Hi Max,
On 03/25/2009 01:46 PM, Max Malzkuhn wrote:
What I would really like to do is delete the user edgewater, and re-create
it with the following:
-v 3 -u edgewater -n none -l authPriv -a MD5 -A edgewater
If a user specified as above can also receive traps with authNoPriv. Does
anyone know? And how do I go about deleting the user?
The above would need to have '-l authNoPriv' since there is no privacy
protocol or passphrase specified. Alternatively, specify the -x and -X
credentials.
I tried a delete like this:
snmpusm -v 3 -u edgewater -n "" -l authNoPriv -a MD5 -A edgewater -Dusm
10.10.50.38 delete edgewater
User additions and deletions are usually accomplished by an
'administrative user'. If your only user is 'edgewater' and 'edgewater'
deletes 'edgewater' then how will 'edgewater' be added back in? BTW,
you do not need the -n "" as that is the 'default context'.
I believe the rule is that you want to have an administrative user with
the same or better privileges { auth | priv } delete a user and you need
an administrative user with the *same* privileges and protocols { auth |
priv } to clone/create a new user. Hopefully I've remember correctly on
this...
Anyway, yes- set up a user with auth and priv credentials. That user
will be able to receive traps sent at all SNMPv3 security levels-
noAuthNoPriv, authNoPriv and authPriv.
And the debug info says it failed to find engine data.
So I added -CE 0x80001f88807f9fd31749ca6338 and got the same result, failed
to find engine data.
The snmpusm command is showing engineID as specified without the leading
'0x'
I'm not sure if I point this command at the box sending the traps or the box
receiving the traps, so I tried both and got the same result.....
For this thread we're on- sending SNMPv3 traps, you point the command at
the trap receiver using the snmpEngineID of the system you want to
receive traps from. Repeat, using the snmpEngineID for any other
systems you want to receive traps from.
Max
I'm sure you are scripting these commands so that once you've got things
working life becomes easy!
Please let the list know if you've got these issues resolved or if
you've got additional questions?
Regards,
Mark
http://EllisonSoftware.com/Services/
-----Original Message-----
From: Mark Ellison [mailto:[email protected]]
Sent: Tuesday, March 24, 2009 4:27 PM
To: [email protected]
Cc: [email protected]
Subject: Re: Version 5.4.2.1 snmp v3 traps with snmptrapd
Hi Max,
I don't think the createUser -e 0x0102030405....is doing anything. I
think the FC 4 box has an older version of snmptrapd that doesn't
require the level of configuration you are looking at with the Fedora 10
box.
Actually, the createUser token should be placed into the
/var/net-snmp/snmptrapd.conf file. Sometimes you have to restart the
snmptrapd utility or kill -SIGHUP the process to get it to reload the
/var/net-snmp/snmptrapd.conf file.
One work around would be to place the following token in your
snmptrapd.conf file:
disableAuthorization yes
...but you really should be using authorization in most environments
other than a development situation ;-)
Regards,
Mark
http://EllisonSoftware.com
On 03/24/2009 06:58 PM, Max Malzkuhn wrote:
That's what's really strange. My other trap receiver (Fedora 4) has
"never heard" of this new piece of hardware I am trying to get to send
traps to the Fedora 10 box but it receives traps from it just fine. I
looked to see if I had Authentication turned off on the FC4 box but
didn't find anything to indicate that. The FC4 box that can receive
the traps just has the
following:
/etc/snmp/snmptrapd.conf
createUser -e 0x0102030405 edgewater MD5 edgewater DES edgewater
/var/net-snmp/snmptrapd.conf
usmUser 1 3 0x80001f88800dcb872c4884da43 0x65646765776174657200
0x65646765776174657200 NULL .1.3.6.1.6.3.10.1.1.2
0x56c8a3b49a156b3be16db94a3b3c7aa0 .1.3.6.1.6.3.10.1.2.2
0x56c8a3b49a156b3be16db94a3b3c7aa0 0x00 usmUser 1 3
0x80001f88800dcb872c4884da43 0x65646765776174657200
0x65646765776174657200 NULL .1.3.6.1.6.3.10.1.1.2
0x56c8a3b49a156b3be16db94a3b3c7aa0 .1.3.6.1.6.3.10.1.2.2
0x56c8a3b49a156b3be16db94a3b3c7aa0 0x00 engineBoots 15610
oldEngineID 0x80001f88800dcb872c4884da43
So I got the engineID from the system sending the traps and put it
into /etc/snmptrapd.conf
I re-ran snmptrapd with -D and didn't see any error messages, but when
I run it with the following, I get nothing:
Snmptrapd -f -Le -F "%02.2h:%02.2j TRAP%w.%q from %A %W %P\n%V\n%v\n"
Very strange.
Max
-----Original Message-----
From: Mark Ellison [mailto:[email protected]]
Sent: Tuesday, March 24, 2009 3:11 PM
To: [email protected]
Cc: [email protected]
Subject: Re: Version 5.4.2.1 snmp v3 traps with snmptrapd
On 03/24/2009 06:07 PM, Mark Ellison wrote:
On 03/24/2009 05:55 PM, Max Malzkuhn wrote:
Hi Mark. How do I figure out which is the right engineID? The
0102030405 is not the right one but it is what is in my receiver's
config that works.
Are you saying I should use the engineID
"0x80001f8880a6aba16d9a0ec949" in
my createUser?
Did you try doing an snmpget <options> <fedora10system>
SnmpEngineID.0?
Above target should be your 'source system' for sending the trap, not
the fedora 10 system that receives the trap...sorry...I am multiplexing
;-)
Each 'SNMP Engine' is supposed to have a unique SnmpEngineID value.
Please see RFC 3411 for additional information.
Regards,
Mark
http://EllisonSoftware.com/Services/
------------------------------------------------------------------------------
_______________________________________________
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
