Reset Administrator password failed

Dear all,
I have trouble using the CLI
couchbase-cli reset-admin-password --regenerate
which seems obvious… but it is not working on my cluster.

I’m on couchbase-server-6.0.1-2037.x86_64.

any idea why I can’t reset the Administrator password ?

What error do you get ?

I have no error. That is actually my problem.
The cmd line returns a new password, but when using it, I can’t connect to the web interface.

I tried to enable/disable the web access (couchbase-cli setting-security --disable-http-ui ) also, but I have got the the message :
ERROR: unable to access the REST API - please check your username (-u) and password (-p)

So now I’m wondering if the user named ‘Administrator’ is a ‘default-hard-coded-user’ , do you know that ?

It is not hard coded, that admin user is set up when you first set up the cluster, you can chose it. You no longer remember it?

I’m not the person who installed the machine and he left the company.

Can we find this local admin username somewhere ?

Check /opt/couchbase/var/lib/couchbase/isasl.pw … likely the first entry in the list … user should be under the “n” field.

Ok, thank you very much for the tip.
It is actually matching and the command line couchbase-cli reset-admin-password works fine on this user.

On my first cluster I can see the local admin username from the web ui.
On my second cluster, I cannot see this local admin username from the webui
It is confusing me. I know that we can disable local admin http-ui , but can we hide this local admin account ?

The local admin user that is first created at the birth of the cluster should not show up.
If you are seeing a Full Admin user on the Web UI, this means that someone has created a new user with Full Admin privileges, separate from the original one. Also what is the concern here? Not all roles can access and change users … Roles like Security Admins and Full Admins, for examples, are ones that can see and edit users.

I am full admin on all my clusters, and I have my external ldap account to connect.
But anyway, we need to keep a local admin account in case of issue with ldap.

on my cluster 1:

  • original admin is ‘cbadmin
    • seen from /opt/couchbase/var/lib/couchbase/isasl.pw
    • password is changing well using couchbase-cli reset-admin-password
  • cbadmindoes show up on Web UI

on my cluster 2 and 3 :

  • original admin is ‘Administrator
    • seen from /opt/couchbase/var/lib/couchbase/isasl.pw
  • Administratordoes not show up on Web UI

On my cluster 1, I guess the guy has created a local admin also named ‘cbadmin’ from the Web UI .

For cluster 1, I think your guess is correct … I suspect that someone explicitly created user called “cbadmin” … the original admin one was also called “cbadmin”.

Yes thank you all solved and understood.

  • The original local administrator is created at cluster bootstrap.
  • There is no “default local admin” username.
  • The original local admin is not showed on the Web UI.
  • It is possible to create a local user with admin(/other) rights from Web UI with the same name as the original local admin:
    • deleting this user from Web UI does not delete the original local admin (of course, but I wondered, I tested, no problem)