>> How can I properly configure the context name on the server side?
>See the section covering "rouser" and "rwuser" in the snmpd.conf(5) man page -
>this comes in the section headed "Traditional Access Control"
>(or the description of "access" in the section "VACM Configuration"
>if you're using that appriach.
I am using VACM approach
My snmpd.conf file without contextname
createUser V3User MD5 "Password"
com2sec V3User default community
group v3_group usm V3User
view v3_view included .1.3.6.1
access v3_group "" any authNoPriv exact v3_view v3_view all
After reading the man page for snmpd.conf I modified the file as below
createUser V3User MD5 "Password"
com2sec -Cn context-name V3User default community
group v3_group usm V3User
view v3_view included .1.3.6.1
access v3_group context-name any authNoPriv prefix v3_view v3_view all
proxy -Cn context-name -v 3 -u V3User -a md5 -A "Password" -l authnopriv
localhost .1.3.6.1
First I missed to add the access details, it might be the reason snmpd sends an
authorization error.
Now I modified the snmpd.conf file as above
Now the application shows " Timeout: No Response from 10.140.185.228."
In the server side
#snmpd -fV
NET-SNMP version 5.7
Received SNMP packet(s) from UDP: [10.140.185.228]:52595->[10.140.185.228]:161
Received SNMP packet(s) from UDP: [10.140.185.228]:52595->[10.140.185.228]:161
Received SNMP packet(s) from UDP: [127.0.0.1]:60060->[127.0.0.1]:161
The second line I think is SecEngineId Discovery.
The third line I believe it forwards the packet to itself and may be drops it
inside.
If I remove the proxy part from snmpd.conf, this third line won't be printed.
But same timeout will happen
Then I enabled all the debug tokens and found this inside the server.
trace: snmp_call_callbacks(): callback.c, 344:
callback: START calling callbacks for maj=1 min=5
trace: snmp_call_callbacks(): callback.c, 358:
callback: calling a callback for maj=1 min=5
vacm_in_view: ver=3, model=3, secName=V3User
trace: netsnmp_subtree_find_first(): agent_registry.c, 314:
subtree: looking for subtree for context: "context-name"
trace: netsnmp_subtree_find_first(): agent_registry.c, 323:
subtree: didn't find a subtree for context: "context-name"
trace: vacm_check_view_contents(): mibgroup/mibII/vacm_conf.c, 1434:
mibII/vacm_vars: vacm_in_view: no such ctxt "context-name"
trace: snmp_call_callbacks(): callback.c, 370:
callback: END calling callbacks for maj=1 min=5 (1 called)
trace: _callback_unlock(): callback.c, 170:
9:callback:lock: unlocked (APP,null)
trace: netsnmp_remove_and_free_agent_snmp_session(): snmp_agent.c, 1842:
snmp_agent: REMOVE session == 0x860fdf8
trace: free_agent_snmp_session(): snmp_agent.c, 1424:
snmp_agent: agent_session 0x860fdf8 released
trace: free_agent_snmp_session(): snmp_agent.c, 1429:
verbose:asp: asp 0x860fdf8 reqinfo 0x85f5f18 freed
Any thoughts?
Thanks,
Basil Joseph.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
