Use Linux to reset Windows server administrator password

Jephe Wu

It's possible you might forget your Windows server administrator password or it's locked after you tried too many times. But don't worry, there's a nice tool 'chntpw' which can help you to reset and unlock it. The following example was tested on Windows 2003 server.

1. download the Linux rescue CD - RIP(Recovery Is Possible)
note: to reduce download time. Non-X version is enough.
2. reboot your Windows server with this CD, you might want to choose option 2 to skip keyboard map
3. login as root without password
4. run the following commands to mount Windows 2003 server partition as read-write
cd /mnt

mount -t ntfs-3g /dev/sda1 win -o force
(assuming your Windows partition is /dev/sda1, you can use fdisk command to find out)
note: to make sure you mounted Windows partition as read/write, you can try to run command
touch /mnt/win/testfile to confirm it won't give you any error.

cd win/WIN2K03/system32/config

chntpw SAM

then follow the screen instruction
first, answer y to reset/unlock the counters
then enter * to blank password
finally, enter y all the way to finish

5. finishing up
cd /mnt
umount win

1. you can use chntpw SAM -l to list all Windows users
2. use chntpw SAM -u user1 to unlock/reset user1 password
3.  (NTFS 3G website)

Cloning a CD under Linux command line

Jephe Wu(

It's easy to clone a standard CD under Linux command line, the following are the steps:

1. find out the volume size (assuming your cdrom is /dev/hdc)
# isoinfo -d -i /dev/hdc
record down volume size (e.g. 53488)

2. generate md5sum from CD
# dd if=/dev/hdc bs=2048 count=53488 | md5sum

3. generating iso file from the existing CD
# dd if=/dev/hdc of=/linuxtechres.iso bs=2048 count=53488 conv=notrunc

4. generate md5sum from iso file
# md5sum /linuxtechres.iso
make sure the output is the same as the step 2

5. burn the iso file

# cdrecord dev=/dev/hdc speed=10 padsize=63s -pad -dao -v -eject /linuxtechres.iso

a. always use padsize=63s -pad -dao to generate a CDR which can be used anywhere.
b. do not use the maximum speed your cd writer can support, use a bit lower speed to write.

6. verify the CD
a. put in CDR, run command 'isoinfo -d -i /dev/hdc' to find out volume size value, let's say it's 53488
b. dd if=/dev/hdc bs=2048 count=53488 | md5sum
make sure the output is the same as step 2 and 4.

That's it.

Cloning a Linux server - from IDE to SCSI

Jephe Wu

If your source and destination are the same kind of hard disk, you can refer to the previous articles at cloning a linux server - scenery 2.

In case you need to clone Linux server from ide hard disk to scsi hard disk, after you did the steps that mentioned in the above link, you have to modify initrd.img to include scsi driver.

1. modify initrd.img
I assume you are using 2.6 kernel, the initrd.img format are different if you are using kernel 2.4. Kernel 2.6 for initrd.img is cpio archive after unzip while kernel 2.4 for initrd.img is loopback file system after unzip.

The following are the steps to add scsi driver to initrd.img

1. preparation
cp /boot/initrd.img /tmp/a
cd /tmp
zcat a > a1
mkdir a1.dir
cd a1.dir
cpio -iv < ../a1

or one command like this:
cd /tmp; mkdir initrd; cd initrd
gzip -dc /boot/initrd.img | cpio -id

2. modification
vi init ( add scsi driver modules in init as well as put them in lib/ folder)
after modification, it should be like this:

