In Extreme Networks’ Netsight management appliance, it is possible to configure external authentication (LDAP or RADIUS) and not set it to “fail to OS,” which is a checkbox that is unchecked by default. If your LDAP or RADIUS server is down, or if you made a mistake entering settings, you’ve just locked yourself out of the Web UI.
There is a way to recover from this without rebuilding Netsight.
I’ll be assuming you still have an OS-level login via ssh to the unit. These instructions assume Netsight on Linux. Netsight on Windows would be similar, you’d just have to figure out where your MySQL utilities live.
This was tested with Netsight 6.3
After logging in to the OS (an ssh session if this is Netsight on Linux), start mysql and connect to the data base:
cd /usr/local/Extreme_Networks/Netsight/mysql/bin
./mysql -unetsight -penterasys --socket /tmp/netsight_mysql.sock -hlocalhost -P4589 netsight
Take a look at the current settings for authentication:
SELECT * FROM nsproperties;
Next, to re-enable Web UI login, you could just set your authentication type back to OS authentication:
UPDATE nsproperties SET VALUE='Default ( OS Authentication )' WHERE NAME='serverAuthType';
Alternatively, you could instruct the authentication to fall back to OS authentication if it fails. You’d have to do this for either LDAP or RADIUS, depending on which one you are using:
UPDATE nsproperties SET VALUE='true' WHERE NAME='serverAuthLDAPFailToOS';
UPDATE nsproperties SET VALUE='true' WHERE NAME='serverAuthRadiusFailToOS';
And for future reference, always check the “Fail To OS” checkbox first before doing any further work in your external authentication settings screen.
Thorsten on (mostly) Tech 