.
Sonatype Nexus Repository 3 includes a default 'admin' Administrator user account.
Versions before 3.17.0 had the default password of this account set to admin123 by default.
New installations of version 3.17.0 or newer do not have a set default password.
The following steps explain how to restore the default admin user account and set its password to "admin123"
Reset Admin User using embedded OrientDB Database
- Shut down nexus, and backup your <Nexus Data Directory>
/db
- Access the OrientDB console using these instructions.
- Run the following command:
connect plocal:../sonatype-work/
nexus3/db/security admin admin You may need to adjust the path used in the connect statement depending on the location of your nexus data directory. It should be the path to the "db/security" directory in your data directory. An absolute path may be used.
- After the connect command succeeds, check that the admin user exists:
select * from user where id = "admin"
If the admin user does exist, issue this command in the console to update the admin user password to admin123 :
update user SET password="$shiro1$SHA-512$1024$NE+wqQq/TmjZMvfI7ENh/g==$V4yPw8T64UQ6GfJfxYq2hLsVrBY8D1v+bktfOxGdt4b/9BthpWPNUy/CBk6V9iA0nHpzYzJFWO8v/tZFtES8CA==" UPSERT WHERE id="admin"
If the admin user does not exist, then issue the following two INSERT commands in the console to insert the admin user with password admin123 and the default roll mapping:
INSERT INTO user (status, id, firstName, lastName, email, password) VALUES ('active', 'admin', 'admin', 'admin', 'changeme@yourcompany.com', '$shiro1$SHA-512$1024$NE+wqQq/TmjZMvfI7ENh/g==$V4yPw8T64UQ6GfJfxYq2hLsVrBY8D1v+bktfOxGdt4b/9BthpWPNUy/CBk6V9iA0nHpzYzJFWO8v/tZFtES8CA==')
INSERT INTO user_role_mapping (userId, source, roles) VALUES ('admin', 'default', 'nx-admin')
The query language is sql-like , but it is not SQL. See the OrientDB Command Reference.
At this point, the admin user should be able to authenticate if the default security realms are in still in place. Verify you can login as the admin user using your web browser.
-
Optional, if the admin user still fails to authenticate: If the default security realms were removed from the active list, the default admin user will still not be able to authenticate, despite resetting the password.
To reset the default security realms, enter this command at the orientdb console prompt:delete from realm
After this command succeeds and Nexus is restarted, the default security realms will be activated and any custom activated realms will have been removed.
An admin user will then have to add back in any other security realms they had previously ( such as LDAP) using the Realms UI, to allow other users to authenticate. -
Optional, if the admin user is missing the "nx-admin" role:
Check to see what roles the "admin" user has assigned to them:
select * from user_role_mapping where userID = "admin"
If they are missing "nx-admin" use this command at the orientdb console prompt to fix:
update user_role_mapping set roles = ["nx-admin"] where userID = "admin"
-
Optional, check to see if the admin user is active:
Check to see if the "admin" user is active:
select status from user where id = "admin"
If they are not active, use this to make them active:
update user set status="active" upsert where id="admin"
-
To end the console session gracefully type "exit".
- Start Nexus again using
./bin/nexus start
or your regular service control command.
Reset Admin User using H2 or PostgreSQL Database
If Postgres or h2 database is used as the Nexus DB, certain SQL statements may differ slightly due to changes in the DB schema. Note: If you are using h2 database see "Database Console for h2 Database" below to get a console prompt.
1. Check for existing admin user
select * from security_user where id='admin';
Update or insert an active admin user with default password "admin123"
update security_user SET password='$shiro1$SHA-512$1024$NE+wqQq/TmjZMvfI7ENh/g==$V4yPw8T64UQ6GfJfxYq2hLsVrBY8D1v+bktfOxGdt4b/9BthpWPNUy/CBk6V9iA0nHpzYzJFWO8v/tZFtES8CA==', status='active' WHERE id='admin';
or
insert into security_user (status, id, first_name, last_name, email, password) VALUES ('active', 'admin', 'admin', 'admin', 'admin@example.org', '$shiro1$SHA-512$1024$NE+wqQq/TmjZMvfI7ENh/g==$V4yPw8T64UQ6GfJfxYq2hLsVrBY8D1v+bktfOxGdt4b/9BthpWPNUy/CBk6V9iA0nHpzYzJFWO8v/tZFtES8CA==');
2. Check for existing admin user role mapping
select * from user_role_mapping where user_id = 'admin';
Update or insert an admin user role mapping
update user_role_mapping set roles='["nx-admin"]' where user_id = 'admin';
or
insert into user_role_mapping (user_id, user_lo, source, roles) VALUES ('admin', 'admin', 'default', '["nx-admin"]');
3. Check authentication realms
select * from realm_configuration;
Update or insert default authentication realms
update realm_configuration SET realm_names = '["NexusAuthenticatingRealm", "NexusAuthorizingRealm"]' where id = 1;
or
insert into realm_configuration (id, realm_names) values (1, '["NexusAuthenticatingRealm", "NexusAuthorizingRealm"]');
RESTART NEXUS to ensure the above changes take effect.
Database Console for h2 Database
To get a database console prompt when using h2 database add these properties to $datadir/etc/nexus.properties:
nexus.h2.httpListenerEnabled=true
nexus.h2.httpListenerPort=1234
Then start Nexus Repo, and visit the port configured in httpListenerPort in a web browser:
And then connect to:
Save Settings: Generic H2 (Embedded)
Driver: org.h2.Driver
JDBC URL: jdbc:h2:file:nexus
username: <LEAVE BLANK>
password: <LEAVE BLANK>