Hi Dave,
We have added around 2 default users in the snmp persist file to enable v3 user
creation/cloning through snmpusm utility. The output of the SNMPUSM table is as
follows:
C:\SnmpUtility>snmpwalk -v 2c -c public 172.16.3.151 1.3.6.1.6.3.15.1.2.2.1
SNMP-USER-BASED-SM-MIB::usmUserSecurityName.".....ê~..X`DP...."."deepti1" =
STRING: deepti1
SNMP-USER-BASED-SM-MIB::usmUserSecurityName.".....ê~..X`DP...."."defaultUserMD5"
= STRING: defaultUserMD5
SNMP-USER-BASED-SM-MIB::usmUserSecurityName.".....ê~..X`DP...."."defaultUserSHA"
= STRING: defaultUserSHA
SNMP-USER-BASED-SM-MIB::usmUserCloneFrom.".....ê~..X`DP...."."deepti1" = OID:
SNMPv2-SMI::zeroDotZero
SNMP-USER-BASED-SM-MIB::usmUserCloneFrom.".....ê~..X`DP...."."defaultUserMD5" =
OID: SNMPv2-SMI::zeroDotZero
SNMP-USER-BASED-SM-MIB::usmUserCloneFrom.".....ê~..X`DP...."."defaultUserSHA" =
OID: SNMPv2-SMI::zeroDotZero
SNMP-USER-BASED-SM-MIB::usmUserAuthProtocol.".....ê~..X`DP...."."deepti1" =
OID: SNMP-USER-BASED-SM-MIB::usmHMACMD5AuthProtocol
SNMP-USER-BASED-SM-MIB::usmUserAuthProtocol.".....ê~..X`DP...."."defaultUserMD5"
= OID: SNMP-USER-BASED-SM-MIB::usmHMACMD5AuthProtocol
SNMP-USER-BASED-SM-MIB::usmUserAuthProtocol.".....ê~..X`DP...."."defaultUserSHA"
= OID: SNMP-USER-BASED-SM-MIB::usmHMACSHAAuthProtocol
SNMP-USER-BASED-SM-MIB::usmUserAuthKeyChange.".....ê~..X`DP...."."deepti1" = ""
SNMP-USER-BASED-SM-MIB::usmUserAuthKeyChange.".....ê~..X`DP...."."defaultUserMD5"
= ""
SNMP-USER-BASED-SM-MIB::usmUserAuthKeyChange.".....ê~..X`DP...."."defaultUserSHA"
= ""
SNMP-USER-BASED-SM-MIB::usmUserOwnAuthKeyChange.".....ê~..X`DP...."."deepti1" =
""
SNMP-USER-BASED-SM-MIB::usmUserOwnAuthKeyChange.".....ê~..X`DP...."."defaultUserMD5"
= ""
SNMP-USER-BASED-SM-MIB::usmUserOwnAuthKeyChange.".....ê~..X`DP...."."defaultUserSHA"
= ""
SNMP-USER-BASED-SM-MIB::usmUserPrivProtocol.".....ê~..X`DP...."."deepti1" =
OID: SNMP-USER-BASED-SM-MIB::usmNoPrivProtocol
SNMP-USER-BASED-SM-MIB::usmUserPrivProtocol.".....ê~..X`DP...."."defaultUserMD5"
= OID: SNMP-USER-BASED-SM-MIB::usmNoPrivProtocol
SNMP-USER-BASED-SM-MIB::usmUserPrivProtocol.".....ê~..X`DP...."."defaultUserSHA"
= OID: SNMP-USER-BASED-SM-MIB::usmNoPrivProtocol
SNMP-USER-BASED-SM-MIB::usmUserPrivKeyChange.".....ê~..X`DP...."."deepti1" = ""
SNMP-USER-BASED-SM-MIB::usmUserPrivKeyChange.".....ê~..X`DP...."."defaultUserMD5"
= ""
SNMP-USER-BASED-SM-MIB::usmUserPrivKeyChange.".....ê~..X`DP...."."defaultUserSHA"
= ""
SNMP-USER-BASED-SM-MIB::usmUserOwnPrivKeyChange.".....ê~..X`DP...."."deepti1" =
""
SNMP-USER-BASED-SM-MIB::usmUserOwnPrivKeyChange.".....ê~..X`DP...."."defaultUserMD5"
= ""
SNMP-USER-BASED-SM-MIB::usmUserOwnPrivKeyChange.".....ê~..X`DP...."."defaultUserSHA"
= ""
SNMP-USER-BASED-SM-MIB::usmUserPublic.".....ê~..X`DP...."."deepti1" = ""
SNMP-USER-BASED-SM-MIB::usmUserPublic.".....ê~..X`DP...."."defaultUserMD5" = ""
SNMP-USER-BASED-SM-MIB::usmUserPublic.".....ê~..X`DP...."."defaultUserSHA" = ""
SNMP-USER-BASED-SM-MIB::usmUserStorageType.".....ê~..X`DP...."."deepti1" =
INTEGER: nonVolatile(3)
SNMP-USER-BASED-SM-MIB::usmUserStorageType.".....ê~..X`DP...."."defaultUserMD5"
= INTEGER: nonVolatile(3)
SNMP-USER-BASED-SM-MIB::usmUserStorageType.".....ê~..X`DP...."."defaultUserSHA"
= INTEGER: nonVolatile(3)
SNMP-USER-BASED-SM-MIB::usmUserStatus.".....ê~..X`DP...."."deepti1" = INTEGER:
active(1)
SNMP-USER-BASED-SM-MIB::usmUserStatus.".....ê~..X`DP...."."defaultUserMD5" =
INTEGER: active(1)
SNMP-USER-BASED-SM-MIB::usmUserStatus.".....ê~..X`DP...."."defaultUserSHA" =
INTEGER: active(1)
C:\SnmpUtility>
What VACM configuration should go into snmpd.conf to block read-write access to
the default users ONLY? The user for example “deepti1” should be accessible
but not the users starting with “defaultXXXXXXX”.
Regards
~Suresh
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users