Re: How to make v3 effective after porting net-snmp to embedded system

BOMB Wed, 10 Dec 2008 22:07:18 -0800

Hi, guys,
After nearly 3days research and benefits from lots of Zorros, now it's done .
I think I shoul share what I learned with new users which I think will be 
userful for them .
1, the parameters after ./configure,  --sysconfdir 
--with-logfile="/var/log/snmpd.log" --with-persistent-directory are direclty 
converted the MACROS in include 
file(net-snmp-5.4.2.1/include/net-snmp/net-snmp-config.h)  such as:
 /* net-snmp's major path names */
 #define SNMPLIBPATH "/usr/local/lib/snmp"
 #define SNMPSHAREPATH "/usr/local/share/snmp"
 #define SNMPCONFPATH "/usr/local/etc/snmp"
 #define SNMPDLMODPATH "/usr/local/lib/snmp/dlmod"


 /* NETSNMP_LOGFILE:  If defined it closes stdout/err/in and opens this in
    out/err's place.  (stdin is closed so that sh scripts won't wait for it) */
 #define NETSNMP_LOGFILE "/var/log/snmpd.log"
 
 /* default system contact */
 #define NETSNMP_SYS_CONTACT "root@"
 
 /* system location */
 #define NETSNMP_SYS_LOC "Unknown"
etc.

2,after compiled and installed net-snmp, you should verify the locations of 
config files, in fact, I found 3 snmpd.conf files in my pc, so please issued 
these 2 commands:
[EMAIL PROTECTED] --persistent-directory
it will return such as: /var/net-snmp
here, the v3 user's name and password will be palced in 

[EMAIL PROTECTED] net-snmp-config --snmpconfpath
it will return sunch 
as:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/bomb/.snmp:/var/net-snmp
here, the basic config files will be placed, though the directory, 
/var/net-snmp, seems can be used too, in fact, the snmpd.conf files you copied 
to will be destoyed always, so the basic config file is placed other directory 
better .

3, the default EXAMPLE.conf is not fit for this verion, I found, if, 
[EMAIL PROTECTED] EXAMPLE.conf /usr/local/share/snmp/snmpd.conf 
[EMAIL PROTECTED] -Le -d
it returns: 
/usr/local/share/snmp/snmpd.conf: line 61: Error: example config COMMUNITY not 
properly configured
/usr/local/share/snmp/snmpd.conf: line 62: Error: example config NETWORK not 
properly configured
net-snmp: 2 error(s) in config file(s)
NET-SNMP version 5.4.2.1

so I prepared a config file which let snmpd run properly at least
next text is file mysnmpd.conf begin:
###########################################################################
#
# mysnmpd.conf
#
#   - created by the snmpconf configuration program
#


#       sec.name  source          community
com2sec local     127.0.0.1       public
com2sec mynetwork 0.0.0.0/24      public
#               sec.model  sec.name
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork
#           incl/excl subtree                          mask
view all    included  .1                               80
#                context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

###########################################################################
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to your running
#   snmp agent.

# rwuser: a SNMPv3 read-write user
#   arguments:  user [noauth|auth|priv] [restriction_oid]

rwuser  y noauth 

# rouser: a SNMPv3 read-only user
#   arguments:  user [noauth|auth|priv] [restriction_oid]

rouser  guest noauth 

# rocommunity: a SNMPv1/SNMPv2c read-only access community name
#   arguments:  community [default|hostname|network/bits] [oid]

rocommunity  dare 192.168.8.128 

# rwcommunity: a SNMPv1/SNMPv2c read-write access community name
#   arguments:  community [default|hostname|network/bits] [oid]

rwcommunity  CTC  


###########################################################################
# SECTION: System Information Setup
#
#   This section defines some of the information reported in
#   the "system" mib group in the mibII tree.

# syslocation: The [typically physical] location of the system.
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysLocation.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  location_string

syslocation  "Shanghai DareGlobal"

# syscontact: The contact information for the administrator
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysContact.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  contact_string

syscontact  [EMAIL PROTECTED]

# sysservices: The proper value for the sysServices object.
#   arguments:  sysservices_number

sysservices 15

#file snmpd.conf end


4, before copying this snmpd.conf file to basic config directory, please rm all 
of snmp.conf files
then:
[EMAIL PROTECTED] --snmpconfpath
/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/bomb/.snmp:/var/net-snmp
 
[EMAIL PROTECTED] /usr/local/etc/snmp /usr/local/share/snmp /home/bomb/.snmp 
/var/net-snmp -name snmpd.conf
/usr/local/etc/snmp/snmpd.conf
/usr/local/share/snmp/snmpd.conf
/var/net-snmp/snmpd.conf

these snmpd.conf files are should be deleted better.
[EMAIL PROTECTED] /usr/local/etc/snmp/snmpd.conf 
/usr/local/share/snmp/snmpd.conf /var/net-snmp/snmpd.conf
[EMAIL PROTECTED] mysnmpd.conf /usr/local/etc/snmp/snmpd.conf

5, now it's time to start snmpd
[EMAIL PROTECTED] -Le -d
run :
 snmpget -v 2c -c public 127.0.0.1 sysUptime.0 
 
on this machine, the oid value will be returned .
6, add v3 user.
firstly ,kill snmpd
[EMAIL PROTECTED] snmpd
add a user:test
[EMAIL PROTECTED] net-snmp-config --create-snmpv3-user
Enter a SNMPv3 user name to create:
test
Enter authentication pass-phrase:
12345678
Enter encryption pass-phrase:
  [press return to reuse the authentication pass-phrase]
12345678
adding the following line to /var/net-snmp/snmpd.conf:
   createUser test MD5 "12345678" DES 12345678
adding the following line to /usr/local/share/snmp/snmpd.conf:
   rwuser test
   
then run:
# snmpget -v3 -u test -l authNoPriv -a MD5 -A 12345678 -c public 127.0.0.1 
.1.3.6.1.2.1.1.6.0
SNMPv2-MIB::sysLocation.0 = STRING: DNI, shanghai

if run:
# snmpget -v3 -u test -l authNoPriv -a MD5 -A 123456789 -c public 127.0.0.1 
.1.3.6.1.2.1.1.6.0
snmpget: Authentication failure (incorrect password, community or key)

7, thanks for your patience, my description is long-winded.


BOMB
2008-12-11

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/

_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: How to make v3 effective after porting net-snmp to embedded system

Reply via email to