Set NSX-T 3.1.1 Password Expiration Policy for Home Labs
If you run a home lab like I do then sometimes VM’s are powered off until you need them. In my case I use NSX but not as frequently as I’d like to. So its not uncommon for my NSX manager passwords to expire. VMware NSX-T has a preconfigured password expiration policy of 90 days. When the password expiration day is near, a notification is displayed in the Web interface OR in my case they already expired so you can’t login. There are 3 preconfigured local users: admin, audit, and root. All passwords have to be changed after 90 days. In this blog I’m going to cover how I set the policy to not expire.
First off a bit of warning — I wouldn’t recommend this for a production environment and I’d follow your best practices around password policies.
Environment:
There are 3 x ESXi 7u2d Hosts with 3 NSX-T 3.1.1 Manager Nodes in my enviroment. The NSX-T Manager Nodes have a virtual IP (VIP) that allows me to access the NSX Web GUI. No Edge Nodes are installed.
Pre-Steps:
- Ensure your vSphere Hosts are in a health state and all NSX Manager VM’s are powered on
- Ensure you can logon to the NSX-T Environment as Admin and Root on all Management nodes. Update Passwords if needed.
- If your admin password has already expired then, logon via SSH to the NSX VIP as admin and update the password. If you logon as root it will not enable the NSX CLI commands.
Steps:
The following commands can be used to remove the password expiration policy. If you have multiple manager appliances, the commands only need to be executed on one node.
- Connect directly to a NSX-T Manager or the VIP address with SSH
- Login as admin << this is key to enable the NSX CLI Command set
- Enter clear user [username] password-expiration
- NSXMGR220> clear user admin password-expiration
NSXMGR220> clear user root password-expiration
NSXMGR220> clear user audit password-expiration
- NSXMGR220> clear user admin password-expiration
- Validate the password expiration with get user [username] password-expiration
- NSXMGR220> get user admin password-expiration
Sat Nov 06 2021 UTC 18:52:00.552
Password expiration not configured for this user
- NSXMGR220> get user admin password-expiration
November 29, 2021 at 1:37 pm
[…] This content was originally published here. […]
LikeLike