Thanks Niels, Currently, here’s my full conf file :
agentAddress udp:161 createUser vincent SHA "myPassPhrase" DES "myPrivAuthPhrase" group grouptboxusmv3 usm vincent view viewalltboxmibs included .1 access grouptboxusmv3 "" any priv exact viewalltboxmibs viewalltboxmibs none rwuser -s usm vincent priv -V viewalltboxmibs I tried to create user after group/view/access config, tried also to not use rwuser, and different combinations but nothing works … Any ideas ? De : Niels Baggesen <ni...@baggesen.net> Envoyé : lundi 29 janvier 2024 20:29 À : net-snmp-coders <net-snmp-coders@lists.sourceforge.net> Objet : Fwd: SNMPv3 DES issue You don't often get email from ni...@baggesen.net. Learn why this is important ATTENTION : cet email a été envoyé par u͏͏ [Graymail]<https://summary.uk.defend.egress.com/v3/summary?ref=email&crId=65b7fc9e3f3f81aa696b2fdd&lang=en> [External email]<https://summary.uk.defend.egress.com/v3/summary?ref=email&crId=65b7fc9e3f3f81aa696b2fdd&lang=en> [First time sender]<https://summary.uk.defend.egress.com/v3/summary?ref=email&crId=65b7fc9e3f3f81aa696b2fdd&lang=en> [This email shows signs of phishing]<https://summary.uk.defend.egress.com/v3/summary?ref=email&crId=65b7fc9e3f3f81aa696b2fdd&lang=en> You don't often get email from ni...@baggesen.net<mailto:ni...@baggesen.net>. Learn why this is important<https://links.uk.defend.egress.com/Warning?crId=65b7fc9e3f3f81aa696b2fdd&Domain=ovarro.com&Lang=en&Base64Url=eNrLKCkpKLbS10_MTtTLLdb3SU0synNMyi8tCU7NS0kt8kxJzSvJTMtMTizJzM8DAH5uES4%3D> ATTENTION : cet email a été envoyé par une source externe à notre enterprise. Ne cliquez pas sur les liens et n'ouvrez pas les pièces jointes si vous ne connaissez pas l'expéditeur et n'êtes pas sûrs du contenu. I dont know snmpb, and it is seems non-trivial to install. Have you tried with the Net-SNMP tools? Besides the createUser to create the uer, you need an access and view entry to define how it is used. How did you configure that? /Niels Den 26-01-2024 kl. 11:10 skrev Vincent Gilson via Net-snmp-coders: Hello ! I’m working on a net-snmp agent integrated into an industrial embedded system (ARM-based). The agent is working perfectly for v1 and v2c, and also with v3 and ‘AuthNoPriv’ mode. I’m doing my tests with SnmpB software as a client. But SHA and DES/AES is not working : My snmpd.conf : # Listening connections : agentAddress udp:161 # # User list : createUser myuser MD5 authpass rouser myuser createUser vincent SHA authpass DES privauthpass rwuser vincent priv GET an integer with SNMPv3 is working for user “myuser” (configured with ‘authNoPriv’ and empty context info in SnmpB) , but that is not working for user “vincent" (configured with ‘authPriv’ in SnmpB) : embedded agent returns me the security level is not supported (oid 1.3.6.1.6.3.15.1.1.1.0, see wireshark trace below) . Same problem occurs with AES. Why is it not supported ? I tried different combinations with ‘createUser’ adding ‘priv’ on it, or add it at the end of ‘rwuser’ I didn’t see something relevant into the snmpd.log, so I guess the openssl is correctly loaded. I don’t know what I’m missing. Could you help me please ? Many thanks ! Vincent. ----->>> Some useful resources : My install switches : ./configure --prefix=$(INSTALL_PREFIX) --host=$(HOST) \ --disable-applications --enable-debugging --disable-embedded-perl --without-perl-modules \ --enable-reentrant \ --with-cc=$(CC) --with-linkcc=$(CC) --with-ar=$(AR) --with-ldflags="$(LDFLAGS)" --with-cflags="$(CFLAGS_EXT)" \ --with-openssl=$(LIB_DIRS) \ --without-rpm \ --with-logfile="/tmp/var/snmpd.log" \ --with-default-snmp-version="3" \ --with-transports="UDP,TCP,DTLSUDP,TLSTCP" --with-security-modules="usm,tsm" \ --with-sys-contact="vincent.gil...@ovarro.com"<mailto:vincent.gil...