[root@linuxtechres jephe]# more init
mount -t proc /proc /proc
echo Mounted /proc filesystem
echo Mounting sysfs
mount -t sysfs none /sys
echo Creating /dev
mount -o mode=0755 -t tmpfs none /dev
mknod /dev/console c 5 1
mknod /dev/null c 1 3
mknod /dev/zero c 1 5
mknod /dev/sda3 b 8 3 ---> added(assuming /dev/sda3 is your root partition)
mkdir /dev/pts
mkdir /dev/shm
echo Starting udev
echo -n "/sbin/hotplug" > /proc/sys/kernel/hotplug
echo "Loading jbd.ko module"
insmod /lib/jbd.ko
echo "Loading ext3.ko module"
insmod /lib/ext3.ko

insmod /lib/scsi_mod.ko
insmod /lib/sd_mod.ko
insmod /lib/sr_mod.ko
insmmod /lib/scsi_transport_spi.ko
insmod /lib/sym53c8xx.ko
# note: added above lines for sym53c8xx scsi drivers, please remember to put all necessary files from /lib/modules/KERNEL_VERSION/kernel/drivers/scsi to the above lib folder.

echo Creating root device
mkrootdev /dev/root
umount /sys
echo Mounting root filesystem
mount -o defaults --ro -t ext3 /dev/root /sysroot
mount -t tmpfs --bind /dev /sysroot/dev
echo Switching to new root
switchroot /sysroot
umount /initrd/dev

3. make changes finally
find . | cpio -co > ../c
cd ..
gzip c
cp c.gz /boot/initrd.img


find ./ | cpio -H newc -o > initrd.cpio
gzip initrd.cpio
mv initrd.cpio.gz initrd.img

1. make cpio -co not 'cpio -o', 'c' is very important parameter
2. make backup for /boot/initrd.img first.

4. modify /etc/modprobe.conf
add the following for scsi driver
alias scsi_hostadapter sym53c8xx

Note: If you are making changes for initrd.img for kernel 2.4, the following are the steps:
cd /boot
cp initrd.img /tmp/a.img -va
cd /tmp
zcat a.img > a
mkdir a.dir
mount -o loop a a.dir
cd a.dir
modify something for file init
cd ..
umount a.dir
cat a | gzip >

5. References

Cloning Windows server - using RIP and ntfsclone

Jephe Wu

RIP(Recovery Is Possible) CD can also be used for cloning Windows NTFS partition. If the source and destination servers have the same kind of hardwares, you can use the RIP and ntfsclone which comes with RIP CD to clone Windows NTFS partition.

Use ntfsclone to clone Windows server through network

on the source server(HP DL360)
1) properly shutdown your Windows. Boot from RIP CD, choice the second bootup option which loads everything in memory and skip keyboard map
2) ifconfig eth0 up (you can set any ip address, I use here)
4) passwd root (to change root password for remote ssh login later)
5) /usr/sbin/sshd (startup ssh daemon)
6) check ntfs partition information with commands below: (optional)
ntfsinfo -m -v /dev/cciss/c0d0p1 | less
ntfsinfo -i -v /dev/cciss/c0d0p1 | less
7) you might need to use command 'ntfsfix' to fix some basic problems such as Windows didn't shutdown properly before cloning.
ntfsfix /dev/cciss/c0d0p1

on the destination server:
1) boot from RIP CD too, same as what you did on the source
2) use 'fdisk' to make new partition(the size must be equal or greater than the server) (use id 7 (hpfs/ntfs).
you can also use 'sfdisk' to clone the partition table over like below if you'd like to have the exact same partition size.
ifconfig eth0 up
ssh 'sfdisk -d /dev/cciss/c0d0' | sfdisk /dev/cciss/c0d0
3) clone over the MBR code first(excluding partition table info)
ssh 'dd if=/dev/cciss/c0d0 count=1 bs=446' | dd of=/dev/cciss/c0d0
It might doesn't bootup properly if the destination server has the different kind of hard disk, you can try step 5 then to install MBR.
4) clone the ntfs partition content over
ssh 'ntfsclone -s -o - /dev/cciss/c0d0p1' | ntfsclone -r - -O /dev/cciss/c0d0p1
5) in case it doesn't boot up. try to boot from windows CD to recovery console mode to run 'fixmbr' to install the proper MBR

Note: if it doesn't boot up, in order to find out it's due to MBR or ntfsclone issue, you can boot with the RIP CD, then choose 'Boot MBR on first hard disk' option to check if Windows can boot up properly.

note: you can also use RIP and MBRFix program to easily fix the MBR, please refer my another article at

