Zabbix 认证方式有三种,分别是Internal、LDAP和HTTP。这里对认证方式不做过多解释。
假如我们将认证方式配置为LDAP,但是认证使用的账号被误删除,并且密码已经记不清了,或者LDAP
系统挂掉,此时使用Zabbix初安装时的Admin/zabbix 账号密码组合是不能登陆的。这时我们该怎么办
呢?
思路有两个:
1. 更改认证类型为Internal,然后使用Admin登陆,如果忘记密码,也可以重置Admin密码
2. 更新LDAP认证主机和Bind DN
其实这些配置信息都是存储在数据库中的,我们可以通过数据库修改这些信息。
下面我们看一下数据库表信息:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | [root@zabbix ~]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 83 Server version: 5.1.72-log Source distribution Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use zabbix; Database changed mysql> show tables; +-----------------------+ | Tables_in_zabbix | +-----------------------+ | acknowledges | | actions | | alerts | | applications | | auditlog | | auditlog_details | | autoreg_host | | conditions | | config | | dchecks | | dhosts | | drules | | dservices | | escalations | | events | | expressions | | functions | | globalmacro | | globalvars | | graph_discovery | | graph_theme | | graphs | | graphs_items | | groups | | help_items | | history | | history_log | | history_str | | history_str_sync | | history_sync | | history_text | | history_uint | | history_uint_sync | | host_inventory | | hostmacro | | hosts | | hosts_groups | | hosts_templates | | housekeeper | | httpstep | | httpstepitem | | httptest | | httptestitem | | icon_map | | icon_mapping | | ids | | p_w_picpaths | | interface | | item_discovery | | items | | items_applications | | maintenances | | maintenances_groups | | maintenances_hosts | | maintenances_windows | | mappings | | media | | media_type | | node_cksum | | nodes | | opcommand | | opcommand_grp | | opcommand_hst | | opconditions | | operations | | opgroup | | opmessage | | opmessage_grp | | opmessage_usr | | optemplate | | profiles | | proxy_autoreg_host | | proxy_dhistory | | proxy_history | | regexps | | rights | | screens | | screens_items | | scripts | | service_alarms | | services | | services_links | | services_times | | sessions | | slides | | slideshows | | sysmap_element_url | | sysmap_url | | sysmaps | | sysmaps_elements | | sysmaps_link_triggers | | sysmaps_links | | timeperiods | | trends | | trends_uint | | trigger_depends | | trigger_discovery | | triggers | | user_history | | users | | users_groups | | usrgrp | | valuemaps | +-----------------------+ 103 rows in set (0.00 sec) |
用户和认证的信息涉及到四个表,分别是表config、users、users_groups、usrgrp。
config表结构:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | mysql> desc config; +-------------------------+---------------------+------+-----+-----------------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------------------+---------------------+------+-----+-----------------+-------+ | configid | bigint(20) unsigned | NO | PRI | NULL | | | alert_history | int(11) | NO | | 0 | | | event_history | int(11) | NO | | 0 | | | refresh_unsupported | int(11) | NO | | 0 | | | work_period | varchar(100) | NO | | 1-5,00:00-24:00 | | | alert_usrgrpid | bigint(20) unsigned | YES | MUL | NULL | | | event_ack_enable | int(11) | NO | | 1 | | | event_expire | int(11) | NO | | 7 | | | event_show_max | int(11) | NO | | 100 | | | default_theme | varchar(128) | NO | | originalblue | | | authentication_type | int(11) | NO | | 0 | | | ldap_host | varchar(255) | NO | | | | | ldap_port | int(11) | NO | | 389 | | | ldap_base_dn | varchar(255) | NO | | | | | ldap_bind_dn | varchar(255) | NO | | | | | ldap_bind_password | varchar(128) | NO | | | | | ldap_search_attribute | varchar(128) | NO | | | | | dropdown_first_entry | int(11) | NO | | 1 | | | dropdown_first_remember | int(11) | NO | | 1 | | | discovery_groupid | bigint(20) unsigned | NO | MUL | NULL | | | max_in_table | int(11) | NO | | 50 | | | search_limit | int(11) | NO | | 1000 | | | severity_color_0 | varchar(6) | NO | | DBDBDB | | | severity_color_1 | varchar(6) | NO | | D6F6FF | | | severity_color_2 | varchar(6) | NO | | FFF6A5 | | | severity_color_3 | varchar(6) | NO | | FFB689 | | | severity_color_4 | varchar(6) | NO | | FF9999 | | | severity_color_5 | varchar(6) | NO | | FF3838 | | | severity_name_0 | varchar(32) | NO | | Not classified | | | severity_name_1 | varchar(32) | NO | | Information | | | severity_name_2 | varchar(32) | NO | | Warning | | | severity_name_3 | varchar(32) | NO | | Average | | | severity_name_4 | varchar(32) | NO | | High | | | severity_name_5 | varchar(32) | NO | | Disaster | | | ok_period | int(11) | NO | | 1800 | | | blink_period | int(11) | NO | | 1800 | | | problem_unack_color | varchar(6) | NO | | DC0000 | | | problem_ack_color | varchar(6) | NO | | DC0000 | | | ok_unack_color | varchar(6) | NO | | 00AA00 | | | ok_ack_color | varchar(6) | NO | | 00AA00 | | | problem_unack_style | int(11) | NO | | 1 | | | problem_ack_style | int(11) | NO | | 1 | | | ok_unack_style | int(11) | NO | | 1 | | | ok_ack_style | int(11) | NO | | 1 | | | snmptrap_logging | int(11) | NO | | 1 | | | server_check_interval | int(11) | NO | | 10 | | +-------------------------+---------------------+------+-----+-----------------+-------+ 46 rows in set (0.03 sec) |
其中,认证类型由 authentication_type,字段决定,值可以为0,1和2。0 代表Internal,1代表
LDAP,2代表HTTP.
这样更改认证类型就容易了:
将认证类型更改为Internal:
1 2 3 4 5 | mysql> update config set authentication_type=0; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) |
修改Admin密码:
1 2 3 4 5 6 7 8 9 10 11 12 | #查询Admin用户的ID: mysql> select * from users; +--------+-------------+-------------+---------------+----------------------------------+-----+-----------+------------+-------+---------+------+---------+----------------+----------------+---------------+---------------+ | userid | alias | name | surname | passwd | url | autologin | autologout | lang | refresh | type | theme | attempt_failed | attempt_ip | attempt_clock | rows_per_page | +--------+-------------+-------------+---------------+----------------------------------+-----+-----------+------------+-------+---------+------+---------+----------------+----------------+---------------+---------------+ | 1 | Admin | Zabbix | Administrator | 5fce1b3e34b520afeffb37ce08c7cd66 | | 1 | 0 | zh_CN | 30 | 3 | default | 4 | 192.168.100.34 | 1383812925 | 50 | #更新Admin密码 mysql> update users set passwd='zabbix' where userid=1; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) |
更改用户权限组:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | #查询权限组ID mysql> select * from usrgrp; +----------+---------------------------+------------+--------------+------------+ | usrgrpid | name | gui_access | users_status | debug_mode | +----------+---------------------------+------------+--------------+------------+ | 7 | Zabbix administrators | 0 | 0 | 0 | | 8 | Guests | 0 | 0 | 0 | | 9 | Disabled | 0 | 1 | 0 | | 11 | Enabled debug mode | 0 | 0 | 1 | | 12 | No access to the frontend | 2 | 0 | 0 | | 13 | Hou | 0 | 0 | 0 | | 14 | Mu | 0 | 0 | 0 | +----------+---------------------------+------------+--------------+------------+ 7 rows in set (0.00 sec) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | #查询用户和权限组对应关系 mysql> select * from users_groups ; +----+----------+--------+ | id | usrgrpid | userid | +----+----------+--------+ | 4 | 7 | 1 | | 2 | 8 | 2 | | 5 | 7 | 3 | | 6 | 7 | 4 | | 7 | 7 | 5 | | 12 | 14 | 6 | | 11 | 13 | 8 | +----+----------+--------+ 7 rows in set (0.00 sec) #修改用户所在权限组 mysql> update users_group set usrgrpid='1' where userid=3; ERROR 1146 (42S02): Table 'zabbix.users_group' doesn't exist mysql> update users_groups set usrgrpid='1' where userid=3; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) |
更改LDAP主机或者BIND DN:
1 | mysql> update config set ldap_host='xxx.xxx.xxx.xxx' ldap_base_dn='cn=ldap_search,ou=example,dc=com' ldap_bind_password='passwd'; |
有了上面这些操作,不论是用户误删除且密码忘记,还是LDAP挂掉,都可以随心所欲的更改认证了。
