Zabbix 認證方式有三種,分别是Internal、LDAP和HTTP。這裡對認證方式不做過多解釋。
假如我們将認證方式配置為LDAP,但是認證使用的賬号被誤删除,并且密碼已經記不清了,或者LDAP
系統挂掉,此時使用Zabbix初安裝時的Admin/zabbix 賬号密碼組合是不能登陸的。這時我們該怎麼辦
呢?
思路有兩個:
1. 更改認證類型為Internal,然後使用Admin登陸,如果忘記密碼,也可以重置Admin密碼
2. 更新LDAP認證主機和Bind DN
其實這些配置資訊都是存儲在資料庫中的,我們可以通過資料庫修改這些資訊。
下面我們看一下資料庫表資訊:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<code>[root@zabbix ~]</code><code># mysql -u root -p</code>
<code>Enter password:</code>
<code>Welcome to the MySQL monitor. Commands end with ; or \g.</code>
<code>Your MySQL connection </code><code>id</code> <code>is 83</code>
<code>Server version: 5.1.72-log Source distribution</code>
<code>Copyright (c) 2000, 2011, Oracle and</code><code>/or</code> <code>its affiliates. All rights reserved.</code>
<code>Oracle is a registered trademark of Oracle Corporation and</code><code>/or</code> <code>its</code>
<code>affiliates. Other names may be trademarks of their respective</code>
<code>owners.</code>
<code>Type </code><code>'help;'</code> <code>or </code><code>'\h'</code> <code>for</code> <code>help. Type </code><code>'\c'</code> <code>to </code><code>clear</code> <code>the current input statement.</code>
<code>mysql> use zabbix;</code>
<code>Database changed</code>
<code>mysql> show tables;</code>
<code>+-----------------------+</code>
<code>| Tables_in_zabbix |</code>
<code>| acknowledges |</code>
<code>| actions |</code>
<code>| alerts |</code>
<code>| applications |</code>
<code>| auditlog |</code>
<code>| auditlog_details |</code>
<code>| autoreg_host |</code>
<code>| conditions |</code>
<code>| config |</code>
<code>| dchecks |</code>
<code>| dhosts |</code>
<code>| drules |</code>
<code>| dservices |</code>
<code>| escalations |</code>
<code>| events |</code>
<code>| expressions |</code>
<code>| functions |</code>
<code>| globalmacro |</code>
<code>| globalvars |</code>
<code>| graph_discovery |</code>
<code>| graph_theme |</code>
<code>| graphs |</code>
<code>| graphs_items |</code>
<code>| </code><code>groups</code> <code>|</code>
<code>| help_items |</code>
<code>| </code><code>history</code> <code>|</code>
<code>| history_log |</code>
<code>| history_str |</code>
<code>| history_str_sync |</code>
<code>| history_sync |</code>
<code>| history_text |</code>
<code>| history_uint |</code>
<code>| history_uint_sync |</code>
<code>| host_inventory |</code>
<code>| hostmacro |</code>
<code>| hosts |</code>
<code>| hosts_groups |</code>
<code>| hosts_templates |</code>
<code>| housekeeper |</code>
<code>| httpstep |</code>
<code>| httpstepitem |</code>
<code>| httptest |</code>
<code>| httptestitem |</code>
<code>| icon_map |</code>
<code>| icon_mapping |</code>
<code>| ids |</code>
<code>| images |</code>
<code>| interface |</code>
<code>| item_discovery |</code>
<code>| items |</code>
<code>| items_applications |</code>
<code>| maintenances |</code>
<code>| maintenances_groups |</code>
<code>| maintenances_hosts |</code>
<code>| maintenances_windows |</code>
<code>| mappings |</code>
<code>| media |</code>
<code>| media_type |</code>
<code>| node_cksum |</code>
<code>| nodes |</code>
<code>| opcommand |</code>
<code>| opcommand_grp |</code>
<code>| opcommand_hst |</code>
<code>| opconditions |</code>
<code>| operations |</code>
<code>| opgroup |</code>
<code>| opmessage |</code>
<code>| opmessage_grp |</code>
<code>| opmessage_usr |</code>
<code>| optemplate |</code>
<code>| profiles |</code>
<code>| proxy_autoreg_host |</code>
<code>| proxy_dhistory |</code>
<code>| proxy_history |</code>
<code>| regexps |</code>
<code>| rights |</code>
<code>| screens |</code>
<code>| screens_items |</code>
<code>| scripts |</code>
<code>| service_alarms |</code>
<code>| services |</code>
<code>| services_links |</code>
<code>| services_times |</code>
<code>| sessions |</code>
<code>| slides |</code>
<code>| slideshows |</code>
<code>| sysmap_element_url |</code>
