8/23/2016

JOOSAN NVR Admin Password Reset

JOOSAN NVR Admin Password Reset

I purchased a 4 Camera Wireless Surveillance NVR kit from CCTV Systems on Amazon in 2016. Somehow the password for the admin account stopped working, and I don't remember changing it. It had better not happen again, or I might return the unit! Without the admin password, I was unable to change any settings on the device.

When I got stuck without being able to login as admin, thankfully the vendor, CCTV Systems was able to tell me how to reset the admin password. Apparently, if they know the date on your unit, then they can generate a password for admin account that will allow a login, which is a bit scary. Maybe my unit won't be running with the actual date...

When I told them that the date had been reset to 1970/01/01 because I had unplugged the battery from the unit in trying to reset the system, they gave me a different solution. Here is what I was told via email:

This date is not normal.
So now you can on the screen of login,and input the wrong password,when it pop-up a message with invalid password,you can right-click,left-click  with the mouse,cycle times.Then it will let you reset the user and password.

This led to me developing the following procedure to reset the admin password for the JOOSAN NVR:

  1. Unplug the unit.
  2. Open the top cover by unscrewing the necessary screws.
  3. Remove the battery from the unit by pulling it up.
  4. Replace the battery and cover after a minute or two.
  5. Power the unit back on and wait until system is initialized.
  6. Right-click to try System Setup.
  7. Attempt to login as admin with the wrong password.
  8. Alternately, right-click and left-click several times. 
  9. A dialog should pop up and let you reset the admin password back to nothing or being blank.

Here are some steps you will want to perform after resetting the system.


Reset the time:

  1. Right-click to go to System setup.
  2. Click General setup on the top, Time setup on the left, and set up the time in the middle.
  3. Be sure to click Apply before you click OK.

Reset the admin user password:

  1. Right-click to go to System setup.
  2. Click System Admin on the top, User management on the left.
  3. Select the row of the admin user.
  4. Click the Set password button.
  5. Type the old admin password or leave it blank after resetting the system.
  6. Type and repeat the new password.
  7. Click the Ok button.
Since resetting the admin password, I have also created an extra super user account to avoid being locked out in the future by using System Admin, User management, Add user. In addition, I created an account for family members that can be used for just viewing the cameras.

I hope this helps you! Best wishes!

8/21/2016

LDAP: On-Line Configuration (OLC) and Static slapd.conf

LDAP: On-Line Configuration (OLC) and Static slapd.conf


Installing OpenLDAP 

To install both the client and server packages on RHEL/CentOS 7:

yum -y install openldap-servers openldap-clients

Enable and start the service:

systemctl enable slapd
systemctl start slapd


OLC

Until OpenLDAP 2.3, an OpenLDAP server was configured by editing a /etc/openldap/slapd.conf. This required that the server had to be restarted to make changes to the server configuration.

With OpenLDAP 2.3+ On-Line Configuration of the server was made possible by adding a Directory Information Tree (DIT) called cn=config.

To view the OLC, you can execute as root:

ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=config


olcSuffix, olcRootDN and olcRootPW
The first step in configuring your domain will be to set the suffix for the DIT for your domain, the information about the administrative user's Distinguished Name (DN) and password. The olcRootDN must end with the same suffix specified by the olcSuffix.

Create an LDIF file with the follow contents updated for your own domain, and the olcRootPW generated by executing slappasswd. This information can then be modified on the LDAP server with the following command:

ldapmodify -H ldapi:/// -Y EXTERNAL -f olc-root.ldif

olc-root.ldif:


dn:  olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=samba,dc=org
-
replace: olcRootDN
olcRootDN: cn=admin,dc=samba,dc=org
-
replace: olcRootPW
olcRootPW: {SSHA}GTeZbB7rpAMtPHVNxBZFN6ZFhwe+kINv

Configuring Logging with OLC

ldapmodify -H ldapi:/// -Y EXTERNAL -f olc-logging.ldif

olc-logging.ldif:

dn: cn=config
changetype: modify
add: olcLogFile
olcLogFile: /var/log/slapd.log
-
add: olcLogLevel
olcLogLevel: filter config acl



Configuring Organizational Units(OUs)

If want to configure the LDAP Directory to contain information for authenticating users of your domain, then you will need to create the following dcObject, organization, and organization unit entries. The simpleSecurityObject and organizationalRole entry can be used as a administrator account for the suffix. Entries for this suffix will need to be modified using the DN of this LDAP Administrator entry.

Create an LDIF file with the follow contents updated for your own domain, and then update the LDAP server by executing:

ldapadd -D cn=admin,dc=samba,dc=org -w secret -f olc-domain.ldif

olc-domain.ldif:

dn: dc=samba,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: samba.org
dc: samba

dn: cn=admin,dc=samba,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret

dn: ou=users,dc=samba,dc=org
objectClass: top
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=samba,dc=org
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: ou=idmap,dc=samba,dc=org
objectClass: top
objectClass: organizationalUnit
ou: idmap

dn: ou=computers,dc=samba,dc=org
objectClass: top
objectClass: organizationalUnit
ou: computers


Configuring OLC Schema

To discover which schema have been added to your server, you can execute the following query:

ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=schema,cn=config cn

Most installations will only have the "core" schema installed. The others that are often added for use in authentication by executing the following commands in order, otherwise an attribute that may be defined in one schema that cannot be referenced will prevent adding another schema. 

ldapadd -H ldapi:/// -Y EXTERNAL -f /etc/openldap/schema/cosine.ldif

ldapadd -H ldapi:/// -Y EXTERNAL -f /etc/openldap/schema/corba.ldif

ldapadd -H ldapi:/// -Y EXTERNAL -f \ /etc/openldap/schema/inetorgperson.ldif

ldapadd -H ldapi:/// -Y EXTERNAL -f \
/usr/share/doc/samba-4.2.3/LDAP/samba.ldif





About Me - WrightRocket

My photo

I've worked with computers for over 30 years, programming, administering, using and building them from scratch.

I'm an instructor for technical computer courses, an editor and developer of training manuals, and an Android developer.