How to reset a forgotten admin password in Nexus 3.x

  1. Shut down nexus, and backup your <Nexus Data Directory>/db
  2. Access the OrientDB console using these instructions.
  3. Run the following command:
    connect plocal:../sonatype-work/nexus3/db/security admin admin

    You may need to adjust the path used in the connect statement depending on the location of your nexus data directory. It should be the path to the "db/security" directory in your data directory. An absolute path may be used.

  4. After the connect command succeeds, issue this command in the console to update the admin user password to the default value:

    update user SET password="$shiro1$SHA-512$1024$NE+wqQq/TmjZMvfI7ENh/g==$V4yPw8T64UQ6GfJfxYq2hLsVrBY8D1v+bktfOxGdt4b/9BthpWPNUy/CBk6V9iA0nHpzYzJFWO8v/tZFtES8CA==" UPSERT WHERE id="admin"

    The query language is sql-like , but it is not SQL. See the OrientDB Command Reference.

    At this point, the admin user should be able to authenticate if the default security realms are in still in place. Verify you can login as the admin user using your web browser.

  5. Optional, if the admin user still fails to authenticate: If the default security realms were removed from the active list, the default admin user will still not be able to authenticate, despite resetting the password.

    To reset the default security realms, enter this command at the karaf prompt:
    delete from realm

    After this command succeeds and Nexus is restarted, the default security realms will be activated and any custom activated realms will have been removed.

    An admin user will then have to add back in any other security realms they had previously ( such as LDAP) using the Realms UI, to allow other users to authenticate.

  6. Optional, if the admin user is missing the "nx-admin" role:

    Check to see what roles the "admin" user has assigned to them:

    select * from user_role_mapping where userID = "admin"

    If they are missing "nx-admin" use this command at the karaf prompt to fix:

    update user_role_mapping set roles = ["nx-admin"] where userID = "admin"  
  7. Optional, check to see if the admin user is active:

    Check to see if the "admin" user is active:

    select status from user where id = "admin"

    If they are not active, use this to make them active:

    update user set status="active" upsert where id="admin"
  8. To end the console session gracefully type "exit".

  9. Start Nexus again using ./bin/nexus start or your regular service control command.
Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk