Any update on the behaviour ?
Thank you Krishna Vivek From: Krishna Vivek Vitta Sent: 23 April 2019 11:43 To: net-snmp-users@lists.sourceforge.net Subject: Help required for "snmpwalk: Authentication failure " Hi expert, We have a case where snmpwalk fails after snmpv3 user is added to trap destination. Net-SNMP version being used is 5.5 on FreeBSD setup We start with a configured user for SNMPv3. We used SHA1 and AES for the auth and privacy protocols: add snmpuser name=test auth_password=testtest privacy_password=testtest auth_protocol=SHA1 privacy_protocol=AES view_name=SNMP-View security_level=authPriv add snmpview name=SNMP-View subtree=1.3.6.1 type=Include The above steps: Adds a createUser directive in /var/mps/netsnmp/snmpd.conf and restarts snmpd 1. SNMPD replaces the createUser directive with a usmUser directive in persistent conf All this is normal. The configuration in the persistent snmpd.conf is correct. This is our test entry: bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf usmUser 1 3 0x80001f88809c0a3f394b485c5600000000 0x4e65747363616c657200 0x4e65747363616c657200 NULL .1.3.6.1.6.3.10.1.1.3 0x06be7a79a8108ccde730455187973c0719b3e460 .1.3.6.1.6.3.10.1.2.4 0x06be7a79a8108ccde730455187973c07 "" bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch --command=/root/print_users.gdb | awk '/test/,/privKey:/' name: 0x801c6fac0: "test" secName: 0x801c6fad0: "test" authProtocol: .1.3.6.1.6.3.10.1.1.3 << This means SHA1 privProtocol: .1.3.6.1.6.3.10.1.2.4 << This means AES authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e46000000000 privKey: 0x6be7a79a8108ccd 0xe730455187973c07 And of course the queries work: vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A 'testtest' -x AES -X 'testtest' 10.91.16.71:161 1.3.6.1.2.1.1.1 SNMPv2-MIB::sysDescr.0 = STRING: FreeBSD nssdx-mgmt 8.4-NETSCALER-12.0 FreeBSD 8.4-NETSCALER-12.0 #0: Wed Sep 12 06:47:55 PDT 2018 root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM[https://issues.citrite.net/images/icons/mail_small.gif]<mailto:root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM>amd64 Then I add an snmptrap destination that uses this user: add snmptrap dest_server=10.91.31.244 user_name=test dest_port=162 version=v3 And the queries fail with authentication failure: vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A 'testtest' -x AES -X 'testtest' 10.91.16.71:161 1.3.6.1.2.1.1.1 snmpwalk: Authentication failure (incorrect password, community or key) This time although the configuration is the same, snmpd internally has set the wrong protocols: bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf usmUser 1 3 0x80001f88809c0a3f394b485c5600000000 0x4e65747363616c657200 0x4e65747363616c657200 NULL .1.3.6.1.6.3.10.1.1.3 0x06be7a79a8108ccde730455187973c0719b3e460 .1.3.6.1.6.3.10.1.2.40x06be7a79a8108ccde730455187973c07 0x bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch --command=/root/print_users.gdb | awk '/Netscaler/,/privKey:/' name: 0x801c6fac0: "test" secName: 0x801c6fad0: "test" authProtocol: .1.3.6.1.6.3.10.1.1.2 << This means MD5 privProtocol: .1.3.6.1.6.3.10.1.2.2 << This means DES authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e46000000000 privKey: 0x6be7a79a8108ccd 0xe730455187973c07 Kindly provide assistance in resolving the case. Thank you Krishna Vivek
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users