Hi, I'm trying to restrict access to MIBs using SNMPv3 and VACM. First of all I have created an administrator user with snmp daemon turned off using the command
sudo net-snmp-create-v3-user -A auth_password -X priv_password -a MD5 -x DES administrator It creates the user successfully and I have an entry "rwuser" in /usr/local/share/snmp/snmpd.conf and an entry "usmUser" in /etc/net-snmp/snmpd.conf (/etc/net-snmp has been specificated as persistent configuration directory at configure time). After I have turned on the snmp daemon and tried to create a group with the command sudo snmpvacm -v 3 -u administrator -l authNoPriv -a MD5 -A auth_password localhost createSec2Group 3 administrator adminGroup This command fails with output: Error in packet. Reason: inconsistentValue (The set value is illegal or unsupported in some way) Failed object: SNMP-VIEW-BASED-ACM-MIB::vacmSecurityToGroupStatus.3."administrator" Sniffing some packets I've seen that snmpvacm is trying to set the variable SNMP-VIEW-BASED-ACM-MIB::vacmSecurityToGroupStatus.3."administrator" to value 4 (previous value is 1 = Active) but the snmpd server considers this value (4) inconsistent and gets the error. If I try sudo snmpvacm -v 3 -u administrator -l authNoPriv -a MD5 -A auth_password localhost createSec2Group 3 adminGroup administrator snmpvacm doesn't fail but this is not what I want (the user adminGroup does not exist). Any help? Regards Giuseppe. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
