之前有寫過一篇 Zabbix 透過 SNMPv3 監控 Lenovo XClarity Controller,但後來發現每過一陣子監控就會取不到資料,最後發現原來是使用者的密碼預設為 90 天到期所導致。
今天就來教大家如何關閉 XClarity Controller 密碼到期原則
BMC Configuration > Network
查看 XClarity Controller 是否開啟 SSH 服務
XClarity Controller CLI
我們就可以使用 Putty,透過 SSH 登入 XClarity Controller。
login as: USERID
Keyboard-interactive authentication prompts from server:
Password:
End of keyboard-interactive prompts from server
system> users
Account Login ID Advanced Attribute Access Password Expires
------- -------- ------------------ ------ ----------------
1 USERID Native Read/Write 91 day(s)
查看 accseccfg 指令的參數
system> accseccfg -h
usage:
accseccfg [options]
options:
-am User authentication method (local, ldap, localldap, ldaplocal)
-lp Lockout period after maximum login failures in minutes
(between 0 and 2880, 0=lockout period does not expire)
-pe Password expiration time period (between 0 and 365, 0=never expire)
-pew Password expiration warning time period
(between 0 and -pe value, 0=never warn)
-pc Password complexity rules enabled (on,off)
-pl Password length (If password complexity rules enabled, the password length
is between 8 and 32. Otherwise, it is between 0 and 32)
-ci minimum change interval in hours (between 0 and 240, 0=change
immediately.)
-lf maximum number of login failures before account is locked
(between 0 and 10, 0=never locked)
-chgdft (on|off) user must change default password after first login
-chgnew (on|off) new user must change password after first login
-rc Password reuse cycle (between 0 and 10, 0=reuse immediately)
-wt Web inactivity session timeout in minutes.(between 0 and 1440)
使用 accseccfg -pe 讓密碼永不過期
system> accseccfg -pe 0
[CLI]: -pe value need be set larger than current -pew value.Or XCC will not get a password expiration warning message.
提示錯誤:-pe value 的值不得大於 -pew
使用 accseccfg -pew 關閉密碼到期警示訊息,再輸入一次指令就可以了。
system> accseccfg -pew 0
ok
system> accseccfg -pe 0
ok
BMC Configuration > User / LDAP
可以看到使用者的密碼已被設定為永不過期。
之後 Zabbix 就不會因為使用者密碼到期,造成 SNMPv3 取不到資料的窘境了。
參考文件
1.https://datacentersupport.lenovo.com/us/en/products/servers/thinksystem/sr530/solutions/ht504809-how-to-reset-xcc-password-expiration-date-for-userid-lenovo-thinksystem
2. https://insidesystems.com/guides/how-to-upgrade-lenovo-thinksystem-xclarity-controller-from-standard-to-advanced/