Zabbix 认证方式配置为LDAP,倘若LDAP挂掉后该怎么办
Zabbix 认证方式有三种,分别是Internal、LDAP和HTTP。这里对认证方式不做过多解释。假如我们将认证方式配置为LDAP,但是认证使用的账号被误删除,并且密码已经记不清了,或者LDAP
系统挂掉,此时使用Zabbix初安装时的Admin/zabbix 账号密码组合是不能登陆的。这时我们该怎么办
呢?
思路有两个:
1. 更改认证类型为Internal,然后使用Admin登陆,如果忘记密码,也可以重置Admin密码
2. 更新LDAP认证主机和Bind DN
其实这些配置信息都是存储在数据库中的,我们可以通过数据库修改这些信息。
下面我们看一下数据库表信息:
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.Commands end with ; or \g.
Your MySQL connection id is 83
Server version: 5.1.72-log Source distribution
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use zabbix;
Database changed
mysql> show tables;
+-----------------------+
| Tables_in_zabbix |
+-----------------------+
| acknowledges |
| actions |
| alerts |
| applications |
| auditlog |
| auditlog_details |
| autoreg_host |
| conditions |
| config |
| dchecks |
| dhosts |
| drules |
| dservices |
| escalations |
| events |
| expressions |
| functions |
| globalmacro |
| globalvars |
| graph_discovery |
| graph_theme |
| graphs |
| graphs_items |
| groups |
| help_items |
| history |
| history_log |
| history_str |
| history_str_sync |
| history_sync |
| history_text |
| history_uint |
| history_uint_sync |
| host_inventory |
| hostmacro |
| hosts |
| hosts_groups |
| hosts_templates |
| housekeeper |
| httpstep |
| httpstepitem |
| httptest |
| httptestitem |
| icon_map |
| icon_mapping |
| ids |
| p_w_picpaths |
| interface |
| item_discovery |
| items |
| items_applications |
| maintenances |
| maintenances_groups |
| maintenances_hosts |
| maintenances_windows|
| mappings |
| media |
| media_type |
| node_cksum |
| nodes |
| opcommand |
| opcommand_grp |
| opcommand_hst |
| opconditions |
| operations |
| opgroup |
| opmessage |
| opmessage_grp |
| opmessage_usr |
| optemplate |
| profiles |
| proxy_autoreg_host |
| proxy_dhistory |
| proxy_history |
| regexps |
| rights |
| screens |
| screens_items |
| scripts |
| service_alarms |
| services |
| services_links |
| services_times |
| sessions |
| slides |
| slideshows |
| sysmap_element_url |
| sysmap_url |
| sysmaps |
| sysmaps_elements |
| sysmaps_link_triggers |
| sysmaps_links |
| timeperiods |
| trends |
| trends_uint |
| trigger_depends |
| trigger_discovery |
| triggers |
| user_history |
| users |
| users_groups |
| usrgrp |
| valuemaps |
+-----------------------+
103 rows in set (0.00 sec)
用户和认证的信息涉及到四个表,分别是表config、users、users_groups、usrgrp。
config表结构:
mysql> desc config;
+-------------------------+---------------------+------+-----+-----------------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------------------+---------------------+------+-----+-----------------+-------+
| configid | bigint(20) unsigned | NO | PRI | NULL | |
| alert_history | int(11) | NO | | 0 | |
| event_history | int(11) | NO | | 0 | |
| refresh_unsupported | int(11) | NO | | 0 | |
| work_period | varchar(100) | NO | | 1-5,00:00-24:00 | |
| alert_usrgrpid | bigint(20) unsigned | YES| MUL | NULL | |
| event_ack_enable | int(11) | NO | | 1 | |
| event_expire | int(11) | NO | | 7 | |
| event_show_max | int(11) | NO | | 100 | |
| default_theme | varchar(128) | NO | | originalblue | |
| authentication_type | int(11) | NO | | 0 | |
| ldap_host | varchar(255) | NO | | | |
| ldap_port | int(11) | NO | | 389 | |
| ldap_base_dn | varchar(255) | NO | | | |
| ldap_bind_dn | varchar(255) | NO | | | |
| ldap_bind_password | varchar(128) | NO | | | |
| ldap_search_attribute | varchar(128) | NO | | | |
| dropdown_first_entry | int(11) | NO | | 1 | |
| dropdown_first_remember | int(11) | NO | | 1 | |
| discovery_groupid | bigint(20) unsigned | NO | MUL | NULL | |
| max_in_table | int(11) | NO | | 50 | |
| search_limit | int(11) | NO | | 1000 | |
| severity_color_0 | varchar(6) | NO | | DBDBDB | |
| severity_color_1 | varchar(6) | NO | | D6F6FF | |
| severity_color_2 | varchar(6) | NO | | FFF6A5 | |
