QRadar has multiple ways to authenticate users. Apart from the default System Authentication based on data kept in the Postgres database, you can configure external Authentication using RADIUS, TACACS, LDAP or SAML methods.

In the screenshot above you can also see Active Directory option, which has been recently removed from the allowed methods of authentication (in QRadar 7.4.1 fix pack 1 and later or QRadar 7.3.3 fix pack 5 and later). Active Directory library component is no longer supported so whoever was using that method need to transition to the Lightweight Directory Access Protocol (LDAP) to authenticate to QRadar.

All these methods allow Administrators to save passwords for fall back use in case their primary source of Authentication fails. Should an administrator have issues with login there is a way to change a forgotten password in QRadar.

Simply using an SSH session login to the Console as the root user. From the command line type the following command with the chosen option. List of options is available after choosing -h option (as for help)

forgotten password in qradar
/opt/qradar/support/changePasswd.sh -option

Type the above command with the option -a to change the Admin password. The -u  option is to change an administrator or user password and you will be prompted to enter user, password and confirm.

Leave a Reply

Your email address will not be published. Required fields are marked *