Did you forgot your Node Manager Username and Password?
Posted by Dirk Nachbar on Tuesday, October 18, 2016
Long time ago I've been publishing a blog post "Did you forgot your WebLogic Admin User Password?", now it's time to have a look on the topic, did you forgot your Node Manager Username and Password?
The following steps are working with Oracle WebLogic Server 12.x
Login to the server which is hosting your Oracle WebLogic Server environment and start the wlst utility and connect as weblogic user to your WebLogic Domain:
In order to test the correctness of the above retrieved values for the Node Manager Username and Password just perform a short connection test.
After you have successfully verified the retrieved data, you should switch back the ClearTextCredentialAccessEnabled to false
With just some simple commands within wlst you can retrieve the Username and Password of your Node Manager User.
The following steps are working with Oracle WebLogic Server 12.x
Login to the server which is hosting your Oracle WebLogic Server environment and start the wlst utility and connect as weblogic user to your WebLogic Domain:
$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
#
# At first we connect with the weblogic user to our WebLogic Domain
#
wls:/offline> connect('weblogic','Welcome01','wls122:7001')
Connecting to t3://wls122:7001 with userid weblogic ...
Successfully connected to Admin Server "DemoAdminServer" that belongs to domain "demo_domain".
Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
#
# Switch to the edit mode
#
wls:/demo_domain/serverConfig/> edit()
Location changed to edit tree.
This is a writable tree with DomainMBean as the root.
To make changes you will need to start an edit session via startEdit().
For more help, use help('edit').
#
# Perform startEdit
#
wls:/demo_domain/edit/> startEdit()
Starting an edit session ...
Started edit session, be sure to save and activate your changes once you are done.
#
# Change to the SecurityConfiguration Tree of your Domain,
# replace the Domain Name with your Domain Name
#
wls:/demo_domain/edit/ !> cd('SecurityConfiguration/demo_domain')
#
# List all configuration beans, attribute names and values of the current tree
# You can see the Node Manager Username under the attribute name NodeManagerUsername
# The Password of the Node Manager Username is not visible under the attribute NodeManagerPassword
# The attribute ClearTextCredentialAccessEnabled is set to false
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> ls()
dr-- CertRevoc
dr-- DefaultRealm
dr-- JASPIC
dr-- Realms
dr-- SecureMode
-rw- AdministrativeIdentityDomain null
-rw- AnonymousAdminLookupEnabled false
-rw- ClearTextCredentialAccessEnabled false
-rw- CompatibilityConnectionFiltersEnabled false
-rw- ConnectionFilter null
-rw- ConnectionFilterRules null
-rw- ConnectionLoggerEnabled false
-rw- ConsoleFullDelegationEnabled false
-rw- Credential ******
-rw- CredentialEncrypted ******
-rw- CrossDomainSecurityEnabled false
-rw- DowngradeUntrustedPrincipals false
-r-- DynamicallyCreated false
-rw- EnforceStrictURLPattern true
-rw- EnforceValidBasicAuthCredentials true
-rw- ExcludedDomainNames null
-r-- Id 0
-rw- IdentityDomainAwareProvidersRequired false
-rw- Name demo_domain
-rw- NodeManagerPassword ******
-rw- NodeManagerPasswordEncrypted ******
-rw- NodeManagerUsername nodemanager
-rw- NonceTimeoutSeconds 120
-rw- Notes null
-rw- PrincipalEqualsCaseInsensitive false
-rw- PrincipalEqualsCompareDnAndGuid false
-rw- Tags null
-r-- Type SecurityConfiguration
-rw- UseKSSForDemo false
-rw- WebAppFilesCaseInsensitive false
-r-x addTag Boolean : String(tag)
-r-x findDefaultRealm WebLogicMBean :
-r-x findRealm WebLogicMBean : String(realmDisplayName)
-r-x findRealms WebLogicMBean[] :
-r-x freezeCurrentValue Void : String(attributeName)
-r-x generateCredential [B :
-r-x getInheritedProperties String[] : String[](propertyNames)
-r-x isInherited Boolean : String(propertyName)
-r-x isSet Boolean : String(propertyName)
-r-x removeTag Boolean : String(tag)
-r-x restoreDefaultValue Void : String(attributeName)
-r-x unSet Void : String(propertyName)
#
# Now lets switch the attribute setClearTextCredentialAccessEnabled to true
# and perform the listing again, I will only show the modified attribute
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> cmo.setClearTextCredentialAccessEnabled(true)
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> ls()
. . .
. . .
-rw- ClearTextCredentialAccessEnabled true
. . .
. . .
#
# Now validate, save and activate the changes
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> validate()
Validating changes ...
Validated the changes successfully
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> save()
Saving all your changes ...
Saved all your changes successfully.
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> activate()
Activating all your changes, this may take a while ...
The edit lock associated with this edit session is released once the activation is completed.
Activation completed
#
# Now we can retrieve the password of the Node Manager User
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> get('/SecurityConfiguration/demo_domain/NodeManagerPassword')
'Oracle12c'
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> exit()
In order to test the correctness of the above retrieved values for the Node Manager Username and Password just perform a short connection test.
$ORACLE_HOME/oracle_common/common/bin/wlst.sh Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands # # Perform a nmConnect with the above retrieved data # for the Node Manager Username and Password # wls:/offline> nmConnect(domainName='demo_domain', username='nodemanager', password='Oracle12c') Connecting to Node Manager ... Successfully Connected to Node Manager. wls:/nm/demo_domain> nmDisconnect() Successfully disconnected from Node Manager. wls:/offline> exit()
After you have successfully verified the retrieved data, you should switch back the ClearTextCredentialAccessEnabled to false
$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
#
# At first we connect with the weblogic user to our WebLogic Domain
#
wls:/offline> connect('weblogic','Welcome01','wls122:7001')
Connecting to t3://wls122:7001 with userid weblogic ...
Successfully connected to Admin Server "DemoAdminServer" that belongs to domain "demo_domain".
Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
#
# Switch to the edit mode
#
wls:/demo_domain/serverConfig/> edit()
Location changed to edit tree.
This is a writable tree with DomainMBean as the root.
To make changes you will need to start an edit session via startEdit().
For more help, use help('edit').
#
# Perform startEdit
#
wls:/demo_domain/edit/> startEdit()
Starting an edit session ...
Started edit session, be sure to save and activate your changes once you are done.
#
# Change to the SecurityConfiguration Tree of your Domain,
# replace the Domain Name with your Domain Name
#
wls:/demo_domain/edit/ !> cd('SecurityConfiguration/demo_domain')
#
# Switch back the value for ClearTextCredentialAccessEnabled to false
# and validate, save and activate your changes
#
wls:/demo_domain/edit/ !> cmo.setClearTextCredentialAccessEnabled(false)
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> validate()
Validating changes ...
Validated the changes successfully
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> save()
Saving all your changes ...
Saved all your changes successfully.
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> activate()
Activating all your changes, this may take a while ...
The edit lock associated with this edit session is released once the activation is completed.
Activation completed
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> exit()
With just some simple commands within wlst you can retrieve the Username and Password of your Node Manager User.
Categories: Oracle WebLogic Server 12c
