Ok, I did it wrong. I'm looking for valid examples. For authPriv informs, what do the createUser and trapsess look like?
For authPriv traps, what do the createUser and trapsess look like? On 17-Jul-2020 1:40 PM, Atkins, Brian wrote: > > Also, if you use traps, the authoritativeEngineID will be the one on > the agent. That is the default, so there will be no need to specify a > -e argument on the createUser call. > > > > *From:* Atkins, Brian > *Sent:* Friday, July 17, 2020 1:38 PM > *To:* John Bize <jb...@godswind.org>; Colin Anderson > <colin.ander...@speakerbus.com>; net-snmp-users@lists.sourceforge.net > *Subject:* RE: SNMPv3 authPriv informs (trapsess) > > > > The authoritativeEngineID is specified on the createUser, not > trapsess. See http://www.net-snmp.org/docs/man/snmpd.conf.html > > > > *From:* John Bize <jb...@godswind.org <mailto:jb...@godswind.org>> > *Sent:* Friday, July 17, 2020 1:37 PM > *To:* Atkins, Brian <brian.atk...@netapp.com > <mailto:brian.atk...@netapp.com>>; Colin Anderson > <colin.ander...@speakerbus.com > <mailto:colin.ander...@speakerbus.com>>; > net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > *NetApp Security WARNING*: This is an external email. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > > Ok, > > So it appears that I should add: > > trapsess -e 0x80001F888001331F10B729FA5E00000000 -Ci -v3 -u > remoteUser -l authPriv 192.168.1.215 > > to /etc/snmp/snmpd.conf for v3 informs (without the -Ci for v3 traps), > and: > > createUser -e 0x80001F888001331F10B729FA5E00000000 remoteUser SHA > "authPass" AES privPass > > in /var/lib/snmp/snmpd.conf where > "0x80001F888001331F10B729FA5E00000000" is the engine-id of the receiver. > > Does that look right? Will that work correctly? > > > > On 17-Jul-2020 1:06 PM, Atkins, Brian wrote: > > Looking at Colin’s reply, I realize you may need to add the > createUser statements to the /var/lib/snmp/snmpd.conf file > directly, instead of /etc/snmp/snmpd.conf (these are Debian 10 > paths). It will replace them with usmUser statements, so you > shouldn’t need to delete anything. > > > > *From:* John Bize <jb...@godswind.org> <mailto:jb...@godswind.org> > *Sent:* Friday, July 17, 2020 1:02 PM > *To:* Colin Anderson <colin.ander...@speakerbus.com> > <mailto:colin.ander...@speakerbus.com>; Atkins, Brian > <brian.atk...@netapp.com> <mailto:brian.atk...@netapp.com>; > net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > *NetApp Security WARNING*: This is an external email. Do not click > links or open attachments unless you recognize the sender and know > the content is safe. > > > > Thanks Colin and Brian. > > I will give creating a new snmpd (agent) user with the remote > (manager's) engine-id a try. > > I was using net-snmp-create-v3-user from the libsnmp-dev package > to add users. Unfortunately, it does not support engine-id, so > I'll have to forgo that tool for this. > > Does anyone have an example of what the final trapsess looks like? > > > > On 17-Jul-2020 12:47 PM, Colin Anderson wrote: > > We came across this problem. > > > > There are 2 snmpd.conf files. “Your” one, in /usr/share/snmp/ > and an autogenerated one in /var/net-snmp/. This > autogenerated one stores the keys once they are generated. > You can add the passwords to the auto-generated snmpd.conf > file. (You can ignore the “Do not edit” warnings.) This file > will automatically delete the password entries once the keys > have been generated. This is mentioned in the wiki pages > somewhere. > > > > There are other issues with this file which you may come > across. We found that it seems to be written to with the > old/existing config as snmpd is closing. So your changes > could be overwritten. The file takes some playing with. > > > > Or depending how you’ve done it you can delete “your” > snmpd.conf file once snmpd has started. We create our > snmpd.conf just before we try to open snmpd and so the > passwords are only added then. We then delete the file once > snmpd is running. > > > > Hope this helps. > > > > Colin > > > > *From:* John Bize <jb...@godswind.org> > <mailto:jb...@godswind.org> > *Sent:* 17 July 2020 15:32 > *To:* net-snmp-users@lists.sourceforge.net > <mailto:net-snmp-users@lists.sourceforge.net> > *Subject:* Re: SNMPv3 authPriv informs (trapsess) > > > > Bump please. > > On 04-Jul-2020 10:11 AM, John Bize wrote: > > I have an embedded system running Debian 10 with snmpd v5.7.3. > > I'd like to configure SNMPv3 trapsess to send auth,priv > informs. How is this done *without putting clear-text > passwords *into the snmpd.conf file? > > Thanks. > > Image removed by sender. Twitter > <https://twitter.com/speakerbus>Image removed by sender. > LinkedIn <http://www.linkedin.com/company/speakerbus>Image > removed by sender. YouTube > <http://www.youtube.com/user/SpeakerbusTech?feature=watch> > > > ****************************************************************************** > > The contents of this e-mail and any attachments are > confidential and are intended solely for the attention and use > of the intended recipient. This message should not be copied > or forwarded to any other person without the express > permission of the sender. If you are not the intended > recipient, you are hereby notified that to disclose, copy, > distribute or retain this message or any part of it, is > strictly unauthorised and forbidden. If you have received this > message in error, please notify the sender by telephone or by > reply e-mail, and destroy the original message. Any views or > opinions presented are solely those of the author and do not > necessarily represent those of Speakerbus unless otherwise > specifically stated. We reserve the right to monitor all > e-mail messages passing through our network. > > Speakerbus Group plc - Head Office, Hanover House, Britannia > Road, Queens Gate, Waltham Cross, Hertfordshire, EN8 7TF, > England.Tel: +44(0)1992 807300 Fax: +44 (0)1992 807301 Company > Registration No 3330946 Home Page: http://www.speakerbus.com > > ****************************************************************************** > >
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