Use ntfsclone to backup Windows ntfs partition
If you want to do backup for the source Windows ntfs partition, you can do the following on the source after booting up with RIP CD

a. backup partition table
sfdisk -d /dev/cciss/c0d0 | ssh remoteserver 'cat > /path/to/c0d0_sfdisk-d'
for restore, use
ssh remoteserver 'cat /path/to/c0d0_sfdisk-d' | sfdisk /dev/cciss/c0d0

b. backup MBR
dd if=/dev/cciss/c0d0 count=1 bs=512 | ssh remoteserver 'dd of=/path/to/mbr_dd'
for restore, use
ssh remoteserver 'dd if=/path/to/mbr_dd' | dd of=/dev/cciss/c0d0

c. backup ntfs partition /dev/cciss/c0d0p1
ntfsclone -s -o - /dev/cciss/c0d0p1 |gzip -c | ssh remoteserver 'cat > /path/to/c0d0p1_ntfsclone.gz'
for restore, use
ssh remoteserver 'gzip -dc
/path/to/c0d0p1_ntfsclone.gz' | ntfsclone -r - -O /dev/cciss/c0d0p1

note: If the original hard disk is bad, you might want to use the parameters below during backup.

--force --ignore-fs-check


Cloning a Linux server - general method

Jephe Wu

Last time, we talked about using dd to do Linux server cloning for the same kind of hardwares - Cloning a Linux server - scenery 1. This time, we will introduce another general method for doing Linux server cloning.

I assume the source is using the normal partition which means it's not using software raid, LVM etc. For cloning Linux server with LVM partition, please check my another article at . My test environment is as follows:

the source:
a. HP DL380 (Intel Xeon CPU)
b. Redhat Enterprise Linux 4

the destination:
a. HP DL385G2 AMD64

The following are the cloning steps:

1. boot up the destination server from RIP(Recovery Is Possible) CD
You can choose the second options in GRUB bootup menu to load everything into memory and skip keyboard map option, then you can eject CD out before doing the following if you'd like to.

2. configure the IP address for the destination server( we use here)
ifconfig eth0 up

2. copy over the 3 files from the source(assuming server name is linuxtechres, the IP is
scp /etc/
scp /etc/
scp /etc/

3. clone the partition table over using sfdisk
Assuming /dev/cciss/c0d0p1 is / partition, /dev/cciss/c0d0p2 is the /boot partition.

ssh 'sfdisk -d /dev/cciss/c0d0' | sfdisk /dev/cciss/c0d0
mkfs -t ext3 /dev/cciss/c0d0p1
e2label /dev/cciss/c0d0p1 /
mkfs -t ext3 /dev/cciss/c0d0p2
e2label /dev/cciss/c0d0p2 /boot
Note: check your source server /etc/fstab so that you know why we use e2label to label the partition / and /boot. That's the default label name by Redhat Enterprise Linux for / and /boot partitions.
cd /mnt
mount /dev/cciss/c0d0p1 hd
cd hd
mkdir boot proc sys mnt ...
mount /dev/cciss/c0d0p2 boot
note: if you have some more partitions like /usr and /home etc, make sure you make file system for all partitions and give the correct label as what the source has, similar as the above steps.

4. clone everything over now
cd /mnt/hd
ssh 'cd /; tar --exclude ./proc --exclude ./sys --exclude ./mnt -cpf - .' | tar xvpf -
note: you might want to exclude some data folder or partitions also so that you can finish the cloning process earlier, after that, you can copy the data folder/partition separately. see the step 8
cd etc
rm -f mtab (because they will be generated by OS each time it boots up)
vi sysconfig/network-scripts/ifcfg-eth* ( to comment out hardware address lines and change ip address line to the destination IP)

5. install GRUB (if both the source and the destination are x86 32bit)
cd /mnt/hd
chroot .; grub_install hd0
In my case, I skiped this step and use step 7 to install GRUB since the destination is AMD64 CPU

6. umount those partition that you mounted before
exit (exit from chroot environment)
cd /mnt/hd
umount boot mnt
cd /mnt
umount hd

7. install GRUB on AMD64 servers
If you are cloning from x86_32 server to x86_64 server like AMD64, you have to
boot from the first x86_64 RedHat Enterprise Linux 4 CD to install GRUB
chroot /mnt/sysimage;grub_install hd0

8. rsync over the data partitions
after the OS boots up, you can use rsync to copy the data folder or partition over.
rsync -e ssh -P -avz source_ip_addr:/data/ /data/

That's it. Now you can bring up one more server which is exactly the same as the source.

