Zabbix 认证方式有三种,分别是Internal、LDAP和HTTP。这里对认证方式不做过多解释。
假如我们将认证方式配置为LDAP,但是认证使用的账号被误删除,并且密码已经记不清了,或者LDAP
系统挂掉,此时使用Zabbix初安装时的Admin/zabbix 账号密码组合是不能登陆的。这时我们该怎么办
呢?
思路有两个:
1. 更改认证类型为Internal,然后使用Admin登陆,如果忘记密码,也可以重置Admin密码
2. 更新LDAP认证主机和Bind DN
其实这些配置信息都是存储在数据库中的,我们可以通过数据库修改这些信息。
下面我们看一下数据库表信息:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
[root@zabbix ~]
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection
id
is 83
Server version: 5.1.72-log Source distribution
Copyright (c) 2000, 2011, Oracle and
/or
its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and
/or
its
affiliates. Other names may be trademarks of their respective
owners.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
mysql> use zabbix;
Database changed
mysql> show tables;
+-----------------------+
| Tables_in_zabbix |
+-----------------------+
| acknowledges |
| actions |
| alerts |
| applications |
| auditlog |
| auditlog_details |
| autoreg_host |
| conditions |
| config |
| dchecks |
| dhosts |
| drules |
| dservices |
| escalations |
| events |
| expressions |
| functions |
| globalmacro |
| globalvars |
| graph_discovery |
| graph_theme |
| graphs |
| graphs_items |
|
groups
|
| help_items |
|
history
|
| history_log |
| history_str |
| history_str_sync |
| history_sync |
| history_text |
| history_uint |
| history_uint_sync |
| host_inventory |
| hostmacro |
| hosts |
| hosts_groups |
| hosts_templates |
| housekeeper |
| httpstep |
| httpstepitem |
| httptest |
| httptestitem |
| icon_map |
| icon_mapping |
| ids |
| images |
| interface |
| item_discovery |
| items |
| items_applications |
| maintenances |
| maintenances_groups |
| maintenances_hosts |
| maintenances_windows |
| mappings |
| media |
| media_type |
| node_cksum |
| nodes |
| opcommand |
| opcommand_grp |
| opcommand_hst |
| opconditions |
| operations |
| opgroup |
| opmessage |
| opmessage_grp |
| opmessage_usr |
| optemplate |
| profiles |
| proxy_autoreg_host |
| proxy_dhistory |
| proxy_history |
| regexps |
| rights |
| screens |
| screens_items |
| scripts |
| service_alarms |
| services |
| services_links |
| services_times |
| sessions |
| slides |
| slideshows |
| sysmap_element_url |
| sysmap_url |
| sysmaps |
| sysmaps_elements |
| sysmaps_link_triggers |
| sysmaps_links |
| timeperiods |
| trends |
| trends_uint |
| trigger_depends |
| trigger_discovery |
| triggers |
| user_history |
|
users
|
| users_groups |
| usrgrp |
| valuemaps |
+-----------------------+
103 rows
in
set
(0.00 sec)
|
用户和认证的信息涉及到四个表,分别是表config、users、users_groups、usrgrp。
config表结构:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
mysql> desc config;
+-------------------------+---------------------+------+-----+-----------------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------------+---------------------+------+-----+-----------------+-------+
| configid | bigint(20) unsigned | NO | PRI | NULL | |
| alert_history | int(11) | NO | | 0 | |
| event_history | int(11) | NO | | 0 | |
| refresh_unsupported | int(11) | NO | | 0 | |
| work_period | varchar(100) | NO | | 1-5,00:00-24:00 | |
| alert_usrgrpid | bigint(20) unsigned | YES | MUL | NULL | |
| event_ack_enable | int(11) | NO | | 1 | |
| event_expire | int(11) | NO | | 7 | |
| event_show_max | int(11) | NO | | 100 | |
| default_theme | varchar(128) | NO | | originalblue | |
| authentication_type | int(11) | NO | | 0 | |
| ldap_host | varchar(255) | NO | | | |
| ldap_port | int(11) | NO | | 389 | |
| ldap_base_dn | varchar(255) | NO | | | |
| ldap_bind_dn | varchar(255) | NO | | | |
| ldap_bind_password | varchar(128) | NO | | | |
| ldap_search_attribute | varchar(128) | NO | | | |
| dropdown_first_entry | int(11) | NO | | 1 | |
| dropdown_first_remember | int(11) | NO | | 1 | |
| discovery_groupid | bigint(20) unsigned | NO | MUL | NULL | |
| max_in_table | int(11) | NO | | 50 | |
| search_limit | int(11) | NO | | 1000 | |
| severity_color_0 | varchar(6) | NO | | DBDBDB | |
| severity_color_1 | varchar(6) | NO | | D6F6FF | |
