之前有寫過一篇 Zabbix 透過 SNMPv3 監控 Lenovo XClarity Controller，但後來發現每過一陣子監控就會取不到資料，最後發現原來是使用者的密碼預設為 90 天到期所導致。

今天就來教大家如何關閉 XClarity Controller 密碼到期原則

BMC Configuration > Network
查看 XClarity Controller 是否開啟 SSH 服務

XClarity Controller CLI
我們就可以使用 Putty，透過 SSH 登入 XClarity Controller。

login as: USERID
Keyboard-interactive authentication prompts from server:

Password:
End of keyboard-interactive prompts from server

system> users
 Account      Login ID      Advanced Attribute            Access      Password Expires
 -------      --------      ------------------            ------      ----------------
    1           USERID                  Native        Read/Write             91 day(s)

查看 accseccfg 指令的參數

system> accseccfg -h
usage:
   accseccfg [options]
options:
   -am      User authentication method (local, ldap, localldap, ldaplocal)
   -lp      Lockout period after maximum login failures in minutes
            (between 0 and 2880, 0=lockout period does not expire)
   -pe      Password expiration time period (between 0 and 365, 0=never expire)
   -pew     Password expiration warning time period
            (between 0 and -pe value, 0=never warn)
   -pc      Password complexity rules enabled (on,off)
   -pl      Password length (If password complexity rules enabled, the password length
            is between 8 and 32. Otherwise, it is between 0 and 32)
   -ci      minimum change interval in hours (between 0 and 240, 0=change
            immediately.)
   -lf      maximum number of login failures before account is locked
            (between 0 and 10, 0=never locked)
   -chgdft  (on|off) user must change default password after first login
   -chgnew  (on|off) new user must change password after first login
   -rc      Password reuse cycle (between 0 and 10, 0=reuse immediately)
   -wt      Web inactivity session timeout in minutes.(between 0 and 1440)

使用 accseccfg -pe 讓密碼永不過期

system> accseccfg -pe 0
[CLI]: -pe value need be set larger than current -pew value.Or XCC will not get a password expiration warning message.

提示錯誤：-pe value 的值不得大於 -pew

使用 accseccfg -pew 關閉密碼到期警示訊息，再輸入一次指令就可以了。

system> accseccfg -pew 0
ok
system> accseccfg -pe 0
ok

BMC Configuration > User / LDAP
可以看到使用者的密碼已被設定為永不過期。

之後 Zabbix 就不會因為使用者密碼到期，造成 SNMPv3 取不到資料的窘境了。

參考文件
1.https://datacentersupport.lenovo.com/us/en/products/servers/thinksystem/sr530/solutions/ht504809-how-to-reset-xcc-password-expiration-date-for-userid-lenovo-thinksystem
2. https://insidesystems.com/guides/how-to-upgrade-lenovo-thinksystem-xclarity-controller-from-standard-to-advanced/