On 02/11/2007, Koaps <[EMAIL PROTECTED]> wrote: > Problem is, the IBM hardware doesn't have an area to > specify the engineID, so the trap it sends fails with: > > snmp_parse: Parsed SNMPv3 message (secName:myuser, > secLevel:authNoPriv): USM unknown security name (no > such user exists)
An SNMPv3 user is identified by a (username, engineID) pair, so the creation of the user on the snmptrapd side must match the settings used to create this user within the agent. This can either be done by specifying the engineID of snmptrapd when creating the user within the agent. Or it can be done by specifying the engineID of the agent when creating the user within snmptrapd. Or it can be done by specifying an arbitrary engineID on both sides. It doesn't really matter - just as long as the two sides agree on the same engineID. Otherwise, if you've got two different engineIDs, then this means you are talking about two different users - hence the error message above. > I've tried to remove the engineID from the createUser > statement No - that won't work. This means you're using the engineID of snmptrapd, so you'd need to give this same engineID on the agent side (which you say you can't do). Given that the agent side is fixed, you have to tweak the snmptrapd.conf entry to use this same engine ID. > and I've tried to use the following options in the config file: > > disableAuthorization yes > ignoreAuthFailure yes Nice idea. And it would probably work if you were using noAuthNoPriv. But if you're using authentication, then the receiving entity will do some validation of the incoming request before it starts to process it. So this does require a matching user (name *and* engine ID). > Is there a way to either discover the engineID to use > for the IBM hardware or setup the server to not > require it to send SNMPv3 traps? I can't comment about the configuration of the IBM hardware. You'd need to talk to your suppliers about that (or read the documentation). But if you run the snmptrapd receiver using "-Ddump", then this will display a breakdown of the incoming request (*before* it is verified), which should allow you to determine the engineID being used. Dave ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
