Hi Krishna, net-snmp 5.5 is 10 years old this year. 5.8 is the current release.
That said, it might be possible to help you if you share the actual snmpd.conf files. You mention "add snmptrap dest_server=10.91.31.244 user_name=test dest_port=162 version=v3", but that is not how to configure net-snmp, so I don't know what to think about how that changes the actual configuration. Bill On Wed, Apr 24, 2019 at 7:19 AM Krishna Vivek Vitta < krishna.vivekvi...@citrix.com> wrote: > Any update on the behaviour ? > > > > > > Thank you > > Krishna Vivek > > > > *From:* Krishna Vivek Vitta > *Sent:* 23 April 2019 11:43 > *To:* net-snmp-users@lists.sourceforge.net > *Subject:* Help required for "snmpwalk: Authentication failure " > > > > Hi expert, > > > > We have a case where snmpwalk fails after snmpv3 user is added to trap > destination. Net-SNMP version being used is 5.5 on FreeBSD setup > > > > We start with a configured user for SNMPv3. We used SHA1 and AES for the > auth and privacy protocols: > > add snmpuser name=test auth_password=testtest privacy_password=testtest > auth_protocol=SHA1 privacy_protocol=AES view_name=SNMP-View > security_level=authPriv > > add snmpview name=SNMP-View subtree=1.3.6.1 type=Include > > > > The above steps: > > Adds a createUser directive in /var/mps/netsnmp/snmpd.conf and restarts > snmpd > > 1. SNMPD replaces the createUser directive with a usmUser directive > in persistent conf > > > > All this is normal. The configuration in the persistent snmpd.conf is > correct. This is our test entry: > > > > bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf > > usmUser 1 3 0x80001f88809c0a3f394b485c5600000000 0x4e65747363616c657200 > 0x4e65747363616c657200 NULL .1.3.6.1.6.3.10.1.1.3 > 0x06be7a79a8108ccde730455187973c0719b3e460 .1.3.6.1.6.3.10.1.2.4 > 0x06be7a79a8108ccde730455187973c07 "" > > > > bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch > --command=/root/print_users.gdb | awk '/test/,/privKey:/' > > name: 0x801c6fac0: "test" > > secName: 0x801c6fad0: "test" > > *authProtocol: .1.3.6.1.6.3.10.1.1.3 << This means SHA1* > > *privProtocol: .1.3.6.1.6.3.10.1.2.4 << This means AES* > > authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e46000000000 > > privKey: 0x6be7a79a8108ccd 0xe730455187973c07 > > > > And of course the queries work: > > > > vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A 'testtest' > -x AES -X 'testtest' 10.91.16.71:161 1.3.6.1.2.1.1.1 > > SNMPv2-MIB::sysDescr.0 = STRING: FreeBSD nssdx-mgmt 8.4-NETSCALER-12.0 > FreeBSD 8.4-NETSCALER-12.0 #0: Wed Sep 12 06:47:55 PDT 2018 > root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM[image: > https://issues.citrite.net/images/icons/mail_small.gif] > <root@sjcpbld84-64:/usr/obj/home/build/rs_120_59_5_RTM/usr.src/sys/NSSVM> > amd64 > > > > Then I add an snmptrap destination that uses this user: > > > > add snmptrap dest_server=10.91.31.244 user_name=test dest_port=162 > version=v3 > > And the queries fail with authentication failure: > > vyos@vyos:~$ snmpwalk - -v3 -l authPriv -u Netscaler -a SHA -A > 'testtest' -x AES -X 'testtest' 10.91.16.71:161 1.3.6.1.2.1.1.1 > > snmpwalk: Authentication failure (incorrect password, community or key) > > > > This time although the configuration is the same, snmpd internally has set > the wrong protocols: > > > > bash-3.2# fgrep 0x4e65747363616c657200 /var/mps/netsnmp/snmpd.conf > > usmUser 1 3 0x80001f88809c0a3f394b485c5600000000 0x4e65747363616c657200 > 0x4e65747363616c657200 NULL *.1.3.6.1.6.3.10.1.1.3* > 0x06be7a79a8108ccde730455187973c0719b3e460 > *.1.3.6.1.6.3.10.1.2.4*0x06be7a79a8108ccde730455187973c07 > 0x > > bash-3.2# gdb /usr/sbin/snmpd -p `cat /var/run/snmpd.pid` --batch > --command=/root/print_users.gdb | awk '/Netscaler/,/privKey:/' > > name: 0x801c6fac0: "test" > > secName: 0x801c6fad0: "test" > > *authProtocol: .1.3.6.1.6.3.10.1.1.2 << This means MD5* > > *privProtocol: .1.3.6.1.6.3.10.1.2.2 << This means DES* > > authKey: 0x6be7a79a8108ccd 0xe730455187973c07 0x19b3e46000000000 > > privKey: 0x6be7a79a8108ccd 0xe730455187973c07 > > > > > > Kindly provide assistance in resolving the case. > > > > Thank you > > Krishna Vivek > > > _______________________________________________ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users >
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
