Default User Accounts for Oracle Zero Data Loss Recovery Appliance

The following table lists the default users and passwords for the Oracle Zero Data Loss Recovery Appliance components. All default passwords should be changed after installation of the Recovery Appliance.

Table 10-1 Default Users and Passwords for Oracle Zero Data Loss Recovery Appliance

Component User Name and Password

Compute servers

Operating system users:

  • root/welcome1

  • oracle/We1come$

  • raadmin/welcome1*

  • dbmadmin See note **.

  • dbmmonitor See note **.

  • raext/(locked and blocked from SSH access)

  • railm/(locked and blocked from SSH access)

  • rasys/(locked and blocked from SSH access)

  • rasec/(locked and blocked from SSH access)

  • Password for the GRUB boot loader: sos1Exadata

Note:

* raadmin is created by default at the time of installation. Installation step 7 locks root access after completing the raadmin setup. Users are promted for a password at that time, and all access to the Recovery Appliance is required to be performed as the raadmin user. All admin users created are part of the raadmin group, which includes the raadmin user.

Note:

** dbmadmin, dbmmonitor, celladmin, cellmonitor do not have a default password with Exadata 19.3.2.0.0. The password is set to a random string, and the passwords must be changed before it can be used.

Accounts:

  • RA_AUTO is an internal automation/service account used by Recovery Appliance components for background operations (job execution, maintenance tasks, monitoring/housekeeping workflows, etc.). This account is typically referenced by Oracle-supplied scripts and/or scheduled processes. It’s not intended for day-to-day human administration.

    Do not drop, rename, or repurpose RA_AUTO. Avoid interactive use except under Oracle Support direction. If you need to assess its scope: review its roles/system privileges and any scheduled jobs owned by it.

  • RA$ADMIN is a core administration account for Recovery Appliance management. This is commonly the primary database user used by RA management tooling to perform administrative functions. It is used for appliance-level administration tasks and to own/manage Recovery Appliance-specific metadata and operations.

    Treat RA$ADMIN as high privilege; restrict login and credential distribution. Prefer using approved administrative pathways (Recovery Appliance tooling/roles) rather than using RA$ADMIN directly for routine tasks. Do not alter grants/roles unless guided by Oracle Support.

Profiles:

  • RA_SYS is an Oracle-supplied database profile used forRecovery Appliance–related accounts and/or internal administrative users. This is used to apply a known, Oracle-controlled baseline of password and resource limits that support Recovery Appliance operations.

    Do not modify RA_SYS limits unless directed by Oracle Support. If you need a different policy for local/admin users, create a separate custom profile rather than changing Oracle-delivered ones.

  • RA_STIG is an Oracle-supplied profile intended to help align the appliance database with STIG-style security hardening expectations (Security Technical Implementation Guide). This profile provides a more restrictive password policy and related account controls commonly required under hardened/compliance baselines (e.g., stricter password aging, complexity/verification, lockout controls).

    Do not modify RA_STIG unless directed by Oracle Support. 

Database users:

Note:

Only local connections are allowed for externally authenticated users.

  • SYS/We1come$

  • SYSTEM/We1come$

  • raext/(externally authenticated)

  • ralim/(externally authenticated)

  • rasec/(externally authenticated)

  • rasys/change^Me2

OSB tape backup application users:

  • admin/welcome1

  • oracle/welcome1

  • encryption key wallet/welcome1

Storage servers

Note:

** dbmadmin, dbmmonitor, celladmin, cellmonitor do not have a default password with Exadata 19.3.2.0.0. The password is set to a random string, and the passwords must be changed before it can be used.

  • root/welcome1

  • celladmin See note **.

  • cellmonitor See note **.

  • CELLDIAG

    CELLDIAG is an Exadata storage software user, not an operating system user.

    The password of the CELLDIAG user is reset to a random password during the "Apply Security Fixes" step of Oracle Exadata Deployment Assistant. If this step is not run, then the default password is Welcome12345.

  • Password for the GRUB boot loader: sos1Exadata

RoCE Network Fabric

  • admin/welcome1

InfiniBand Network Fabric switches

  • root/welcome1

  • nm2user/changeme

  • ilom-admin/ilom-admin

  • ilom-operator/ilom-operator

Ethernet switches

admin/welcome1

Note: Secure the enable mode password and secret values for the admin user.

Power distribution units (PDUs)

  • admin/welcome1

    The password for the admin user is adm1n if you reset the PDU to factory default settings.

Compute server ILOMs

  • root/welcome1

  • MSUser

    Management Server (MS) uses this account to manage ILOM and reset it if it detects a hang.

    Do not modify this account. This account is to be used by MS only.

    Each time MS starts up, it deletes the previous MSUser account and re-creates the account with a randomly generated password.

    The MSUser password is not persisted anywhere. If you need to change account passwords regularly, you can restart MS to change the password of the MSUser account.

Storage server ILOMs

  • root/welcome1

  • MSUser

    See the description above for details about this user.

InfiniBand Network Fabric ILOMs

  • ilom-admin/ilom-admin

  • ilom-operator/ilom-operator

  • root/welcome1

Note:

After the Recovery Appliance has been deployed, the installation process disables all root SSH keys and expires all user passwords as a security measure for your system. If you do not want the SSH keys disabled or the passwords expired, advise the installation engineer before the deployment.

See Also:

"Changing Component Passwords" to learn how to change the passwords for the Recovery Appliance components.