<code>| sysmap_url |</code>
<code>| sysmaps |</code>
<code>| sysmaps_elements |</code>
<code>| sysmaps_link_triggers |</code>
<code>| sysmaps_links |</code>
<code>| timeperiods |</code>
<code>| trends |</code>
<code>| trends_uint |</code>
<code>| trigger_depends |</code>
<code>| trigger_discovery |</code>
<code>| triggers |</code>
<code>| user_history |</code>
<code>| </code><code>users</code> <code>|</code>
<code>| users_groups |</code>
<code>| usrgrp |</code>
<code>| valuemaps |</code>
<code>103 rows </code><code>in</code> <code>set</code> <code>(0.00 sec)</code>
使用者和認證的資訊涉及到四個表,分别是表config、users、users_groups、usrgrp。
config表結構:
<code>mysql> desc config;</code>
<code>+-------------------------+---------------------+------+-----+-----------------+-------+</code>
<code>| Field | Type | Null | Key | Default | Extra |</code>
<code>| configid | bigint(20) unsigned | NO | PRI | NULL | |</code>
<code>| alert_history | int(11) | NO | | 0 | |</code>
<code>| event_history | int(11) | NO | | 0 | |</code>
<code>| refresh_unsupported | int(11) | NO | | 0 | |</code>
<code>| work_period | varchar(100) | NO | | 1-5,00:00-24:00 | |</code>
<code>| alert_usrgrpid | bigint(20) unsigned | YES | MUL | NULL | |</code>
<code>| event_ack_enable | int(11) | NO | | 1 | |</code>
<code>| event_expire | int(11) | NO | | 7 | |</code>
<code>| event_show_max | int(11) | NO | | 100 | |</code>
<code>| default_theme | varchar(128) | NO | | originalblue | |</code>
<code>| authentication_type | int(11) | NO | | 0 | |</code>
<code>| ldap_host | varchar(255) | NO | | | |</code>
<code>| ldap_port | int(11) | NO | | 389 | |</code>
<code>| ldap_base_dn | varchar(255) | NO | | | |</code>
<code>| ldap_bind_dn | varchar(255) | NO | | | |</code>
<code>| ldap_bind_password | varchar(128) | NO | | | |</code>
<code>| ldap_search_attribute | varchar(128) | NO | | | |</code>
<code>| dropdown_first_entry | int(11) | NO | | 1 | |</code>
<code>| dropdown_first_remember | int(11) | NO | | 1 | |</code>
<code>| discovery_groupid | bigint(20) unsigned | NO | MUL | NULL | |</code>
<code>| max_in_table | int(11) | NO | | 50 | |</code>
<code>| search_limit | int(11) | NO | | 1000 | |</code>
<code>| severity_color_0 | varchar(6) | NO | | DBDBDB | |</code>
<code>| severity_color_1 | varchar(6) | NO | | D6F6FF | |</code>
<code>| severity_color_2 | varchar(6) | NO | | FFF6A5 | |</code>
<code>| severity_color_3 | varchar(6) | NO | | FFB689 | |</code>
<code>| severity_color_4 | varchar(6) | NO | | FF9999 | |</code>
<code>| severity_color_5 | varchar(6) | NO | | FF3838 | |</code>
<code>| severity_name_0 | varchar(32) | NO | | Not classified | |</code>
<code>| severity_name_1 | varchar(32) | NO | | Information | |</code>
<code>| severity_name_2 | varchar(32) | NO | | Warning | |</code>
<code>| severity_name_3 | varchar(32) | NO | | Average | |</code>
<code>| severity_name_4 | varchar(32) | NO | | High | |</code>
<code>| severity_name_5 | varchar(32) | NO | | Disaster | |</code>
<code>| ok_period | int(11) | NO | | 1800 | |</code>
<code>| blink_period | int(11) | NO | | 1800 | |</code>
<code>| problem_unack_color | varchar(6) | NO | | DC0000 | |</code>
<code>| problem_ack_color | varchar(6) | NO | | DC0000 | |</code>
<code>| ok_unack_color | varchar(6) | NO | | 00AA00 | |</code>
<code>| ok_ack_color | varchar(6) | NO | | 00AA00 | |</code>
<code>| problem_unack_style | int(11) | NO | | 1 | |</code>
<code>| problem_ack_style | int(11) | NO | | 1 | |</code>
<code>| ok_unack_style | int(11) | NO | | 1 | |</code>
<code>| ok_ack_style | int(11) | NO | | 1 | |</code>
<code>| snmptrap_logging | int(11) | NO | | 1 | |</code>
<code>| server_check_interval | int(11) | NO | | 10 | |</code>
<code>46 rows </code><code>in</code> <code>set</code> <code>(0.03 sec)</code>
其中,認證類型由 authentication_type,字段決定,值可以為0,1和2。0 代表Internal,1代表
LDAP,2代表HTTP.
