Ad Widget

Collapse

Incorrect user name or password or account is temporarily blocked.

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Morris
    Junior Member
    • Mar 2025
    • 2
    #1

    Incorrect user name or password or account is temporarily blocked.

    I have been using Zabbix for about two weeks now and use a basic setup to test to prove we can move to the platform. When I logged in this morning I received the error above and since then have been unable to get in. This is a zabbix virtual machine host in Azure built from the zabbix image in the store. No mysql password was given. I have access to log in to ssh. None of the articles I have researched have been able to assist me in solving this and mostly the information is outdated. Please assist.

    Zabbix 7 LTS
    Tags: None
    • Answer selected by Morris at 08-04-2025, 11:32.
      Morris
      Junior Member
      • Mar 2025
      • 2
      Ok, I made some progress. I am posting here for future issues.



      On the Azure instance of zabbix a different configuration file was used for the db, located at /etc/zabbix/zabbix_appliance.conf.d/. With this info I managed to access the DB.

      LogFile=/var/log/zabbix/zabbix_server.log
      LogFileSize=0
      PidFile=/run/zabbix/zabbix_server.pid
      SocketDir=/run/zabbix
      DBName=zabbix
      DBUser=zabbix_srv
      DBPassword=***
      Timeout=4
      LogSlowQueries=3000
      StatsAllowedIP=127.0.0.1
      JavaGateway=127.0.0.1
      SNMPTrapperFile=/var/lib/zabbix/snmptraps/snmptraps.log
      WebServiceURL=http://localhost:10053/report

      I tried to update the "Admin account password to "zabbix" by running the command below but it could not find the Admin user.
      UPDATE users SET passwd = '$2a$10$ZXIvHAEP2ZM.dLXTm6uPHOMVlARXX7cqjbhM6Fn0cA NzkCQBWpMrS' WHERE username = 'Admin';

      I listed the created accounts in the users table with the command "SELECT * FROM users;" Here I noticed that the username for the account was changed from "Admin" to an email address that is being used to send email alerts from this instance of zabbix. I.e. the only place where this email address was ever used is in the configuration of the media type for email. The big question is how did this happen. Maybe a bug in zabbix? The media type for email was update more than a week ago with that email address so how was I able to work fine for more than a week.

      I then ran the script to change the Admin account password to the same password as the guest account, which is blank.
      UPDATE zabbix.users AS a INNER JOIN zabbix.users AS b ON b.username='guest' SET a.passwd = b.passwd;

      I was then able to login using the email address and this password. I then progressed to the users settings and changed the username back to Admin. I logged out and back in with Admin and the blank password and it worked.

      It is not possible for the Admin account to change it's own password to something else as it will not accept blank as an input for the old password. So I created another super admin account and logged in with that and changed the Admin account's password to what it should be. I tested and that account is working fine now.
        1
        • Selected Answer

        Comment

        • mrnobody
          Member
          • Oct 2024
          • 61
          #2
          If you know only the user name, you can use lists of know passwords combined to softwares like John the Ripper, HashCat, Metasploit to brute force it password.

          Or, as you said, it's a test env, so just delete everything and reinstall (read official documentation) keeping more atentiton to details, probably would solve your AAA problem.

            Comment

            • Morris
              #2.1
              Morris commented
              08-04-2025, 10:22
              Editing a comment
              It is a shame that a product that comes so highly recommended broke after two weeks. I am testing zabbix using a vm provided by zabbix on the Microsoft azure store. I have read the official documentation, twice, and am busy with a zabbix training course on Udemy and combining that with decades of experience I can guarantee you I did not break this. My last action on Friday was to test a ping only trigger and apply it to multiple hosts. I then logged out and went on weekend. When I came in on Monday this was what I got. There is no documentation on the vm or what MySQL account or password was set when it was built by them. If I had that I could get into the db and see what is going on there with this admin account. And zabbix is not being helpful. Granted this is a test vm and I can restore from a backup but then an entire day's work will be lost, to not even speak of the loss of trust that this software can run stable and not conk it for no reason. At this point in time, I am looking at maybe using something else for monitoring, but I am curious about why this happened and to figure that out I need to get into that db.
                1
            • Morris
              Junior Member
              • Mar 2025
              • 2
              #3
              Ok, I made some progress. I am posting here for future issues.



              On the Azure instance of zabbix a different configuration file was used for the db, located at /etc/zabbix/zabbix_appliance.conf.d/. With this info I managed to access the DB.

              LogFile=/var/log/zabbix/zabbix_server.log
              LogFileSize=0
              PidFile=/run/zabbix/zabbix_server.pid
              SocketDir=/run/zabbix
              DBName=zabbix
              DBUser=zabbix_srv
              DBPassword=***
              Timeout=4
              LogSlowQueries=3000
              StatsAllowedIP=127.0.0.1
              JavaGateway=127.0.0.1
              SNMPTrapperFile=/var/lib/zabbix/snmptraps/snmptraps.log
              WebServiceURL=http://localhost:10053/report

              I tried to update the "Admin account password to "zabbix" by running the command below but it could not find the Admin user.
              UPDATE users SET passwd = '$2a$10$ZXIvHAEP2ZM.dLXTm6uPHOMVlARXX7cqjbhM6Fn0cA NzkCQBWpMrS' WHERE username = 'Admin';

              I listed the created accounts in the users table with the command "SELECT * FROM users;" Here I noticed that the username for the account was changed from "Admin" to an email address that is being used to send email alerts from this instance of zabbix. I.e. the only place where this email address was ever used is in the configuration of the media type for email. The big question is how did this happen. Maybe a bug in zabbix? The media type for email was update more than a week ago with that email address so how was I able to work fine for more than a week.

              I then ran the script to change the Admin account password to the same password as the guest account, which is blank.
              UPDATE zabbix.users AS a INNER JOIN zabbix.users AS b ON b.username='guest' SET a.passwd = b.passwd;

              I was then able to login using the email address and this password. I then progressed to the users settings and changed the username back to Admin. I logged out and back in with Admin and the blank password and it worked.

              It is not possible for the Admin account to change it's own password to something else as it will not accept blank as an input for the old password. So I created another super admin account and logged in with that and changed the Admin account's password to what it should be. I tested and that account is working fine now.
                1
                • Selected Answer

                Comment

                Previous template Next
                Working...