Hi,
Problem:
-----------
snmpd is not considering user provided engined id in createUser directive.
Background:
----------
- I am developing snmp subagent in order to report SNMP v3 traps to remote
systems.
- Remote systems are not in my control. Once they receive traps, application
team can use it as they wish
- Now there should be a seamless way to integrate traps into application
something like, pre-agreed engineid. I should be able to send traps with
pre-agreed engineid, so that application does not have to access actual hw (
why not to access actual hw is explained below in step 5). In some cases,
application teams are not provided ssh access to actual hardware. Only webui
access, via which they will be able to add / modify snmp v3 users and able to
specify trap destination and so on.
Working method:
--------------
1) stop snmpd
2)
In /var/net-snmp/snmpd.conf add,
createUser admin SHA CHANGEME AES
group incremental usm admin
view new_view included .1
view new_view excluded .1.3.6.1.2.1.1.1
view new_view excluded .1.3.6.1.2.1.25.4.2.1.2
access incremental "" usm priv exact new_view none none
rwuser admin priv
master agentx
trapsess -v 3 -l authpriv -u admin ip_add_remote_machine
3) restart netsnmp
4) stop snmptrapd
5) whatever engineid is available in snmpd.conf ( login to actual hw and grep
for engineid from snmpd.conf), use the same in remote machine snmptrapd.conf
disableAuthorization yes
createUser -e enginedid_same_as_snmpdconf admin SHA CHANGEME AES CHANGEME
6) restart snmptrapd
Now I am able to receive traps on remote machine.
Non-working method:
------------------
1) same as above
2) same as above except
createUser -e 0x0102030405060504030201 admin SHA CHANGEME AES
3) restart snmpd
snmpd throws error,
snmpd: send_trap: USM unknown security name (no such user exists)
4) stop snmptrapd
5) Now no need to grep from snmpd.conf. As engined id is pre-agreed, simply use
that
disableAuthorization yes
createUser -e 0x0102030405060504030201 admin SHA CHANGEME AES CHANGEME
6) restart snmptrapd
Not able to receive traps on remote machine
My requirement is, user should decide on what engineid to use on both snmpd (
actual hw ) and on snmptrapd ( remote machine ). By configuring this in
appropriate configuration files, user should be able to receive traps without
any need to access actual hw where traps are being generated.
Regards,
Mukunth
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users