Cloning a Linux server - use dd

Jephe Wu

One of the benefits of using Linux is that you don't have to install it every time, you can ALWAYS clone it despite the destination server hardware is the same as the source ones or not. There're two situations as follows:

1) exactly same hardwares.
2) different hardwares

For each situation, there're different ways to clone the servers. Today, I'll introduce how to clone server by using command dd.

In order to use dd. Generally, the destination server will be having the same kind of server model as the source, or at least the same kind of network card and hard disk.

dd will clone everything from source to destination, sector by sector. dd doesn't care about what kind of OS, it can apply to Windows too. The advantage is that you only need to use one command, the disadvantage is that it might take a bit longer since it will copy every sector of your hard disk, even there's no data on those sectors. If the time is not important to you, and the hardware is the almost same, it might be the best choice for you to clone servers.

The following is the steps I use.

a. keep the minimum application running on the source if possible.
Shutdown those services as long as you can. The idea here is to prevent anything from writing things to the hard disk during cloning process. However, according to my experience, it works well even if you don't shutdown anything, just keep the source server running as normal while cloning.

b. use RIP(Recovery is possible) CD to boot up the destination server.
You can download RIP CD from here. The smaller non-X version is enough, around 37M. Burn it to CD, boot up the destination server.

Normally, I choose the second GRUB bootup option for RIP so that I can eject out the CD after boot up, everything will be in memory only.

c. after booting up RIP, login as root(no password is needed), running the following commands to set up IP address:
ifconfig eth0 ip_address_here up (IP address here should be the same network segment as the source)

d. run the following commands to clone:
ssh source_server_ip 'dd if=/dev/sda' | dd of=/dev/sda

note: if the hard disk is HP hardware raid, it might be /dev/cciss/c0d0. Just replace it with yours.

Now you have to wait until it finish.

Note: the dd won't give you any process report as long as the things go well. However, you can use the command

pkill -USR1 ^dd$

to get the progress report, for more info, you can refer to this excellent article at
(How to make dd to give me progress report)

If you want to check remotely if it finish or not. Then you can run the following commands after setting up ip on destination server and before doing actual cloning:

passwd root (to change root password)
/usr/sbin/sshd (to start sshd daemon for remote login)

You can also boot up the source using RIP CD, then use the above commands to change root password for the source and start sshd daemon for you login from the destination server.

That's it. I'll introduce other methods for cloning servers for same kind of hardwares later.

Best standalone unix email program I've ever seen

Jephe Wu

I was trying to find an email program to send out email with attachment under Windows under Cygwin, also can specify which SMTP server to send, it should be a standalone program. I was surprised Cygwin already integrated an standalone email program that is just called 'email' which can meet all my needs.

With this program email, you can send out email with attachment, specify destination SMTP server, it supports SMTP authentication, GPG encryption, with a lot of other command line options. I strongly recommend it for using it under Linux/Unix and Windows with Cygwin environments. I heard some companies even use it for email marketing program.

With email, you don't have to take care of complicated Sendmail configuration, everything you need can be done with this standalone email program with some command line options.

--update: Nowadays, you can have some options such as ssmtp,msmtp,mailsend etc tools to achieve the same thing, even better, please refer to article link below:

How to send out email through Linux command line or Windows

HP ILO2 Authentication through OpenLDAP on HP DL385G2

Jephe Wu

Many companies are using HP servers because of the easier management of ILO(Integrated Lights-Out). After you deployed a large number of HP servers, you'll find one problem which is to manage all the ILO administrator password. Since the ILO provides the directory setting which you can use the centralized LDAP database for authentication, but HP doesn't documented how to configure it through OpenLDAP.