@ovarro.com> \ --with-sys-location="Ovarro" \ --with-persistent-directory="/var/net-snmp" \ --enable-shared=yes --enable-static=no --enable-tagCC-libtool Wireshark capture (request of SnmpB, followed by answer from embedded net-snmp agent) : No. Time Source Destination Protocol Length Info 4488 49.862297 10.65.84.14 172.25.110.169 SNMP 183 encryptedPDU: privKey Unknown Frame 4488: 183 bytes on wire (1464 bits), 183 bytes captured (1464 bits) on interface \Device\NPF_{71745524-1B4D-4E06-8D78-0E258F5FBAED}, id 0 Ethernet II, Src: Cisco_3c:7a:00 (00:05:9a:3c:7a:00), Dst: CIMSYS_33:44:55 (00:11:22:33:44:55) Internet Protocol Version 4, Src: 10.65.84.14, Dst: 172.25.110.169 User Datagram Protocol, Src Port: 49987, Dst Port: 161 Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1572876 msgMaxSize: 4096 msgFlags: 07 .... .1.. = Reportable: Set .... ..1. = Encrypted: Set .... ...1 = Authenticated: Set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 80001f88801cfa42209b6fa665 1... .... = Engine ID Conformance: RFC3411 (SNMPv3) Engine Enterprise ID: net-snmp (8072) Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random Engine ID Data: 1cfa4220 Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris, Madrid msgAuthoritativeEngineBoots: 17 msgAuthoritativeEngineTime: 67315 msgUserName: vincent msgAuthenticationParameters: 90d824057790ccf09d9cdf94 msgPrivacyParameters: 000000110000904f msgData: encryptedPDU (1) encryptedPDU: 6ca45160f625888a5d5578eab7db81b466dc8d98901c8a706eee1031ca939c6e1a825c7f… No. Time Source Destination Protocol Length Info 4496 49.945101 172.25.110.169 10.65.84.14 SNMP 154 report 1.3.6.1.6.3.15.1.1.1.0 Frame 4496: 154 bytes on wire (1232 bits), 154 bytes captured (1232 bits) on interface \Device\NPF_{71745524-1B4D-4E06-8D78-0E258F5FBAED}, id 0 Ethernet II, Src: CIMSYS_33:44:55 (00:11:22:33:44:55), Dst: Cisco_3c:7a:00 (00:05:9a:3c:7a:00) Internet Protocol Version 4, Src: 172.25.110.169, Dst: 10.65.84.14 User Datagram Protocol, Src Port: 161, Dst Port: 49987 Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1572876 msgMaxSize: 65507 msgFlags: 00 .... .0.. = Reportable: Not set .... ..0. = Encrypted: Not set .... ...0 = Authenticated: Not set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 80001f88801cfa42209b6fa665 1... .... = Engine ID Conformance: RFC3411 (SNMPv3) Engine Enterprise ID: net-snmp (8072) Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random Engine ID Data: 1cfa4220 Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris, Madrid msgAuthoritativeEngineBoots: 17 msgAuthoritativeEngineTime: 67315 msgUserName: vincent msgAuthenticationParameters: <MISSING> msgPrivacyParameters: <MISSING> msgData: plaintext (0) plaintext contextEngineID: 80001f88801cfa42209b6fa665 1... .... = Engine ID Conformance: RFC3411 (SNMPv3) Engine Enterprise ID: net-snmp (8072) Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random Engine ID Data: 1cfa4220 Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris, Madrid contextName: data: report (8) report request-id: 0 error-status: noError (0) error-index: 0 variable-bindings: 1 item 1.3.6.1.6.3.15.1.1.1.0: 10 Object Name: 1.3.6.1.6.3.15.1.1.1.0 (iso.3.6.1.6.3.15.1.1.1.0) Value (Counter32): 10 _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net<mailto:Net-snmp-coders@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders<https://links.uk.defend.egress.com/Warning?crId=65b7fc9e3f3f81aa696b2fdd&Domain=ovarro.com&Lang=en&Base64Url=eNolyEEOwCAIBMAXCfd-h2I1UTAs_r9NvcxhWubCxTw6EgTfIVo9HiXTPPvbrTp_VWBzFfFbAy_DEhdF> -- Niels Baggesen -- @home -- Århus -- Denmark -- ni...@baggesen.net<mailto:ni...@baggesen.net> The purpose of computing is insight, not numbers -- R W Hamming -- Niels Baggesen -- @home -- Århus -- Denmark -- ni...@baggesen.net<mailto:ni...@baggesen.net> The purpose of computing is insight, not numbers -- R W Hamming
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
