MartinBardejov

Q: Xserve

Our admin have left the company, but took with him admin password for our server. We were able to bypass the password and gain entry to the server. But the server was used as IMAP server and we are not able to gain access to the keychain, where are stored passwords for the mailboxes. Any suggestion how to obtain old admin password.

Xserve, OS X Mountain Lion (10.8)

Posted on Jan 26, 2015 3:09 AM

Close

Q: Xserve

  • All replies
  • Helpful answers

  • by John Lockwood,

    John Lockwood John Lockwood Jan 26, 2015 5:04 AM in response to MartinBardejov
    Level 6 (9,309 points)
    Servers Enterprise
    Jan 26, 2015 5:04 AM in response to MartinBardejov

    The Keychain stores its contents in an encrypted form. The only way to access it is via the correct password. If the Keychain password and the login password have become out of sync then it is possible to 'update' the Keychain password to match the login password but only if you know the original Keychain password.

     

    As such your only solution is going to be to contact your previous admin so as to obtain the password from him.

     

    The other option would be to reset the password for each mailbox account.

     

    One final possibility, are the users of these mailboxes all Mac users still within your company? If so then their Keychain is likely to have their mailbox password in it. Therefore looking in their Keychain may let you find this out although it would not let you find out the servers Keychain password.

  • by MartinBardejov,

    MartinBardejov MartinBardejov Jan 26, 2015 5:39 AM in response to John Lockwood
    Level 1 (0 points)
    Jan 26, 2015 5:39 AM in response to John Lockwood

    Thanks for your response. As I´m in no way expert on Apples, I´d like to ask you if I can reset passwords for mailboxes without knowing original passwords. The workstations are gone, so there is only server where the mailboxes are stored. No original admin password and the guy woldn´t give it to us

  • by John Lockwood,

    John Lockwood John Lockwood Jan 26, 2015 6:48 AM in response to MartinBardejov
    Level 6 (9,309 points)
    Servers Enterprise
    Jan 26, 2015 6:48 AM in response to MartinBardejov

    If your Mail server is a Mac and you are also using Open Directory then you would reset the password for the mailbox and the user account via either Workgroup Manager or via Server.app.

     

    You would need to run Workgroup Manager or Server.app on any Mac, it does not have to be run on the Server and then connect (whichever) to the Server. You may also have to enter the Open Directory Admin user name and password which is not the same as the server's login account. The following describes how to reset the Open Directory Administrator account if needed.

     

    See OS X Server: How to reset the Open Directory administrator password - Apple Support

  • by MartinBardejov,

    MartinBardejov MartinBardejov Jan 27, 2015 1:23 AM in response to John Lockwood
    Level 1 (0 points)
    Jan 27, 2015 1:23 AM in response to John Lockwood

    But that still would not be possible if I don´t have admin password. Also on the server there is Snow Leopard 10.6. OS:

  • by John Lockwood,

    John Lockwood John Lockwood Jan 27, 2015 2:35 AM in response to MartinBardejov
    Level 6 (9,309 points)
    Servers Enterprise
    Jan 27, 2015 2:35 AM in response to MartinBardejov

    MartinBardejov wrote:

     

    But that still would not be possible if I don´t have admin password. Also on the server there is Snow Leopard 10.6. OS:

     

    I got the impression you had already successfully reset the admin password and hence encountered the Keychain problem of the keychain password being different. In case you have not here are the details.

     

    1. You boot the Xserve from an installer disc, you then follow the instructions here OS X: Changing or resetting an account password (Snow Leopard and earlier) - Apple Support this will let you reset the admin password for the Xserve but will not reset the keychain password, you will not be able to use the keychain unless you get the original password. You therefore may have to accept this and tell it to reset the keychain i.e. create a new empty one.

     

    2. You can reset the Open Directory admin (often called diradmin) password as per my previous answer and as per this article OS X Server: How to reset the Open Directory administrator password - Apple Support

     

    3. You can then run Workgroup Manager, you will have to enter the new admin and diradmin passwords in the appropriate places. You can then use Workgroup Manager to reset each user account password. You use the admin account and password to 'login' to Workgroup Manager, and after that you 'authenticate' to Open Directory at the top of the window where there is a tiny padlock and enter the diradmin password.