這樣更改認證類型就容易了:
将認證類型更改為Internal:
<code>mysql> update config </code><code>set</code> <code>authentication_type=0;</code>
<code>Query OK, 1 row affected (0.00 sec)</code>
<code>Rows matched: 1 Changed: 1 Warnings: 0</code>
<code>mysql> flush privileges;</code>
<code>Query OK, 0 rows affected (0.00 sec)</code>
修改Admin密碼:
<code>#查詢Admin使用者的ID:</code>
<code>mysql> </code><code>select</code> <code>* from </code><code>users</code><code>;</code>
<code>+--------+-------------+-------------+---------------+----------------------------------+-----+-----------+------------+-------+---------+------+---------+----------------+----------------+---------------+---------------+</code>
<code>| userid | </code><code>alias</code> <code>| name | surname | </code><code>passwd</code> <code>| url | autologin | autologout | lang | refresh | </code><code>type</code> <code>| theme | attempt_failed | attempt_ip | attempt_clock | rows_per_page |</code>
<code>| 1 | Admin | Zabbix | Administrator | 5fce1b3e34b520afeffb37ce08c7cd66 | | 1 | 0 | zh_CN | 30 | 3 | default | 4 | 192.168.100.34 | 1383812925 | 50 |</code>
<code>#更新Admin密碼</code>
<code>mysql> update </code><code>users</code> <code>set</code> <code>passwd</code><code>=</code><code>'zabbix'</code> <code>where userid=1;</code>
更改使用者權限組:
<code>#查詢權限組ID</code>
<code>mysql> </code><code>select</code> <code>* from usrgrp;</code>
<code>+----------+---------------------------+------------+--------------+------------+</code>
<code>| usrgrpid | name | gui_access | users_status | debug_mode |</code>
<code>| 7 | Zabbix administrators | 0 | 0 | 0 |</code>
<code>| 8 | Guests | 0 | 0 | 0 |</code>
<code>| 9 | Disabled | 0 | 1 | 0 |</code>
<code>| 11 | Enabled debug mode | 0 | 0 | 1 |</code>
<code>| 12 | No access to the frontend | 2 | 0 | 0 |</code>
<code>| 13 | Hou | 0 | 0 | 0 |</code>
<code>| 14 | Mu | 0 | 0 | 0 |</code>
<code>7 rows </code><code>in</code> <code>set</code> <code>(0.00 sec)</code>
<code>#查詢使用者和權限組對應關系</code>
<code>mysql> </code><code>select</code> <code>* from users_groups ;</code>
<code>+----+----------+--------+</code>
<code>| </code><code>id</code> <code>| usrgrpid | userid |</code>
<code>| 4 | 7 | 1 |</code>
<code>| 2 | 8 | 2 |</code>
<code>| 5 | 7 | 3 |</code>
<code>| 6 | 7 | 4 |</code>
<code>| 7 | 7 | 5 |</code>
<code>| 12 | 14 | 6 |</code>
<code>| 11 | 13 | 8 |</code>
<code>#修改使用者所在權限組</code>
<code>mysql> update users_group </code><code>set</code> <code>usrgrpid=</code><code>'1'</code> <code>where userid=3;</code>
<code>ERROR 1146 (42S02): Table </code><code>'zabbix.users_group'</code> <code>doesn't exist</code>
<code>mysql> update users_groups </code><code>set</code> <code>usrgrpid=</code><code>'1'</code> <code>where userid=3;</code>
<code>Query OK, 0 rows affected (0.01 sec)</code>
更改LDAP主機或者BIND DN:
<code>mysql> update config </code><code>set</code> <code>ldap_host=</code><code>'xxx.xxx.xxx.xxx'</code> <code>ldap_base_dn=</code><code>'cn=ldap_search,ou=example,dc=com'</code> <code>ldap_bind_password=</code><code>'passwd'</code><code>;</code>
有了上面這些操作,不論是使用者誤删除且密碼忘記,還是LDAP挂掉,都可以随心所欲的更改認證了。
本文轉自marbury 51CTO部落格,原文連結:http://blog.51cto.com/magic3/1406495,如需轉載請自行聯系原作者
![【MySQL資料庫】資料庫索引事務1.索引2.事務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)