On 4 September 2012 09:37, Suresh kumar <skjaiswa...@hotmail.com> wrote: > But anyone who has > rw/ro access to the Snmpusm table will be able to view these internal users > starting with “defaultXXXX” as well. We want that when any operator accesses > SNMPUSM table, he should be able to view users that are created ( for > example deepti1 in the below case) but not the internal users/default users > ( starting with “defaultXXXXX”).
OK - I see what you mean. > In VACM terms, this implies creating a view > where particular rows belonging to a table can be accessed while some can be > blocked. Exactly. > We want a sample VACM configuration for the same. Not tested, but try something like the following: view myVacm included .1.3.6.1.6.3.15.1.2.2 view myVacm excluded .1.3.6.1.6.3.15.1.2.2.1.0.17.{engineID}.0.100.101.102.97.117.108.116 0xff:ef:ff:fd:fa rouser {operator} auth -V myVacm or view myVacm included .1.3.6.1.6.3.15.1.2.2 view myVacm excluded .1.3.6.1.6.3.15.1.2.2.1.0.17.{engineID}.0.100.101.102.97.117.108.116 0xff:e0:00:01:fa rouser {operator} auth -V myVacm You'll need to insert the (numeric) value of your SNMP Engine ID where indicated. Try running the same "snmpwalk" command as before but with the option '-On' to see the appropriate values. Note that the mask is crafted based on a 17-octet engineID (which seems to be what you're using). If that's not correct, then you'll need to tweak the OID and mask accordingly. The difference between the two sample above are whether the engine ID is explicitly matched, or ignored. It shouldn't make any real difference which you use. But the length of the engineID *is* significant, as this affects the masking bits that are applied to the username. Dave ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users