After upgrading to ILOM 5.x, password locking is enabled. So root account could be locked after you change password, especially you forgot change it in oem. You can find more detail in Doc ID 2670512.1 .
If the root account is locked, you must unlock and changing password cannot unlock the account. As you cannot connect to ilom , you must use ipmitool sunoem cli .Let me show you how to unlock root account.
$ dcli -c dm42db03-m -l root " ipmitool sunoem cli 'show /SP/users/root' " dm42db03-m: Connected. Use ^D to exit. dm42db03-m: -> show /SP/users/root dm42db03-m: dm42db03-m: /SP/users/root dm42db03-m: Targets: dm42db03-m: ssh dm42db03-m: dm42db03-m: Properties: dm42db03-m: role = aucro dm42db03-m: password = ***** dm42db03-m: locked = true dm42db03-m: dm42db03-m: Commands: dm42db03-m: cd dm42db03-m: set dm42db03-m: show dm42db03-m: dm42db03-m: -> Session closed dm42db03-m: Disconnected $ dcli -c dm42db03-m -l root " ipmitool sunoem cli 'set /SP/users/root locked=false ' " 42db03-m: Connected. Use ^D to exit. 42db03-m: -> set /SP/users/root locked=false 42db03-m: Set 'locked' to 'false' 42db03-m: 42db03-m: -> Session closed 42db03-m: Disconnected
We can disable account lock property in ilom
-> show /SP/preferences/password_policy/account_lockout
/SP/preferences/password_policy/account_lockout
Targets:
Properties:
delay_time = 720 (12h)
attempts = 12
delay = enabled
state = enabled
Commands:
cd
set
show
-> set /SP/preferences/password_policy/account_lockout state=disabled
All user failed login attempts will be cleared. Do you want to continue (y/n)? y
Set 'state' to 'disabled'
We can also disable this account lock property for all dbnodes and cells.
dcli -g dbnodes -l root " ipmitool sunoem cli 'set /SP/preferences/password_policy/account_lockout state=disabled ' y " dcli -g cells -l root " ipmitool sunoem cli 'set /SP/preferences/password_policy/account_lockout state=disabled ' y "
Oracle DBA Insights 