where I was able to set the hostname, management port and root password, but then when it reboots I still don't get a password prompt. I enabled SSH access and attempted root login but it closes the session before giving me a password prompt. I removed all the excess modules on the chassis so it's just a single bare chassis, and it does the same thing. What should I try next?


  • 2.  RE: EX-4550 no login password prompt
    Best Answer

    Posted 11-18-2020 15:31
    Try updating it via USB ( i sent you message) if that's not an option then try below steps 

    Reboot into single user mode and reset password following this.  If you get an error like "There were error(s) delivering the configuration. Error(s): rename failed for /var/etc/pam.conf" when trying to change the root password run the lines below from this

    Start shell user root

    ls -lo /var/etc/pam.conf
    chflags 0 /var/etc/pam.conf
    ls -lo /var/etc/pam.conf


    After running these then you should be able to complete the root password reset from the first set of instructions.

    ------------------------------
    ANKUR VYAVAHARKAR
    -
    AMPCUS INC
    CHANTILLY
    +1 (571) 279 0122
    ------------------------------



  • 3.  RE: EX-4550 no login password prompt

    Posted 11-18-2020 20:28
    I tried to use the USB method first like

    loader> install file:///jinstall-ex-4500-whatever.tgz​

    But it just gave me an error. To determine if the USB is being recognized, I booted to single user mode and mounted/copied it like:

    boot -s
    <enter>
    mount -a
    mkdir /config/img
    ls /dev/da*
    insert USB
    /dev/umass1: Innostor PenDrive, rev 2.10/0.01, addr 4
    dada1 at umass-sim1 bus 1 target 0 lun 0
    da1: <Innostor Innostor 1.00> Removable Direct Access SCSI-6 device
    da1: 40.000MB/s transfers
    da1: 30474MB (62411243 512 byte sectors: 255H 63S/T 3884C)
    # mount_msdosfs /dev/da1s1 /config/img
    # cd /config/img
    # ls /config/img
    jinstall-ex-4500-whatever.tgz
    # cp /config/img/jinstall-ex-4500-whatever.tgz /config/
    # ls /config/
    jinstall-ex-4500-whatever.tgz

    But that's not going to load the OS itself without it being umounted/unused.

    I have already tried the root reset procedure. It didn't give me the pam error, but also still doesn't give me a password prompt.




  • 4.  RE: EX-4550 no login password prompt

    Posted 11-19-2020 00:29
    Thanks for this, though when I try to load the image file from loader prompt I get an error like:
    Memory: 2048MB
    bootsequencing is enabled
    bootsuccess is not set
    old boot slice = 2, new boot slice = 1
    new boot device = disk0s1:
    Loading /boot/defaults/loader.conf
    /kernel data=0xa93914+0xb05d4 syms=[0x4+0x8fe00+0x4+0xd2f7e]
    
    
    Hit [Enter] to boot immediately, or space bar for command prompt.
    Booting [/kernel] in 1 second...
    
    Type '?' for a list of commands, 'help' for more detailed help.
    loader> install file:///jinstall-ex-4500-whatever.tgz
    cannot open package (error 22)​

    I actually verified the OS was seeing the USB drive, and it is in single user mode like:

    boot -s
    <enter>
    mount -a
    mkdir /config/img
    ls /dev/da*
    insert USB
    /dev/umass1: Innostor PenDrive, rev 2.10/0.01, addr 4
    dada1 at umass-sim1 bus 1 target 0 lun 0
    da1: <Innostor Innostor 1.00> Removable Direct Access SCSI-6 device
    da1: 40.000MB/s transfers
    da1: 30474MB (62411243 512 byte sectors: 255H 63S/T 3884C)
    # mount_msdosfs /dev/da1s1 /config/img
    # cd /config/img
    # ls /config/img
    jinstall-ex-4500-whatever.tgz
    # cp /config/img/jinstall-ex-4500-whatever.tgz /config/
    # ls /config/
    jinstall-ex-4500-whatever.tgz
    reset
    #
    

    But I think that won't help me until the file system is mounted, which wouldn't allow me to replace the existing OS image?