This articles guides you to configure a openldap server specially for doing HP ILO2 authentication. I'm using RedHat Enterprise Linux 4 update 5 and OpenLDAP. It's only being tested on HP DL385G2 server although it might be working for other models too.

The following is the some important concept for enabling ilo2 authentication through openldap.

On OpenLDAP:

  • Adding ‘memberOf’ attribute and ‘user’ objectclass into openldap (details later)
  • Allow version 2 binding in /etc/openldap/slapd.conf which is ‘allow bind_v2’
  • Slapd must also listen on port 636(ldaps)
On ILO2:

  • Using schema-free configuration in ILO
  • Specify port 636 and OpenLDAP servername or IP address
  • Configuring user context and group DN
Special schema for ilo auth in /etc/openldap/slapd.conf
[root@repo openldap]# grep -e ilo.schema -e bind_v2 /etc/openldap/slapd.conf
include /etc/openldap/schema/ilo.schema
allow bind_v2

[root@repo openldap]# grep TLS /etc/openldap/slapd.conf
TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
Note: must enable TLS for listening on port 636 for ilo ldaps connection

[root@repo openldap]# more /etc/openldap/schema/ilo.schema
attributetype (
NAME 'memberOf'
DESC 'Group which user belongs to'
EQUALITY distinguishedNameMatch

objectclass (
NAME 'memberOf'
DESC 'Required by Integrated Lights-Out for OpenLDAP '
MUST ( memberOf )

objectclass (
NAME 'user'
DESC 'Required by Integrated Lights-Out for OpenLDAP '
Import ldif
Note: replace ou=linuxtechres and dc=blogspot,dc=com with your organization ones.

[root@repo ldif]# more base.ldif
dn: dc=blogspot,dc=com
dc: blogspot
description: Root LDAP entry
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=linuxtechres,dc=blogspot,dc=com
objectclass: top
objectclass: organizationalunit
ou: linuxtechres

dn: ou=groups,ou=linuxtechres,dc=blogspot,dc=com
objectclass: top
objectclass: organizationalunit
ou: groups
dn: ou=users,ou=linuxtechres,dc=blogspot,dc=com
objectclass: top
objectclass: organizationalunit
ou: users
[root@repo ldif]# more user.ldif
dn: cn=jephe.wu,ou=users,ou=linuxtechres,dc=blogspot,dc=com
cn: jephe.wu
uid: jephe.wu
sn: Wu
uidnumber: 1000
homedirectory: /home/jephe.wu
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectclass: inetorgperson
objectClass: memberOf
objectClass: user
shadowLastChange: 13650
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
gidNumber: 100
displayname: Jephe Wu
userPassword: {SSHA}7znBGbK5/GMGWVryUuunxgQ87N8L38/b
memberOf: cn=iloadmin,ou=groups,ou=linuxtechres,dc=blogspot,dc=com
[root@repo ldif]# more groups.ldif
dn: cn=iloadmin,ou=groups,ou=linuxtechres,dc=blogspot,dc=com
cn: iloadmin
objectClass: top
objectClass: groupofnames
member: cn=jephe.wu,ou=linuxtechres,dc=blogspot,dc=com

ILO Configuration

Enable the following options on ILO2 (Administration-Security- Directory Settings)
Use Directory Default Schema
Local User Accounts Enabled
Directory Server Address: FQDN of openldap server or ip address
Directory Server LDAP Port 636
Directory User Context 1 ou=users,ou=linuxtechres,dc=blogspot,dc=com
Then go to ‘Administrator Groups’:
Security Group Distinguished Name cn=iloadmin,ou=groups,ou=linuxtechres,dc=blogspot,dc=com
Administer Group Accounts Allowed
Remote Console Access Allowed
Virtual Power and Reset Allowed
Virtual Media Allowed
Configure iLO 2 Settings Allowed

That's it. Now you can login ILO2 as jephe.wu with your openldap entry password for every HP servers in your data center which are configured with openldap authentication.