Xref: utzoo comp.sys.novell:1371 bit.listserv.novell:10251 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uwm.edu!ogicse!cs.uoregon.edu!ns.uoregon.edu!milton!dittrich From: dittrich@milton.u.washington.edu (Dave Dittrich) Newsgroups: comp.sys.novell,bit.listserv.novell Subject: Restoring SUPERVISOR password - Summary/How-To Keywords: recover password security Message-ID: <1991May2.232728.25767@milton.u.washington.edu> Date: 2 May 91 23:27:28 GMT Organization: University of Washington Lines: 88 Thanks for all those who responded to my post regarding restoration of the SUPERVISOR password on a 2.15c NetWare LAN. It is suprisingly simple to take care of the problem of a lost SUPERVISOR password. The fix involves exploitation of the behavior of NetWare v2.x regarding the bindery files (NET$BIND.SYS and NET$BVAL.SYS, which are hidden system files in the SYS:SYSTEM directory), and the use of sector editor (such as Norton's Utilities) and the NetWare utilities SHOWFILE and BINDREST. The behavior that is exploited is that of creation of bindery files on initial bootup of a freshly installed server. On such a system, the files NET$BIND.SYS and NET$BVAL.SYS do not exist. If NetWare boots and does not find these files it will create them with account information for two accounts: GUEST and SUPERVISOR. Neither of these new accounts has a password, which is what lets you get back in to the SUPERVISOR account. The steps are amazingly simple and painless to perform, which brings up a very important (and blatantly obvious) issue for those who have their servers in locations accessible to general users: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Anyone who can boot your server to DOS and operate the computer through the keyboard can get control of the SUPERVISOR account, and thus the system! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! The system I maintain is located in the same laboratory with student workstations. The console keyboard lock VAP is ineffective in protecting the server in this situation, so the AT keyboard lock key is used instead. The best situation would be to have the server locked into a closet or other secure room, but if space is at a premium the keyboard lock is adequate. As I said, the steps are very easy and painless. After reading to descriptions of the steps involved to understand them thoroughly, it took me less than five minutes to have the password reset. The first description is found in the book "NetWare Supervisor's Guide" (McCann, John T. et al, M&T Books, Redwood City CA, ISBN 1-55851-111-3, pp. 393-396). This method uses an undocumented NetWare utility DISKED, which is created by the NETGEN utility Network Generation Options, Configure File Server Utilities sub-option. This method assumes that you created the utilities prior to having your little password problem, and that you created working diskettes and have access to them. In my situation I inherited a working LAN from someone, and not knowing any better I never performed these two steps myself. Learn, as I did, from my mistake. The second method was recently distributed to the NOVELL list on NOVELL@SUVM by H.C. Eng GBODSO1@NUSVM.BITNET. The method described by Mr. Eng's does not suffer the same problems as just mentioned above, nor is it nearly as complex or possibly error prone as the first method. Pre-requisites for the procedure are a DOS boot disk and Norton's Utilities (or similar sector editor capable of absolute sector read/write to use on the non-DOS NetWare drive partition--NU is very nice for this task!). The steps are as follows: o Shutdown the server and boot with DOS. o Run NU and read the first 100 sectors of the NetWare boot disk (usually C:) in absolute mode. o Do a test search for "NET$B". This will allow you to locate the files NET$BIND.SYS and NET$BVAL.SYS. o Edit the sector(s) to change the names to NET$BIND.OLD and NET$BVAL.OLD. (These are the names expected by the utility BINDREST.) o Write the modified sectors back to disk. (If you use a primitive sector editor like DISKED, make sure you write the sectors back to the same place they came from!) o Reboot the server to NetWare. Ignore the mirrored directory error message by answering "N" to the "abandon mount?" question. o Login as SUPERVISOR. There is no password at this point so you will be logged in immediately. o CD to SYS:SYSTEM. Issue the commands, "SHOWFILE NET$BIND.OLD" and "SHOWFILE NET$BVAL.OLD". Now issue the command "BINDREST". The old bindery information has now been restored. o BE SURE TO CHANGE THE SUPERVISOR PASSWORD BEFORE YOU LOGOUT! Thanks again to everyone that replied to my post. -- Dave Dittrich dittrich@u.washington.edu ...!uw-beaver!u.washington.edu!dittrich