    I tried rebooting into single user mode and resetting the password, and on reboot there are no errors with pam, but I still get:

    loader> boot
    ...
    FILE SYSTEM CLEAN; SKIPPING CHECKS
    clean, 347415 free (31 frags, 43423 blocks, 0.0% fragmentation)
    ** /dev/da0s4d
    FILE SYSTEM CLEAN; SKIPPING CHECKS
    clean, 82 free (34 frags, 6 blocks, 0.1% fragmentation)
    rm: /var/etc/pam.conf: Operation not permitted
    Creating initial configuration...mgd: Running FIPS Self-tests
    veriexec: no fingerprint for file='/sbin/kats/cannot-exec' fsid=77 fileid=51404 uid=0 pid=493
    mgd: FIPS Self-tests Passed
    mgd: error: rename failed for /var/etc/pam.conf
    mgd: commit complete
    Setting initial options:  debugger_on_panic=NO debugger_on_break=NO.
    Starting optional daemons: .
    Doing initial network setup:.
    Initial interface configuration:
    additional daemons:.
    Additional routing options:kern.module_path: /boot//kernel;/boot//kernel;/boot/mLoading the EX-series platform NETPFE module
    odules -> /boot/modules;/modules/peertype;/modules/ifpfe_drv;/modules/platform;/modules;
    kld netpfe drv: ifpfed_eth ifpfed_ml_cmnkld platform: ex_ifpfe if_vcpkld peertype: peertype_hcm peertype_pfem peertype_sfi peertype_slavere grat_arp_on_ifup=YES: net.link.ether.inet.grat_arp_on_ifup: 1 -> 1
     ipsec kld.
    Doing additional network setup:.
    Starting final network daemons:.
    setting ldconfig path: /usr/lib /opt/lib
    starting standard daemons: cron.
    Local package initialization:.
    kern.securelevel: -1 -> 1
    starting local daemons:set cores for group access
    .
    Mon Nov 16 08:30:07 PST 2020
    Boot media /dev/da0 has dual root support
    ** /dev/da0s2a
    FILE SYSTEM CLEAN; SKIPPING CHECKS
    clean, 111631 free (15 frags, 13952 blocks, 0.0% fragmentation)
    
    corefiberswitch1 (ttyu0)
    
    login: root
    
    Logging to master
    ...
    Connection to master failed, enabling local login
    
    corefiberswitch1 (ttyu0)
    
    login: root
    
    corefiberswitch1 (ttyu0)
    
    login:

    So there's still no password prompt.




  • 5.  RE: EX-4550 no login password prompt

    Posted 11-20-2020 00:14
    Try the steps mentioned in this link for the error message "Cannot open package (error 22)

    ------------------------------
    ANKUR V
    -
    AMPCUS INC
    CHANTILLY
    +1 (571) 279 0122
    ------------------------------



  • 6.  RE: EX-4550 no login password prompt

    Posted 11-20-2020 00:14
    Try this link for the error "cannot open package (error 22)

    ------------------------------
    ANKUR
    ------------------------------



  • 7.  RE: EX-4550 no login password prompt

    Posted 11-18-2020 17:22
    Try the set system root-authentication plain-text-password again and do a commit full 




  • 8.  RE: EX-4550 no login password prompt

    Posted 11-18-2020 20:30
    I did a commit full, still doesn't seem to work. Is the pam.conf message an issue when I commit?
    root@corefiberswitch1> configure
    Entering configuration mode
    
    {linecard:0}[edit]
    root@corefiberswitch1# set system root-authentication plain-text-password
    New password:
    Retype new password:
    
    {linecard:0}[edit]
    root@corefiberswitch1# commit full
    error: rename failed for /var/etc/pam.conf
    commit complete​



  • 9.  RE: EX-4550 no login password prompt

    Posted 11-19-2020 02:52
    Edited by E.KH 11-19-2020 03:08
    Hi, I've just went through the message thread, so the
    rename failed for /var/etc/pam.conf​
    has already been mentioned by @ankurv in previous comment and the way to solve it.

    Additional information can be found here: [EX] Commit issue: "error: could not open /var/etc/pam.conf+: Operation not permitted" and "foreign file propagation failed during preprocessing"

    Also, have you tried to fresh install Junos using bootable USB? Here is an example on how you can do that: [EX] How to format install EX2300s and EX3400s via USB

    Just make sure to make backup of your device configuration because this procedure will format the switch and all configurations will be lost


    ------------------------------
    Elchin Khudiyev
    ------------------------------