If you have forgotten all passwords for accessing the WebAdmin (i.e., the 'admin' account) and/or the UTM console user accounts (i.e., 'loginuser' and root) there is still a way to regain access.
This article explains how you can regain access to the WebAdmin if you have been locked out or go further and fully reset the different console users' passwords.
Applies to the following Sophos product(s) and version(s) Sophos UTM
Operating systems V7, V8, V9
If you cannot login to the WebAdmin with the 'admin' account but you know the password for root and have either direct access to the UTM or can connect to the UTM with SSH follow steps one to five below. Otherwise see the section 'Reset all passwords' below.
The next attempt to access the WebAdmin will show the 'Admin password setup' screen where you can enter a new password for the 'admin' account as show in the screenshot below.
Note: performing the above steps will also reset both the loginuser and root SSH passwords. To reset them, you'll have to browse to Management > System Settings > Shell Access > Shell user passwords, or if you're still logged into the console (as root), enter:
passwd loginuser password root
Important note: due to a known issue with USB keyboard drivers not being loaded correctly when accessing the bash recovery environment, the steps in this section after step 10 are not possible with certain firmware versions. Please ensure your UTM is updated to the latest firmware version to prevent being affected by this issue.
Known affected versions: 9.104-9.111, 9.205-9.209, 9.300-9.307 (for SG-series UTMs) Known unaffected versions: 9.112, 9.210, 9.308+
On UTM hardware appliances, or software appliances where it is not possible to login to the console (when the passwords are missing), it is still possible to reset the passwords if you have direct physical access to the UTM.
Note: On a hardware appliance you must connect a keyboard and monitor to the UTM in order to interrupt the boot sequence.
You now have access to the WebAdmin and have reset the console user accounts' passwords.
If you cannot reach the WebAdmin login page, the allowed networks may have changed. You can reset the allowed networks for WebAdmin via the following commands.
If you encounter any problems with resetting the password while both units are online, it may be necessary to power down the secondary unit(s), then reset the password on the master unit, once that is working, power the other unit(s) back on and they should sync the updated passwords as well.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.