| severity_color_2 | varchar(6) | NO | | FFF6A5 | |
| severity_color_3 | varchar(6) | NO | | FFB689 | |
| severity_color_4 | varchar(6) | NO | | FF9999 | |
| severity_color_5 | varchar(6) | NO | | FF3838 | |
| severity_name_0 | varchar(32) | NO | | Not classified | |
| severity_name_1 | varchar(32) | NO | | Information | |
| severity_name_2 | varchar(32) | NO | | Warning | |
| severity_name_3 | varchar(32) | NO | | Average | |
| severity_name_4 | varchar(32) | NO | | High | |
| severity_name_5 | varchar(32) | NO | | Disaster | |
| ok_period | int(11) | NO | | 1800 | |
| blink_period | int(11) | NO | | 1800 | |
| problem_unack_color | varchar(6) | NO | | DC0000 | |
| problem_ack_color | varchar(6) | NO | | DC0000 | |
| ok_unack_color | varchar(6) | NO | | 00AA00 | |
| ok_ack_color | varchar(6) | NO | | 00AA00 | |
| problem_unack_style | int(11) | NO | | 1 | |
| problem_ack_style | int(11) | NO | | 1 | |
| ok_unack_style | int(11) | NO | | 1 | |
| ok_ack_style | int(11) | NO | | 1 | |
| snmptrap_logging | int(11) | NO | | 1 | |
| server_check_interval | int(11) | NO | | 10 | |
+-------------------------+---------------------+------+-----+-----------------+-------+
46 rows
in
set
(0.03 sec)
|
其中,认证类型由 authentication_type,字段决定,值可以为0,1和2。0 代表Internal,1代表
LDAP,2代表HTTP.
这样更改认证类型就容易了:
将认证类型更改为Internal:
|
1
2
3
4
5
|
mysql> update config
set
authentication_type=0;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
|
修改Admin密码:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#查询Admin用户的ID:
mysql>
select
* from
users
;
+--------+-------------+-------------+---------------+----------------------------------+-----+-----------+------------+-------+---------+------+---------+----------------+----------------+---------------+---------------+
| userid |
alias
| name | surname |
passwd
| url | autologin | autologout | lang | refresh |
type
| theme | attempt_failed | attempt_ip | attempt_clock | rows_per_page |
+--------+-------------+-------------+---------------+----------------------------------+-----+-----------+------------+-------+---------+------+---------+----------------+----------------+---------------+---------------+
| 1 | Admin | Zabbix | Administrator | 5fce1b3e34b520afeffb37ce08c7cd66 | | 1 | 0 | zh_CN | 30 | 3 | default | 4 | 192.168.100.34 | 1383812925 | 50 |
#更新Admin密码
mysql> update
users
set
passwd
=
'zabbix'
where userid=1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
|
更改用户权限组:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
#查询权限组ID
mysql>
select
* from usrgrp;
+----------+---------------------------+------------+--------------+------------+
| usrgrpid | name | gui_access | users_status | debug_mode |
+----------+---------------------------+------------+--------------+------------+
| 7 | Zabbix administrators | 0 | 0 | 0 |
| 8 | Guests | 0 | 0 | 0 |
| 9 | Disabled | 0 | 1 | 0 |
| 11 | Enabled debug mode | 0 | 0 | 1 |
| 12 | No access to the frontend | 2 | 0 | 0 |
| 13 | Hou | 0 | 0 | 0 |
| 14 | Mu | 0 | 0 | 0 |
+----------+---------------------------+------------+--------------+------------+
7 rows
in
set
(0.00 sec)
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
#查询用户和权限组对应关系
mysql>
select
* from users_groups ;
+----+----------+--------+
|
id
| usrgrpid | userid |
+----+----------+--------+
| 4 | 7 | 1 |
| 2 | 8 | 2 |
| 5 | 7 | 3 |
| 6 | 7 | 4 |
| 7 | 7 | 5 |
| 12 | 14 | 6 |
| 11 | 13 | 8 |
+----+----------+--------+
7 rows
in
set
(0.00 sec)
#修改用户所在权限组
mysql> update users_group
set
usrgrpid=
'1'
where userid=3;
ERROR 1146 (42S02): Table
'zabbix.users_group'
doesn't exist
mysql> update users_groups
set
usrgrpid=
'1'
where userid=3;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
|
更改LDAP主机或者BIND DN:
|
1
|
mysql> update config
set
ldap_host=
'xxx.xxx.xxx.xxx'
ldap_base_dn=
'cn=ldap_search,ou=example,dc=com'
ldap_bind_password=
'passwd'
;
|
有了上面这些操作,不论是用户误删除且密码忘记,还是LDAP挂掉,都可以随心所欲的更改认证了。
本文转自marbury 51CTO博客,原文链接:http://blog.51cto.com/magic3/1406495,如需转载请自行联系原作者