| severity_color_3 | varchar(6) | NO | | FFB689 | |
| severity_color_4 | varchar(6) | NO | | FF9999 | |
| severity_color_5 | varchar(6) | NO | | FF3838 | |
| severity_name_0 | varchar(32) | NO | | Not classified| |
| severity_name_1 | varchar(32) | NO | | Information | |
| severity_name_2 | varchar(32) | NO | | Warning | |
| severity_name_3 | varchar(32) | NO | | Average | |
| severity_name_4 | varchar(32) | NO | | High | |
| severity_name_5 | varchar(32) | NO | | Disaster | |
| ok_period | int(11) | NO | | 1800 | |
| blink_period | int(11) | NO | | 1800 | |
| problem_unack_color | varchar(6) | NO | | DC0000 | |
| problem_ack_color | varchar(6) | NO | | DC0000 | |
| ok_unack_color | varchar(6) | NO | | 00AA00 | |
| ok_ack_color | varchar(6) | NO | | 00AA00 | |
| problem_unack_style | int(11) | NO | | 1 | |
| problem_ack_style | int(11) | NO | | 1 | |
| ok_unack_style | int(11) | NO | | 1 | |
| ok_ack_style | int(11) | NO | | 1 | |
| snmptrap_logging | int(11) | NO | | 1 | |
| server_check_interval | int(11) | NO | | 10 | |
+-------------------------+---------------------+------+-----+-----------------+-------+
46 rows in set (0.03 sec)
其中,认证类型由 authentication_type,字段决定,值可以为0,1和2。0 代表Internal,1代表
LDAP,2代表HTTP.
这样更改认证类型就容易了:
将认证类型更改为Internal:
mysql> update config set authentication_type=0;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1Changed: 1Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
修改Admin密码:
#查询Admin用户的ID:
mysql> select * from users;
+--------+-------------+-------------+---------------+----------------------------------+-----+-----------+------------+-------+---------+------+---------+----------------+----------------+---------------+---------------+
| userid | alias | name | surname | passwd | url | autologin | autologout | lang| refresh | type | theme | attempt_failed | attempt_ip | attempt_clock | rows_per_page |
+--------+-------------+-------------+---------------+----------------------------------+-----+-----------+------------+-------+---------+------+---------+----------------+----------------+---------------+---------------+
| 1 | Admin | Zabbix | Administrator | 5fce1b3e34b520afeffb37ce08c7cd66 | | 1 | 0 | zh_CN | 30 | 3 | default | 4 | 192.168.100.34 | 1383812925 | 50 |
#更新Admin密码
mysql> update users set passwd='zabbix' where userid=1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1Changed: 1Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
更改用户权限组:
#查询权限组ID
mysql> select * from usrgrp;
+----------+---------------------------+------------+--------------+------------+
| usrgrpid | name | gui_access | users_status | debug_mode |
+----------+---------------------------+------------+--------------+------------+
| 7 | Zabbix administrators | 0 | 0 | 0 |
| 8 | Guests | 0 | 0 | 0 |
| 9 | Disabled | 0 | 1 | 0 |
| 11 | Enabled debug mode | 0 | 0 | 1 |
| 12 | No access to the frontend | 2 | 0 | 0 |
| 13 | Hou | 0 | 0 | 0 |
| 14 | Mu | 0 | 0 | 0 |
+----------+---------------------------+------------+--------------+------------+
7 rows in set (0.00 sec)#查询用户和权限组对应关系
mysql> select * from users_groups ;
+----+----------+--------+
| id | usrgrpid | userid |
+----+----------+--------+
|4 | 7 | 1 |
|2 | 8 | 2 |
|5 | 7 | 3 |
|6 | 7 | 4 |
|7 | 7 | 5 |
| 12 | 14 | 6 |
| 11 | 13 | 8 |
+----+----------+--------+
7 rows in set (0.00 sec)
#修改用户所在权限组
mysql>update users_group set usrgrpid='1' where userid=3;
ERROR 1146 (42S02): Table 'zabbix.users_group' doesn't exist
mysql>update users_groups set usrgrpid='1' where userid=3;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1Changed: 1Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
更改LDAP主机或者BIND DN:
mysql> update config set ldap_host='xxx.xxx.xxx.xxx' ldap_base_dn='cn=ldap_search,ou=example,dc=com' ldap_bind_password='passwd';
有了上面这些操作,不论是用户误删除且密码忘记,还是LDAP挂掉,都可以随心所欲的更改认证了。
页:
[1]