Hi @dubdub and welcome to the forum.
It can happen and normally the htpasswd method helps but in your case we have to modify some Checkmk configuration to get your login back.
It took me a while to figure this one out but it works.
Please follow the instructions very closely and make a backup of your Checkmk site before you edit things!
- Login as the site user (
sudo su - sitename
)
- Edit the following file with a editor of your choice. Remember to install it with apt inside the container. Do
apt update
first after that you can do apt install nano
inside the container.
You need to edit etc/check_mk/multisite.d/wato/users.mk with
(nano etc/check_mk/multisite.d/wato/users.mk
)
- In this file you see all the Checkmk user and their settings. Here is an example from a freshly created site:
multisite_users.update({'cmkadmin': {'roles': ['admin'], 'locked': False, 'connector': 'htpasswd', 'alias': 'cmkadmin'}, 'automation': {'alias': 'Check_MK Automation - used for calling web services', 'automation_secret': '2c0a01af-1337-43bc-9c96-50782b71446a', 'roles': ['admin'], 'locked': False, 'language': 'en', 'connector': 'htpasswd'}})
And this is the same file after I made the cmkadmin user a automation user:
multisite_users.update({'cmkadmin': {'alias': 'cmkadmin', 'roles': ['admin'], 'locked': False, 'connector': 'htpasswd', 'automation_secret': 'CNI@CLYOMAWSHLKVLPFM', 'force_authuser': False, 'nav_hide_icons_title': None, 'icons_per_item': None, 'show_mode': None}, 'automation': {'alias': 'Check_MK Automation - used for calling web services', 'automation_secret': '2c0a01af-1337-43bc-9c96-50782b71446a', 'roles': ['admin'], 'locked': False, 'language': 'en', 'connector': 'htpasswd'}})
As you can see some things changed. Please replace your cmkadmin config with the following:
{'cmkadmin': {'roles': ['admin'], 'locked': False, 'connector': 'htpasswd', 'alias': 'cmkadmin'},
At the end of the line you can still have your automation user config. The alternative would be to remove the automation_secret part form the cmkadmin config.
'automation_secret': 'CNI@CLYOMAWSHLKVLPFM',
So far so good but that’s not everything. If you try to login now you will still get a error message like “Automation user rejected”.
-
Now we have to delete the automation.secret file to be able to log back in. Please delete: rm /opt/omd/sites/cmk/var/check_mk/web/cmkadmin/automation.secret
Make sure it’s the right user! In this case we are working with the cmkadmin.
-
After that you need to change your password and then should be able to log back in with your cmkadmin. You can reset it using the site user context and cmk-passwd cmkadmin
or htpasswd -B -C 12 etc/htpasswd cmkadmin
if you are using a patch release before 2.1.0p16.
I know it was a very advanced procedure that may break things if not done correctly! Please always make a backup before working on configuration files.
I hope it helped you and if you have more questions feel free to ask.
Regards
Norm
All shown secrets are from a test installation and are not used in any production environment.